ltm rule command IP intelligence
iRule(1) BIG-IP TMSH Manual iRule(1)
IP::intelligence
Return a Tcl list of IP intelligence category names for a given IP
address.
SYNOPSIS
IP::intelligence IP_ADDR
DESCRIPTION
This iRules command returns a Tcl list of IP intelligence category
names for a given IP address. It checks up to 3 (configured) IP
intelligence policies - global policy, policy attached to virtual
server and policy attached to route domain. If any of the policies use
IP reputation database, it will also be checked. This command is an
extention of the IP::reputation command, which checked only IP
reputation database available from external source. This new command
checks user defined IP classification configured in IP intelligence
policies, which get their lists of IP addresses and categories from
user defined feeds. Each policy can additionally use the legacy IP
reputation database, but is not required to.
The requirements for using IP address intelligence are: -- The system
must have an IP Intelligence license. -- The system must have an
Internet connection either directly or through a proxy server. -- The
system must have DNS configured (go to System > Configuration > Device
> DNS).
RETURN VALUE
Return a Tcl list of IP intelligence category names for a given IP
address
VALID DURING
EXAMPLES
# This irule can be used to test IP Intelligence dwbl (feed lists).
# if a request comes in with a URI query: ?ip=10.0.0.2, it returns the intelligence record.
# if no query is supplied, it returns the intelligence file. You can use this in the feed list configuration.
when HTTP_REQUEST {
set ip [URI::query [HTTP::uri] ip]
if { $ip equals "" } {
log local0. "Got a Feed List update request from [IP::client_addr]"
HTTP::respond 200 content {10.0.0.2,32,bl,spam_sources
10.0.0.3,,wl,botnets
10.10.0.12,,botnets
10.0.0.12,,,
10.0.0.13,,bl,
}
} else {
HTTP::respond 200 content "Reputation of $ip is: [IP::intelligence $ip]"
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.6.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)