Blocking unwanted IP addresses on F5
Description
A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers. Load balancers are used to increase reliability and capacity of the applications.
It is very useful to have a solution that is able to block IP addresses that are bugging your infrastructure by accessing applications located behind a load balancer.
This solution describes how to do block unwanted source IP addresses on F5 load balancer, version starting with 11.
Explanation
– We’ll create a new Data Group List named class_unwanted_ip which is of type Address.
– We’ll create a new iRule which will be associated with defined Data Group List.
– We’ll apply the iRule to specific virtual servers.
Implementation
Create a new Data Group List
Local Traffic -> iRules -> Data Group List -> Create Name of the Data Group List -> class_unwanted_ip and Type -> Address. After that Click -> Finished. Add/remove Hosts/Networks to the list by typing the address of the hosts/networks and by pressing add. When finish -> Update.
Create a new iRule
Local Traffic -> iRules -> Create Name -> unwanted_class_ip Definition -> place the following iRule when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals class_unwanted_ip] } { reject } } When finish Click-> Finished.
Apply iRule to the Virtual Server
Local Traffic -> Virtual Servers -> Virtual Servers List After that select the server on which you want to apply the iRule. Example: - Web -> Resources -> iRules -> Manage add from Available -> Enabled unwanted_class_ip iRule When you finish Click -> Finished.
Add/remove new Hosts/Networks to the class
If all above exists and you want to add/remove new IP hosts/networks you have to edit Data Group List
Local Traffic -> iRules -> Data Group List -> class_unwanted_ip and add/remove the desired host/networks. When you finish Click -> Update.
The rule is applied on the fly on the corresponding virtual server.
