Forum Discussion
MVPAdd address to IP Address Exception via REST API
Well you got me almost out of ideas.
The two things I will suggest as my final ideas:
%%%%%%%%%%%
You may see this post that I found if it helps as there could be way to add an Ip address to the ASM policy ip exceiption with ""ignoreIpReputation": true," (as I mentioned before if this can be done with REST-API the REST API call should be under the asm policy for ip exception not the IP intelligence):
My other suggestion is as you mentioned for now only the AFM supports custom feed lists other than "webroot" for some reason but you can still try adding one using the REST-API. F5 may have locked this or not if there is no AFM module but who knows:
https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_security_ip-intelligence_feed-list.html
%%%%%%%%%%%
MVPHi,
from my knowledge, when using ASM, IP Intelligence can be applied at three levels. Global and per Virtual. These settings are configured in Security ›› Network Firewall : IP Intelligence.
The third level can be configured per Security Policy, this can be configured in Security ›› Application Security : IP Addresses.
The posibility to use a feed list is only available with AFM provisioned.
Also looking at the ToC, as you suggested, I could not find a clue how to add an IP exception to an IP Intelligence Policy that is configured on the level of the ASM policy.
KR
Daniel
MVPUnfortunately, the solution you suggest is more sort of a workaround. I would need to extend it's logic to match certain URIs and apply different matching categories (Botnets, Denial of Service) on differnet URIs. This will quickly become a beast of an iRule.
Based on my requirements I would need to find a way to automatically update IP Intelligence Exceptions on a IPI policy that is applied on a per security policy basis.
As an alternative updating the IP Intelligence Exceptions on a IPI policy that is applied on a per VS basis would be also fine.
AFM and a feed list is not an option, I have only AdvWAF provisioned.
