Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

iRule to block IP for period of time.

THE_BLUE
Cirrostratus
Cirrostratus

I need to create iRule to block client IP if it met below condition :

  • if client try to do attack ex: sql injection 3 times

then i want to block this IP for 1 hour and after 1 hour the IP should be unblocked .

is it possible to do this?

1 REPLY 1

Hello Blue.

 

You can react to a ASM violation using an iRule. Some examples:

https://support.f5.com/csp/article/K15573541

https://support.f5.com/csp/article/K37744422

 

After that you could include that IP into a table variable with one hour of timeout. This table would be checked everytime you receive a request. I did a similar iRule here:

https://devcentral.f5.com/s/articles/iRule-for-Brute-Force-Password-Guessing-Attacks?page=6

 

Regards,

Dario.

 

 

Regards,
Dario.