Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

iRule Syntax to Block IP Address in AFM

kend
Nimbostratus
Nimbostratus

‎14-Oct-2020 08:28

I want to write an iRule that will look at the client IP address and block it in AFM based on a data group. Is there any iRule syntax to tell AFM to block the IP or add it to the denied list?

Labels:
0 Kudos
2 REPLIES 2

Andrew-F5
F5 Employee
F5 Employee

‎19-Oct-2020 07:52 - last edited on ‎04-Jun-2023 21:14 by Fog

See K10354610: BIG-IP AFM operations guide | Chapter 3: Firewall rules and ACL::action for additional details.

when FLOW_INIT {
  if { [class match [IP::client_addr] equals DG] } {
     ACL::action drop
  }
}

Is there any reason you want to do this specifically within AFM as opposed to just matching the data group and dropping without ever involving AFM?

when FLOW_INIT {
  if { [class match [IP::client_addr] equals DG] } {
     drop
  }
}
0 Kudos

kend
Nimbostratus
Nimbostratus
In response to Andrew-F5

‎19-Oct-2020 11:19

I wanted to have the ability to add the attacking IP to the denied list for a specified period of time instead of having the iRule have to continuously drop the traffic.

0 Kudos
Copyright © 2023 Khoros, LLC