Auto updates GeoIP database on Big IP.
Problem this snippet solves: Securely, auto updates multiple Big IP's, geoip database. Tested on Version 12.1.2, but should work for others. How to use this snippet: Must have PHP installed (tested on 7.0, 5.6 should work too) Install (on Ubuntu Server 12.04-16.04) sudo LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php sudo apt-get -y install php7.0 php7.0-common php7.0-cli php7.0-curl php7.0-mcrypt php-ssh2 php-zip Then just issue on the CLI: php geoip_updater.php <downloads.f5.com https geoip file url - on location page> <optional, md5 file url> Modify script to enter your servers ip, hostnames, and Auth settings. Testing updating 8 BigIP's, in under 5 minutes. Due to limitations in how the file is offered on downloads.f5.com, you have to get the filename before running the script. Code : http://bit.ly/2uqeAI5 Tested this on version: 12.1
GeoIP iRule redirects with switch
Hi All, I'm trying to create an 'all-in-one' iRule to handle a few things at once. Firstly I need to allow a few whitelists through (CDN, office addresses etc) then based on the GeoIP location redirect to either a pool or a different domain. I have the iRule working in a sense but for a reason unknown to me, redirecting to pools doesn't work - and may be related to how I've laid out the iRule. I have to include the switch because some of the Virtual Servers this applies to will need 10+ redirect entries to different websites, as does the elseif statements displaying content from the relevant pools. Although, if this works in the switch statement that will be easier to manage but I've tried to include pools in the switch statement and again, no joy. Basically, if it's not CDN and it's not in the whitelist > Redirect to a new URL or an active Pool based on the client IP. when HTTP_REQUEST { set countries [whereis [IP::client_addr] country] if {[class match [string tolower [HTTP::header value "Via"]] contains CDN_HEADERS] } { return } elseif {[class match [IP::client_addr] equals Whitelist]} { return } elseif {($countries equals "NL")} { pool NL-splash } elseif {($countries equals "RU")} { pool RU-splash } else { switch [whereis [IP::client_addr] country] { "UK" { HTTP::respond 301 noserver Location "https://www.google.com" } "US" { HTTP::respond 301 noserver Location "https://www.google.com" } default { return } } } } Thanks
GeoIP - Missing City and zipcode
Dear Expert, I tried to play with the whereisapi from a irule. Before continue, Please note all clients are connecting to the VS from Poland. I'm able to see the country code, the state but unfortunately i'm not able to see the zipcode nor the city. I did the upgrade for the GEOIP at the latest. Here's the output from the cli geoip_lookup 78.*.*.* opening database in /shared/GeoIP/v2/F5GeoIP.dat size of geoip database = 27204380, segments = 11125827, version = Copyright (c) F5 Networks Inc, All Rights Reserved GEOIP2 v1, 20170601 geoip_seek = 00ae00e0 geoip record ip = 78.*.*.* country_code = PL country_name = Poland region_name = Lubuskie continent_code = EU As a example i added the following log statement in the irule on HTTP_REQUESTevent when HTTP_REQUEST { log local0. "Got client: [whereis [IP::client_addr] country continent state city zip]" } However under /var/log/ltmi'm only able to resolve `: Got client: PL EU Lubuskie {} {}` Actually, the zip and country are missing on the GEOIP Database. I confirm that 100% of my request does not have both zip and city data. Here's my questions : Is it normal and due to the country itself ? What is the provider used ? I read somewhere Quova, however while trying a free lookup on their website, for the same IP, they were able to resolve both city and zip-code. Any advices ?
Testing IP redirect in an iRule
Hi Guys, I want to be able to test an iRule that redirects based on the IP that is detected. Following this guide: https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-7-geolocation I can block with the ASM just fine using a Custom XFF Header however this applies only to the ASM. When I try to use this with the iRule only logs the actual IP and behaves accordingly to the actual IP and not the Custom XFF header I can test ASM blocks with. Is there some way that I can simulate an international IP. The test environment does not have internet connectivity so an external proxy is not possible. I had hoped something I could alter in fiddler would do it? Thanks
F5 Big-IP-LTM GeoIP data source
Anyone know what the source is of the geo-ip data that is provided by F5 Networks? Industry standard seems to be maxmind - Maxmind is no longer providing an open-use Geo-IP database and is adopting a paid-model for enterprise. Will this impact F5's Geo-IP data updates? If they are already using the paid model and updates will continue, that'd be perfect..
Get rid of log requests from geo IP blocking
Our ASM log gets flooded with requests blocked from Geo IP blocking filter. This makes it hard to find important log events. I have not found any way to get rid of these alerts: In the blocking settings: We are now on version 12 hf2 but it has been the same since version 11.6. These alerts are also sent to remote log even though it's set to not alarm. Please advice.
Add GeoIP information to header
My team has been tasked with creating an iRule to just add the Geolocation to the header so that the application teams can store that in a database for future reports. None of us are well versed with iRules and are not sure how to even begin this process. Everything I'm finding on devcentral appears to be redirecting traffic based on GeoIP information. We do not want to affect any traffic, just want to add the information based on the URL they are accessing. Any assistance in getting started would be greatly appreciated. Thank youCan GeoIP data be customized to cover private address space?
We're getting our feet wet with AVR and have imported the GEOIP databases to be able to get some dashboard stats on where connections to Virtual Servers are originating from. Eventually we are planning to develop heat maps and to customize content based on this info. A number of our Virtual Servers are accessed by internal clients however and are showing up as unrecognized. I'd like to be able to manually define a network range and it's location. Anyone know of a method of doing this? Thanks!
