cancel
Showing results for 
Search instead for 
Did you mean: 

Drop or Blacklisting any source IP when request status is illegal or blocked

Denis_Jo
Nimbostratus
Nimbostratus

Hi all,

 

 

Do I have to drop or put to blacklist all requests by "source" IP addresses when they make 5 attacks requests in 5 minutes?

For example:

I have 5 attacks with status (Http protocol compliance field and Access from malicious IP address) from one and the same IP address and i want to drop each next request for the next 2 hours or move it to blacklist IP address.

1 REPLY 1

Ivan_Chernenkii
F5 Employee
F5 Employee

Hello,

 

You can do it via "Session Awareness" feature ("Security ›› Application Security : Session Tracking" page) - you just need to set your criteria and set "Block All" period... or you can put them into blacklist IP addresses, if you want.

 

Thanks, Ivan