Forum Discussion

crowe's avatar
crowe
Icon for Cirrus rankCirrus
Jun 23, 2020

ASM IP Exceptions

We are new to having ASM implemented on our main virtual servers, over the past couple months I keep having to add IP exceptions for for valid customer IP's that get blocked as "malicious". I assume ...
application delivery
ASM Advanced WAF
exception
malicious
valid
  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Jul 02, 2020

    You need to leave Alarm enabled for malicious IP - in such case you will have ability to monitor how it works and detect (but not prevent) possible attack

crowe's avatar
crowe
Icon for Cirrus rankCirrus
Jun 24, 2020

Hi Youssef, thanks for the reply. We do have IP intelligence enabled, so I take it when this happens that is what is causing the request to be blocked. I came in after this was all implemented and it was done by a third party consulting firm. We were told they did it using the learning procedures and once we started having the weekly whitelisting taking place they slowly stopped responding to my emails of concern.

 

It sounds like things need to go back to a learning mode to get this fine tuned. My colleague that worked with them is no longer with us so I'm trying to get caught up and lined out so we are not getting these false positives.

 

Would allowing these request via the ASM Utility as they are blocked cause it to learn and possibly line out or should we take it back to transparent mode to do so?

 

Thanks in advance.