is it possible to log the source ip of a request to a data set or a pattern set?

[Gijs Lemahieu1709159845]

Idea is to configure a responder policy and check if the http.req.url is listed in a pattern set (hosted on the netscaler itself), and if the condition is true => log the source ip to another pattern set.

Consequently, I can configure second responder policy, and verify if the source ip is listed in the first pattern set (filled up by the 1st responder policy). When the condition is true, i would block that request.

 

In that way, I would have some kind of auto block mechanism when someone (or something) tries to access specific url's (like /wp-admin or other similar stuff ...) that all subsequent request from that user would automatically be blocked

 

I don't know however, if it is somehow possible to fill up a pattern set as a responder action or a audit message action.

[CarlStalhood]

You can set Responder Policy to have an action of Drop.

 

Otherwise, use variables - https://docs.netscaler.com/en-us/citrix-adc/current-release/appexpert/variables/configuring-using-variables.html