Can Silverline block IP Ranges?


Can Silverline block IP Ranges?



  • Silverline
  • WAF
  • DDoS


Yes this is possible with following methods:

Option 1: With use of IP denylist

This option is the preferred option in case you would like to block the IP against all GRE tunnels and/or Proxies

Note: You can use to transfer IP range to CIDR

1. Navigate to Config > IP Management > IP Denylist

2. Click add and input your CIDR range after calculation



More Info:


Option 2: With an iRule

This option is preferred in case you would like to block thee IP against only some of the Proxies

Using for example:

when HTTP_REQUEST priority 305 {
if { ([class match -- [IP::client_addr] equals [call ag_info0::datatable_name Your_ip_datatable]]) } {
set agl [call ag_log0::open -rulename IP_Denylist -rulever 1]
call ag_log0::http_kvp $agl INFO action "IP blocked"
HTTP::respond 403 content {<html><body><h1>Unauthorized</h1></body></html>} noserver Connection close

This iRule will block traffic based on source IP address and send a HTTP response that also can be modified.

In order to deploy iRule, create ticket with SOC and provide the following:

1. Name for your iRule.

2. Name for the IP datatable.

In order to block IP range with this method, you will be able to input your IP CIDR once calculated into your IP datatabe like:



More info: Q&A: What iRules are Supported by Silverline?


Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request