Forum Discussion
Dec 21, 2017
If you want to block across all sites you could add the IP to a tables blacklist:
when HTTP_REQUEST {
if { [class match [string tolower [HTTP::uri]] starts_with admin_uris] } {
User tried to access blocked uri, adding to black list and dropping it
This example will block the user for 10 seconds
table add blacklist_[IP::client_addr] 1 10
drop
} elseif { [table lookup -notouch blacklist_[IP::client_addr]] != "" } {
Previously blocked address, dropping.
-notouch means that the timeout won't be reset
drop
}
}
This is just a simple example. You could also add logic on how many attempts, increase the timeout if the user keeps it up etc. Tables are global so just add the rule to any virtual server you want to enforce the blacklist on.
/Patrik