Installation and Configuration

The Netacea F5 integration detects bot activity and performs mitigating actions in line with the client blocking strategy.


To successfully integrate using Netacea, please ensure you have:

  1. Access to the relevant API keys and log shipping endpoints from Netacea.

Implementation Steps

  1. In the F5 console, head to the System > Resource Provisioning menu item.

2. Make sure the ‘iRules Language Extensions (iRulesLX)’ is ticked and has adequate provisioning assigned - 'Nominal' should be chosen.

3. Under ‘Local Traffic > iRules’ the LX-specific menu items should be present.

Upload workspace

  1. Head to iRules > LX Workspaces

  2. Click the ‘Import’ button.

3. Point the import to the workspace provided by Netacea, and call the workspace ‘Netacea'.

Installing f5-nodejs module

Note: When connecting through SSH you might end up in tmos rather than bash. You can see this on the command line if it contains the word tmos e.g.

username@(ip-172-31-10-207)(cfg-sync Standalone)(Active)(/Common)(tmos)#

In order to access the file location below you will need to switch to bash using the following command:

run /util bash

The nodejs library for iRules LX is NOT published to NPM ( and only resides on the F5 BIG-IP system. You can find further information on the f5 website here, as well as on NPM (

Due to this fact, a few short steps are required to ensure the workspace works as expected.

  • SSH onto your F5 node via a terminal

  • Change into the directory where your workspace resides. e.g. /var/ilx/workspaces/Common/your_module_name_here/extensions/netacea

  • Once you are inside the Netacea module make a directory named node_modules e.g. mkdir node_modules

  • Change into your newly created node_modules directory and unzip the f5-nodejs files by running the command tar -xvzf /usr/share/packages/nodejs/f5-nodejs-6.tgz

This will install the f5-nodejs module into the desired node_module folder and can be viewed in the F5 console.

Adding API Keys

  1. From the LX Workspaces view - click on the named workspace. e.g. ‘Netacea’

  2. Locate the config.json file and include the apiKey and secretKey for the workspace and click ‘Save File’ below

  3. Click the ‘Reload from Workspace...’ button which will then update the files within the workspace.

4. Ensure that there is no orange highlighted ‘workspace files’ afterward. This signifies they've changed since the last reload of the plugin.

API keys are always added and saved before you move onto ‘Activate Plugin’ - otherwise, it will fail to start.

Adding your NetaceaConfig.json

There are 5 fields that should be located in the NetaceaConfig.json file. An example can be found below:

"apiKey": "API_KEY", 
"secretKey": "SECRET_KEY",
"mitigationType": "MITIGATION_TYPE", // Either "INGEST" or "MITIGATE"
"ingestType": "KINESIS",
"mitigationServiceUrl": "MITIGATE SERVICE URL",
  "kinesis": {
  "kinesisStreamName": "KINESIS_STREAM_NAME",
    "kinesisAccessKey": "KINESIS_ACCESS_KEY",
    "kinesisSecretKey": "KINESIS_SECRET_KEY",
    "logBatchSize": 100,
    "maxLogAgeSeconds": 3

Activate plugin

  1. From the LX workspaces view - click the ‘LX Plugins’ tab, and then the ‘Create’ button

2. Call the plugin 'Netacea' and choose the workspace we just imported.

Enabling iRules

It’s worth noting that the F5 worker can ‘INGEST’ from the mitigate iRule. Enabling netacea_mitigate means that you do not need to have netacea_ingest enabled, as the mitigate iRule will also handle Ingest. This means that a user only then needs to update the “mitigationType” located within NetaceaConfig.json to switch between ingest and mitigate without changing the iRule itself.

  1. From the relevant virtual server view, choose the ‘Resources’ tab and then ‘manage’ iRule allocation.

2. Find the two Netacea iRules in the ‘Available' list, move the relevant iRule to the 'Enabled’ box, and set the desired priority. We recommend the highest priority where conflict will not occur.

netacea_ingest - this will just send request data to Netacea for analysis and will not take any action on live requests.

netacea_mitigate - this will send request data to Netacea and automatically mitigate identified threats according to your configuration.

F5 Datasheet -

iRules LX overview -

iRules LX API docs -

iRulesLX Streaming guide here:

Last updated

Copyright Netacea 2023