iRule to block IP for period of time.

Question

I need to create iRule to block client IP if it met below condition :

if client try to do attack ex: sql injection 3 times

then i want to block this IP for 1 hour and after 1 hour the IP should be unblocked .

is it possible to do this?

dario_garrido · Answer

Hello Blue.&nbsp;You can react to a ASM violation using an iRule. Some examples:https://support.f5.com/csp/article/K15573541https://support.f5.com/csp/article/K37744422&nbsp;After that you could include that IP into a table variable with one hour of timeout. This table would be checked everytime you receive a request. I did a similar iRule here:https://devcentral.f5.com/s/articles/iRule-for-Brute-Force-Password-Guessing-Attacks?page=6&nbsp;Regards,Dario.&nbsp;&nbsp;

Forum Discussion

iRule to block IP for period of time.

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

About IPI check ip list

Related Content

MS Exchange ProxyNotShell block implemented via iRules

Block traffic

iRule - Block part of a query

domain blocking

Block IP after a number of ASM Blocks