Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

iRule Syntax to Block IP Address in AFM

kend
Nimbostratus
Nimbostratus

I want to write an iRule that will look at the client IP address and block it in AFM based on a data group. Is there any iRule syntax to tell AFM to block the IP or add it to the denied list?

2 REPLIES 2

Andrew-F5
F5 Employee
F5 Employee

See K10354610: BIG-IP AFM operations guide | Chapter 3: Firewall rules and ACL::action for additional details.

when FLOW_INIT {
  if { [class match [IP::client_addr] equals DG] } {
     ACL::action drop
  }
}

Is there any reason you want to do this specifically within AFM as opposed to just matching the data group and dropping without ever involving AFM?

when FLOW_INIT {
  if { [class match [IP::client_addr] equals DG] } {
     drop
  }
}

I wanted to have the ability to add the attacking IP to the denied list for a specified period of time instead of having the iRule have to continuously drop the traffic.