Showing results for 
Search instead for 
Did you mean: 

iRule Syntax to Block IP Address in AFM


I want to write an iRule that will look at the client IP address and block it in AFM based on a data group. Is there any iRule syntax to tell AFM to block the IP or add it to the denied list?


F5 Employee
F5 Employee

See K10354610: BIG-IP AFM operations guide | Chapter 3: Firewall rules and ACL::action for additional details.

when FLOW_INIT { if { [class match [IP::client_addr] equals DG] } { ACL::action drop } }

Is there any reason you want to do this specifically within AFM as opposed to just matching the data group and dropping without ever involving AFM?

when FLOW_INIT { if { [class match [IP::client_addr] equals DG] } { drop } }


I wanted to have the ability to add the attacking IP to the denied list for a specified period of time instead of having the iRule have to continuously drop the traffic.