Hi A10 vADC Community,
I would like to share to the A10 vADC community a custom aFleX script created by an A10 SE(Jose S.). This aFleX script mitigates and protects the A10 ADC from BruteForce attacks. This is a very useful script and customizable based on parameter preference. I strongly suggest to implement this script in any of your deployments.
Genard
------------ Copy from here------------- when RULE_INIT { set ::intentosmax 3 set ::holdtime 120 } when HTTP_REQUEST { set srcip [IP::remote_addr] if { [table lookup “failedlogins” -notouch $srcip] equals “$::intentosmax” } { HTTP::respond 200 content “Stop hacking!!! [table timeout “failedlogins” -remaining $srcip] seconds” log “Loging blocked for ip:$srcip > remaining: [table timeout “failedlogins” -remaining $srcip]s” } }
when HTTP_RESPONSE { if {[HTTP::header exists “Location”]} { if {([HTTP::header “Location”] ends_with “/welcome.cgi?p=failed”)} { if { [table lookup “failedlogins” $srcip] != “” } { table incr failedlogins $srcip table timeout “failedlogins” $srcip $::holdtime } else { table add failedlogins $srcip 1 $::holdtime } log “Login detected from ip:$srcip Accumulated:[table lookup failedlogins $srcip]>remaining: [table timeout “failedlogins” -remaining $srcip]s” } } } ------------ Copy to here-------------
You Can adapt it to work with any failure condition, in this case we look for a redirect to “/welcome.cgi?p=failed” …in your case it can be a 403 or any other value within the response.
Just change this “if” condition:
if {([HTTP::header “Location”] ends_with “/welcome.cgi?p=failed”)}