ASM 11.1 IP Whitelist/Blacklist

So IP Enforcer is not a whitelisting or blacklisting tool, it is actually designed to detect IP addresses that are tripping multiple violations over a short period of time. So really to detect something like scanning of the web application.

 

 

I don't think there is anything in 11.1 but starting in 11.2 they introduced IP Exceptions which would allow to whitelist an IP or subnet for multiple different ASM protections in one place.

 

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-2-0/2.html?sr=27686485

 

You can do this under certian individual protection in prior versions.

 

 

What is it that you are trying to whitelist an IP or subnet from getting caught under on the ASM?

 

Hi Mike,

 

 

Thanks for the clarification. Yeah, I heard 11.2 has the IP exceptions feature. I'm trying to whitelist a subnet from getting caught under a specific policy to avoid creating a lot of false positives because this subnets runs some constant scans on the website, by scan a mean just a regular request from time to time, not like a vulnerability scanning. I think I'll have to update my ASM.

 

 

Thanks a lot!