Additional Lab 6 - IP Reputation -------------------------------- IP Reputation is a subscription-based service that provides an F5 BIG-IP with an active and upto date set of data for a known "bad actors". In this case we’re going to look at the source address (or in our test case an X-Forwarded-For HTTP header) to determine if this is a known bad guy. If you don’t already have an IP Reputation subscription, contact your local F5 representative for a time-limited evaluation license. Requirements ~~~~~~~~~~~~ - BIG-IP LTM, web server, and a client (command line cURL) The iRule ~~~~~~~~~ .. code-block:: tcl when HTTP_REQUEST { # Use [HTTP::header values "X-Forwarded-For"] for testing #set iprep_categories [IP::reputation [IP::client_addr]] set iprep_categories [IP::reputation [HTTP::header values "X-Forwarded-For"]] set is_reject 0 if { $iprep_categories contains "Windows Exploits" } { set is_reject 1 } if { $iprep_categories contains "Web Attacks" } { set is_reject 1 } if { $iprep_categories contains "Scanners" } { set is_reject 1 } if { $iprep_categories contains "Proxy" } { set is_reject 1 } if { $is_reject } { log local0. "Attempted access from malicious IP address [HTTP::header values "X-Forwarded-For"]($iprep_categories) - rejected" HTTP::respond 200 content "