Forum Discussion

aelkosairy_1840's avatar
aelkosairy_1840
Icon for Nimbostratus rankNimbostratus
Dec 02, 2015

redirect all the attack traffic to specific destination

Dears , I need someone help me in specific objective , I need IRule allow to F5 to redirect all the malicious traffics to specific destination instead of Block or Deny the traffic , so F5 only detect without take any action or even responds (block or deny or even display support page_ only redirect to specific Destination not more or less)

 

please help

 

3 Replies

  • Tzoori_Tamam_95's avatar
    Tzoori_Tamam_95
    Historic F5 Account

    Hi, Check out this article:

     

    ASM::unblock Wiki Page

     

    You can use HTTP::redirect instead of ASM::unblock in this case, or together with it. I'm sure you can play around with this example to achieve what you're trying to do.

     

    /tt

     

  • You can achieve this with a simple iRule.

    First you need to set up a pool which has a pool member which is the destination (IP address and port) where you need to send the malicious traffic.

    If you are not going to display a blocking page then you can keep your violations on "Alarm" instead of "Block". Then use an iRule like this one:

    when ASM_REQUEST_DONE
     {
        if { [ASM::status] equals "alarmed" } {
                log local0.debug "Request: [HTTP::method] [HTTP::uri] raised ASM violations and was sent to malicious traffic pool"
    
                send traffic to malicious traffic pool
                pool malicious_traffic_destination_pool         
            }
    }
    

    Hope this helps,

    Sam

  • Hi Aelkosairy,

     

    The answer to your question strongly depends on your detailed scenario. If you need a rather static HTML-Errorpage or a static HTTP-Redirect than you could simply configure the "Blocking Page/Redirect" settings within the ASM GUI. If you need some sort of dynamic HTML-Responses / HTTP-Redirects then you have to use additional iRules to overwrite the GUI based "ASM Blocking Page/Redirects".

     

    At first try to use the GUI based settings. If those settings are not suitable for your objectives, then elaborate some additional details on the logic you want to setup, so that we can push you in the right direction.

     

    Cheers, Kai