Forum Discussion

Nimbostratus

Apr 05, 2018

Access Control to URI based on IP with logging

I found a script to block access to a URI based on IP address list and modified it to allow multiple URI. I need to some way add logging so I can see what IP addresses are getting blocked. If anyone ...

Cumulonimbus

Apr 05, 2018

Hello,

you can just add log command in order to send logs you define in /var/log/ltm. This logs is send to your syslog server if you configure IT. Then you can just enter the following command in order to retrieve all blocked user:

more /var/log/ltm | grep 'Blocked'

or (for gz file)

zcat /var/log/ltm.1.gz | grep 'Blocked'

when HTTP_REQUEST {
if { [class match [HTTP::uri]] equals ibp-uri } {
    if { [class match [IP::client_addr] equals ifbyphone] } {
         Let the request pass...
    } else {
        HTTP::respond 403 content "Access Denied"
        log local0. "Blocked IP: [IP::client_addr]"
    }        
} else {
     Let the request pass...   
}
}

If you want to send this logs directly to your Syslog server you can use HSL (better performance). And you can easly set notification for this use case.

Regards

Forum Discussion

Access Control to URI based on IP with logging

Recent Discussions

F5 ASM logging profile to specify source IP

Portal Access to HTTPS resources slow

Cannot login to Avaya wanx using f5 apm network access

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

API Security: How to implement API Access Control with F5

JWT authorization with NGINX Ingress Controller

Access Logs - Invalid Tenant

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Egress control for Kubernetes using F5 Distributed Cloud Services