Follow

Q&A: It is possible to insert a header in HTTP requests and indicate their threat categories instead of blocking them via the Threat intelligence Profile?

 

Question

  • It is possible to insert a header on HTTP requests and indicate their threat categories instead of blocking them via the Threat intelligence Profile?

Environment

  • Silverline WAF/DDoS
  • Proxy
  • Threat Intelligence Profile
  • iRule 

Answer

Yes, an iRule can be implemented to insert "X-F5-TI-Reputation" or a custom header of your choice, along with the threat category/categories for the IP address. 

iRule

when HTTP_REQUEST priority 350 { 
      HTTP::header insert X-F5-TI-Reputation [IP::intelligence [IP::client_addr]]
}
  • Conditions:
    • The associated Threat Intelligence profile will have to allow certain or all threat categories 
      • By allowing categories, HTTP request can be forwarded to the backend application instead of being blocked by the Threat Intelligence Profile
    • The backend application will decide what to do with the requests of IP addresses categorized as a threat 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request