WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

F5 Geo IP blocking iRule



By   WirelessPhreak      Sunday, March 23, 2014      Labels: ,  

Update coming soon a more advanced irule that accounts for rfc1918 ip space as well as data groups that allow multiple geoip country codes.

This iRule will allow you to block requests to your website from IP address that are not from the US. GeoIP blocking is flexible and a way of white listing traffic to your servers.  It does have it's limitations though.

GeoIP Databases change all the time.  To keep the F5   GeoIP database up to date wouldn't be practical.

Some may consider this a security measure. But to limit IP traffic from a limited geographic area is not an affective security measure. Real bad guys will proxy or use un willing victims to carry out their attacks.

when CLIENT_ACCEPTED {
if {not ([whereis [IP::client_addr] country] eq "US")}{
reject
}
}

The following is a list of Country Codes you can test with.


About WirelessPhreak

Just your everyday Packet Wrangler who enjoy's traveling and anything techie...


Magic Candle Company

Disney Park withdrawals?

Click on the image and get 10% off!

Join the EFF

Join the EFF
#privacy #digitalrights

Contact Me

Name

Email *

Message *