F5 iRules

DataDome F5 iRules integration detects and protects against bot activity.

This module is dedicated to be used on F5 iRules engine, for example at Big IP.

Before the regular process starts, an event is triggered and processes the DataDome logic in the iRules engine.

The module makes a call to one of our Regional Endpoints using a KeepAlive connection. Depending on the response, the module either blocks the request or allows the regular process to proceed.

The module has been developed to protect the visitors' experience: if any errors were to occur during the process, or if the timeout is reached, the module will automatically disable its blocking process and allow the regular process to proceed.

How to install and configure

  1. Login to your Admin console
  2. Download the latest distribution from the link here
  3. Create the iRule DataDome-SSL-Helper.tcl over: Local Traffic -> iRules -> iRule List -> +
  1. Create a new virtual server (Local Traffic -> Virtual Servers -> Virtual Server List -> +) with some un routed IP as destination IP and some unusual port. At "Source Address Translation" select "Auto MAP", attach HTTP profile.
  1. Create a new pool that includes the closest API endpoint.
  1. If you would like to establish an SSL connection between Big IP and the DataDome API, only use the server SSL profile:

You need to attach DataDome-SSL-Helper iRules to this virtual server:

  1. Upload the DataDome.tcl iRules, and create the actual License key and virtual server in iRules. If you would like to use a javascript injection you should also un-comment this block and replace the JS Key.

8, You need to enable the streaming profile on the virtual servers for which you would like to use DataDome. To do that, go to Configuration, switch to Advanced and select any stream profile. Default stream is accepted.

  1. Attach DataDome iRule to your preferred application or virtual server.

Congrats! Your website is ready to be protected!

Settings

Setting

Description

Required

Default

DATADOME_LICENSE_KEY

Your DataDome License key

Yes

DATADOME_TIMEOUT

The request timeout for DataDome API, in milliseconds

Optional

150

DATADOME_URI_REGEX

Processes matching URIs only

Optional

DATADOME_URI_REGEX_EXCLUSION

Ignores all matching URIs

Optional

exclude static asset

DATADOME_js

A piece of JS code for injecting the DataDome tag to the page
(see https://docs.datadome.co/docs/protect-singlepage-app#ajax-listener)

Optional

FAQ

Can I have multiple iRules on my virtual server?

Yes, you can attach multiple iRules to a single virtual server and they will be executed following the defined order.

Although it is very difficult to control the GUI, it is made possible through BigPipe.

You can update all iRules by assigning priority.

Two syntaxes are supported:

  1. Setup a global priority to the complete iRule
priority nnn
when <event_name> {
...
}

when <event_name> {
...
}
  1. Setup a local priority to a specified iRule's event:
when <event_name> priority nnn {
...
}

when <event_name> priority nnn {
...
}

It is possible to use a mix of both, but the second syntax will overwrite the first one.

Note that nnn is a value from 1 to 1000. By default each event has a value of 500.

Events are executed in order of priority from 1 to 1000. If more than one event have the same priority, they will be executed following the defined order.

Can I add another filter like a Host Header into the condition when DataDome is executed?

Yes, you can. You need to add your condition inside the HTTP_REQUEST event after set datadome_matched 0.

Updated about a month ago

F5 iRules


DataDome F5 iRules integration detects and protects against bot activity.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.