iRule with Client Detection

Question

Hi guys,&nbsp;
I have a question regarding an iRule which should work as an BFP.&nbsp;
I want to create an iRule which works as an BFP and identifies the user by three parameters:&nbsp;
1) IP_Address
2) User_Agent
3) Platform&nbsp;
For every wrong login attempt the iRule should write these information about the user in a table.
If the user fails the authentification 10 times in a row the user should be blocked for a specific time.&nbsp;
Now the Questions:
The ASM has an built in Client Detection and I am wondering if I can user this function in the iRule to gather information about the user.&nbsp;
If not, is there any decent way to to save these information in a object or some other datatype which contains all of these information.&nbsp;
I would appreciate if anyone has some hints or solutions regarding this topic.&nbsp;
Thank you very much.&nbsp;

sequaja_338277 · Answer

My Code right now:&nbsp;when RULE_INIT {
set static::maxloginfailures 10
set static::bantime 200
set static::blacklist_tab  "IPBlacklist"
set static::userfail_tab   "LoginFailures"
}

when CLIENT_ACCEPTED {
set clientip [IP::client_addr]
set client_UserAgent [ACCESS::session data get session.user.agent]
set client_Platform [ACCESS::session data get session.client.platform]
if { [table lookup -subtable $static::blacklist_tab $clientip] == 1 } {
    reject
    return
} }

when AUTH_FAILURE {
if {[table lookup -subtable $static::userfail_tab $clientip] &gt; $static::maxloginfailures} then {
table set -subtable $static::blacklist_tab $clientip 0 indef $static::bantime 
table delete -subtable $static::userfail_tab $clientip
}
if { [table lookup -subtable $static::userfail_tab $clientip] != 1 } then {
table set -subtable $static::userfail_tab $clientip 0 indef indef
} else {
table incr -subtable $static::userfail_tab $clientip 
}
}

when AUTH_Success {
table delete -subtable $static::userfail_tab $clientip
}

stanislas_piro2 · Answer

Hi,&nbsp;
What product are you using?&nbsp;
In the irule, you use APM commands but not APM events!&nbsp;

Forum Discussion

iRule with Client Detection

2 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

About client profile (apm-forwarding-client-tcp)

Using iRule to prompt for Client SSL Cert

Irule client certificate check against ldap value

External user client Citrix Receiver detection failing for Chrome and Firefox

Big IP Edge Client Issue