Q&A: It is possible to insert a header in HTTP requests and indicate their threat categories instead of blocking them via the Threat intelligence Profile?

Question

• It is possible to insert a header on HTTP requests and indicate their threat categories instead of blocking them via the Threat intelligence Profile?

Environment

• Silverline WAF/DDoS
• Proxy
• Threat Intelligence Profile
• iRule 

Answer

Yes, an iRule can be implemented to insert "X-F5-TI-Reputation" or a custom header of your choice, along with the threat category/categories for the IP address. 

iRule

when HTTP_REQUEST priority 350 { 
      HTTP::header insert X-F5-TI-Reputation [IP::intelligence [IP::client_addr]] 
}

• Conditions:
  • The associated Threat Intelligence profile will have to allow certain or all threat categories 
    • By allowing categories, HTTP request can be forwarded to the backend application instead of being blocked by the Threat Intelligence Profile
  • The backend application will decide what to do with the requests of IP addresses categorized as a threat 

Related Content

• Internal content!!!! please remove before publishing to "Signed-In Users" under "Visible to"
  • https://defensenet.atlassian.net/browse/PROXY-3855
  • https://defense.zendesk.com/agent/tickets/84288