Sideband for connections that are not going to a pool?

Hi There! I'm trying to inject a sideband check that queries an internal server for dns blacklisting on the source IP addresses. Because I'm not using pools (low traffic legacy websites) I'm trying...

application delivery

devops

iRules

Aaron_Forster_3

Jan 24, 2014

I would use a datagroup for the URL lookup instead of statically modifying the iRule every time you need to make a change. You could do the side band connection in client_accepted like kevin states, then you don't have to continue processing for blacklisted IPs.

when CLIENT_ACCEPTED {
    set clientAddress [IP::client_addr]

     Do sideband connection like described here
    https://devcentral.f5.com/wiki/irules.sideband-connection-http-example.ashx

    if { sideband tells us this is a bad IP address } {
         Drop it on the floor.
        drop
    }

     If it's not a blacklisted IP we let it continue

}
when HTTP_REQUEST {
    class match here for destination IP based on [HTTP::host]
    https://devcentral.f5.com/wiki/irules.class.ashx
}

Here's a more elaborate access control iRule which uses data groups instead of a sideband connection

https://devcentral.f5.com/wiki/iRules.AccessControlBasedOnNetworkOrHost.ashx

Forum Discussion

Sideband for connections that are not going to a pool?

Recent Discussions

F5 APM RDP

F5 - System Times of Devices Do Not Match

Application drop down menus does not work behind F5 APM Portal Access

GTM zone record mismatch

Ipsec.lookupspi database variable

Related Content

iRules LX Sideband Connection

iRules LX Sideband Connection - Handling timeouts

F5 Essential App Protect: Go !

Alternative Solution To Sideband Connection

Populating Tables With CSV Data Via Sideband Connections