Forum Discussion

4 Replies

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Jan 18, 2017

    Hello,

     

    It's not an open format that you can freely edit, but a proprietary 3rd party service that F5 is using in BigIP. You can use it as-is, or not use it at all. Alternative GeoIP deployments in BigIP are not supported.

     

    If it's of major importance, you can look into using a solution to over-ride the ASM-produced Syslog messages on an external device. On-appliance, I'm afraid there's nothing you can do.

     

  • spud_141786's avatar
    spud_141786
    Icon for Nimbostratus rankNimbostratus
    Jan 18, 2017

    Specifically, I am looking for an "Ignore Geolocation" on a per IP / per prefix basis, similar to the IP Address Exceptions configuration shown below:

     

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jan 18, 2017

    Hi,

    you can try this irule to unblock requests based on the geolocalisation violation and the IP address in a data group

    when HTTP_REQUEST {
    set disable_geolocalisation 0
    if {([class match [IP::client_addr] equals "DG_Client_IP" ])} {
        set disable_geolocalisation 1
    } elseif {[info exists AllowedGroups]}{
        set disable_geolocalisation 0
    }
}

when ASM_REQUEST_DONE {
    if {$disable_geolocalisation} {
        if {[llength [ASM::violation names] == 1 && [lsearch -exact VIOL_GEOLOCATION [ASM::violation names]] == 1 } {
            ASM::unblock
        }
    }
}
  • Paul_Love_70462's avatar
    Paul_Love_70462
    Icon for Nimbostratus rankNimbostratus
    Jan 29, 2018

    We are currently using a rule to redirect to sites local in EU and need to exempt items from geolocation processing. This only works for items you are processing in a Irule but might help

     

    when HTTP_REQUEST {

     

    ranges

    if [IP::addr [IP::client_addr]/30 equals 212.146.95.34] {return}

     

    Whitlisted address

    if { [IP::client_addr] equals "212.18.1.146" } {return}

     

    set country [whereis [IP::client_addr] country] switch $country { "AL" - "BY" - "BA" - "BG" - "CZ" - "GB" - "GE" - "GR" - "HR" - "HU" - "IE" - "MD" - "ME" - "RO" - "RS" - "SK" - "TR" - "UA" { HTTP::respond 301 Location "(https://someplace.eu); event HTTP_REQUEST disable } }

     

    I think you could add functionality to force a selection with something like this but I haven't tested it.

     

    if { [IP::client_addr] == "Your.IP.Address"} { set [whereis [IP::client_addr]] "FR" }

     

    or perhaps use a set country "FR" of course you could use other geo subdivisions as well