Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

iRule to block IP for period of time.

THE_BLUE
Cirrostratus
Cirrostratus

‎29-Dec-2020 09:26

I need to create iRule to block client IP if it met below condition :

  • if client try to do attack ex: sql injection 3 times

then i want to block this IP for 1 hour and after 1 hour the IP should be unblocked .

is it possible to do this?

Labels:
0 Kudos
1 REPLY 1

Dario_Garrido
MVP
MVP

‎29-Dec-2020 13:43

Hello Blue.

 

You can react to a ASM violation using an iRule. Some examples:

https://support.f5.com/csp/article/K15573541

https://support.f5.com/csp/article/K37744422

 

After that you could include that IP into a table variable with one hour of timeout. This table would be checked everytime you receive a request. I did a similar iRule here:

https://devcentral.f5.com/s/articles/iRule-for-Brute-Force-Password-Guessing-Attacks?page=6

 

Regards,

Dario.

 

 

Regards,
Dario.
0 Kudos
Copyright © 2023 Khoros, LLC