Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Extract blocked IPs by ASM with tmsh or irule

Hi, is there way to extract the list of IPs that were blocked by ASM in last 24 hours with tmsh or irule. The idea is to put top abusers in a global block list. Highly appreciate your suggestions. Thanks and br, Adnan

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

A couple of ideas:

  • You could use an iRule to extract IP address information from each ASM_REQUEST_BLOCKING event, push that information into a datagroup and then make that datagroup available as the content for a feed, which can then be queried by the system creating the global block list.

  • You can configure the ASM to send email reports on a periodic basis, sending them to a recipient system which consumes the reports and populates the global block list.

0