How to Use Pattern Sets and Advanced Expressions to Block IP Addresses on NetScaler

How to Use Pattern Sets and Advanced Expressions to Block IP Addresses on NetScaler

book

Article ID: CTX131725

calendar_today

Updated On:

Description

To use pattern sets and advanced expressions to block IP addresses on NetScaler, complete the following procedure:

  1. Run the following commands to create the Pattern Sets and add IP addresses to the set:
    add policy patset BadIPs
    bind policy patset BadIPs 10.14.211.217
    bind policy patset BadIPs 10.14.211.218
    bind policy patset BadIPs 10.14.211.219

  2. Run the following command to create the policy expression based on the client IP:
    add policy expression CIS "CLIENT.IP.SRC +\"\""

  3. You can refer to the named expression by name and call it within the responder policy. Therefore, run the following commands:
    add responder policy BlockBadIPs "CIS.EQUALS_ANY(\"BadIPs\")" RESET
    bind responder global BlockBadIPs 50 END -type REQ_DEFAULT

    Or bind it to a virtual server depending on your requirement.

Notes:

  • You require NetScaler software version 9.3 or later with administrative access to complete the preceding procedure. This procedure is not valid for NetScaler version 9.2 or earlier.

  • There is a limit to the number of IPs, however the number is not definitive. It is currently around 10,000.

  • These entities in the pattern set are essentially strings so they are only going to be hosts not networks.

    Issue/Introduction

    This article describes how to use pattern sets and advanced expressions to block IP addresses on NetScaler.
    Powered by Wolken Software