Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

traffic flow between IPI, application security policy, bot detection, DoS protection, irule, and geolocation

JohnChen
Nimbostratus
Nimbostratus

‎18-Nov-2021 09:12

I want to know how the traffic flow between IPI, application security policy, bot detection, DoS protection, irule, and Geolocation (using irule for Geolocation).

I am using Global IPI (mean IPI does not attached to any VS) and have an irule for Geolocation and only have module ASM and LTM (No APM and AFM).

I understand that irule can be arranged by the order.

The application security policy, bot detection, DoS protection, irule are attached to VS.

Here is what I understand the traffic flow.

The traffic hits Global IPI -> reached VS for irules in order (including Geolocation, I always put Geolocation at first place) -> Application security policy -> DoS -> Bot detection.

Is this correct? Or will application security policy , Dos, Bot detection happen at the same time?

What is the best practice for Geolocation? Using an irule for Geolocation or using Geolocation in application security policy?

 

 

 

 

Labels:
0 Kudos
3 REPLIES 3

Daniel_Wolf
MVP
MVP

‎18-Nov-2021 10:55 - last edited on ‎24-Mar-2022 01:12 by Fog

Hi ,

 

I think this picture explains it good.

0691T00000F7FjyQAF.pngThis picture assumes that IPI is working in L3 mode. If IPI is working in L7 mode, it is later in the chain.

iRule are difficult, because they operate on events, which can be IPI events, bot defense actions, ASM events, L7DOS events and so on. So they can happen at every point in this chain.

 

Does this answer your question?

 

KR

Daniel

0 Kudos

JohnChen
Nimbostratus
Nimbostratus

‎19-Nov-2021 08:31

Can you guide me to the F5 documentation for the picture you post here?

 

0 Kudos

Daniel_Wolf
MVP
MVP
In response to JohnChen

‎19-Nov-2021 10:43

I found a similiar picture in the labs of F5 Agility 2021 conference. Here: https://clouddocs.f5.com/training/community/waf/html/waf141/waf141.html

 

Also it can be concluded from reading this: https://support.f5.com/csp/article/K07359270

 

And since I am used to read from left to right, I adjusted the picture for my convenience.

Attacker on the left, target on the right.

0 Kudos
Copyright © 2023 Khoros, LLC