In this topic about solution F5 using iRules to check source client IP address from HTTP header x-forward-for and f5 query IP address from x-forward-for to geo-database for check country name, In case match with blacklist country, F5 action drop packet from client

Step1: Diagram Traffic flow for this case

Step2: In case you known about source client IP, You can using command for check country from client IP with command “geoip_lookup -f /shared/GeoIP/v2/F5GeoIPRegion2v2.dat x.x.x.x”

Result: Current source client IP country is US

Step3: Create iRules data-group for add blacklist country

Step4: Create iRules for check blacklist country and apply to virtual servers

when HTTP_REQUEST {
log local0. “Client IP: [HTTP::header value “X-Forwarded-For”] >>> Step0″
if { [HTTP::header exists “X-Forwarded-For”] } {
log local0. “Client IP: [HTTP::header value “X-Forwarded-For”] >>> Step1″
set client_ip [HTTP::header value “X-Forwarded-For”]
set fromCountry [whereis $client_ip country]
log local0. “Client IP: $client_ip Country: $fromCountry >>> Step2”
if { ( [class match $fromCountry equals Blocked_Countries]) }{
drop
log local0. “Drop Client IP: $client_ip Country: $fromCountry >>> Step3”
}
}
}

Step5: We try to test with client from country US to virtual server, We display logs with command “tail -f /var/log/ltm” and found that logs match on step2 because in data-group that we add country name = test

Step6: We try to change string in iRules data-group from test to US

Step7: We try to test again and found logs iRules matching condition drop

 932 total views,  3 views today

Related Posts

  • F5 release IP geolocation database on F5 website: https://downloads.f5.com, You can download database update by following step below, We would like to provide 10 Steps for install and update IP geolocation database, Step1: Access website https://downloads.f5.com Step2: Click "Find a Download" Step3: Select BIG-IP version that you using for download…
    Tags: step, ip, geolocation, command, traffic, manager, networks, local, global
  • 1. Go to GUI > System > Certificate Management > Traffic Certificate Management > SSL Certificate List 2. Click import button 3. Select drop-down import type=Key, Fill in Key name and upload key to F5 4. Click new certificate key name that we created on step3 5. Click import button…
    Tags: networks, local, traffic, manager
  • Function load balancer help you to improve about stability, flexibility and scalability to your system services, F5 health check to service on server before distribute traffic to server for reduce unstable servers to users Step1: Go to menu Local Traffic > Pools > Pool List > Create Step2: Fill in…
    Tags: traffic, step, ltm, local, manager
  • In this topic, We would like to provide step to create IPv6 address on F5 BIG-IP via GUI web management and command line, we hope this information will help you to understand step create IPv6 address on F5 Step1: Create VLAN for IPv6 Address, GUI > Networks > IPv6 and…
    Tags: step, command, local, networks, traffic, manager
  • We found many environment require solution asymmetric route traffic via virtual server F5 BIG-IP, Today we would like how to setup profile for support asymmetric route on F5 BIG-IP, As i found this option that relate with fastl4 profile, Please enable option loose initiation and loose cloase, Local Traffic  ››  Profiles : Protocol : Fast L4  ››  fastL4…
    Tags: traffic, local, networks, manager