Drop or Blacklisting any source IP when request status is illegal or blocked

Question

Hi all,&nbsp;&nbsp;Do I have to drop or put to blacklist all requests by "source" IP addresses when they make 5 attacks requests in 5 minutes?For example:I have 5 attacks with status (Http protocol compliance field and Access from malicious IP address) from one and the same IP address and i want to drop each next request for the next 2 hours or move it to blacklist IP address.

ivan_chernenkii · Answer

Hello,&nbsp;You can do it via "Session Awareness" feature ("Security&nbsp;››&nbsp;Application Security : Session Tracking" page) - you just need to set your criteria and set "Block All" period... or you can put them into blacklist IP addresses, if you want.&nbsp;Thanks, Ivan

Forum Discussion

Drop or Blacklisting any source IP when request status is illegal or blocked

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

With the ASM, can illegal requests be CSV exported?

Distributed caching of authentication requests with NGINX Ingress Controller

Logging DNS Requests

BIG-IP AFM Blacklisting Magic

F5 AWAF - bypass request based on the pressence of a request header - value