Forum Discussion
hooleylist
Dec 03, 2010Cirrostratus
Hi James,
If the performance for loading the blacklisted IP's is too low, you could consider annother option that someone recently tried:
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/afv/topic/aft/1174760/aff/5/showtab/groupforums/Default.aspx
Basically, you could set up a web app which accepts an HTTP request with the client IP set in the query string. The server would respond with an HTTP header indicating whether the client IP was blacklisted or not. Depending on that response you could allow the request through to the pool or drop the request. You'd use an iRule with HTTP::retry to send the sideband request to the blacklist server. See the linked post and the article from Deb in that post for details.
Aaron