Temporarily block IP address -

Question

We've been pretty successful blocking rogue players using a DataGroup and a simple iRule. However, now the goal is to populate this DataGroup dynamically, blocking and unblocking on a schedule, or timer. 
Is anyone aware of the ability to set 'timers' for something like this ?&nbsp;

crodriguez · Answer

If you are licensed for BIG-IP Advanced Firewall Manager (AFM), it provides the functionality you are looking for via its IP Intelligence features. I can't think of a way to do this easily or effectively with an iRule - at least not without severely limiting performance - but perhaps someone else has a suggestion.

lee_sutcliffe · Answer

Simple example, but you could do something like this to define your schedule. 
Needless to say, if you want a more complicated schedule you'd need to have more complicated conditions e.g. $curTime is greater than timeA and less than timeB 
set curTime "[clock format [clock seconds] -format %H%M%S]"
set pm 120000

if { $curTime &lt; $pm } {
     It's AM - Do something
} elseif { $curTime &gt; $pm } {
     It's PM - Do something
}

Forum Discussion

Temporarily block IP address -

2 Replies

Recent Discussions

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Block traffic

domain blocking

Decoding the IPv4 address from the persistence cookie

CSV to Address External Datagroup File

Block IP after a number of ASM Blocks