Forum Discussion

crowe's avatar
crowe
Icon for Cirrus rankCirrus
Jun 23, 2020

ASM IP Exceptions

We are new to having ASM implemented on our main virtual servers, over the past couple months I keep having to add IP exceptions for for valid customer IP's that get blocked as "malicious". I assume ...
application delivery
ASM Advanced WAF
exception
malicious
valid
  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Jul 02, 2020

    You need to leave Alarm enabled for malicious IP - in such case you will have ability to monitor how it works and detect (but not prevent) possible attack

crowe's avatar
crowe
Icon for Cirrus rankCirrus
Jun 25, 2020

Hello Ivan,

 

  1. Yes, I have it set to autoupdate and it is staying current as you can see below:

 

Last time the server was contacted for updates   06/25/2020 14:05:08

Last time an update was received          06/25/2020 14:05:09

Total number of IP Addresses in the database          4473532

Number of IP Addresses received in the last update         37

 

2. I don't have any in the logs to look at the movement, I will make note as they come in regarding categories and take your advice on disabling it only one.

 

3. Thank you for pointing this out, I will start monitoring as valid blocks occur.

 

 

 

 

 

 

  • ragunath154's avatar
    ragunath154
    Icon for Cirrostratus rankCirrostratus
    Jul 01, 2020

    the F5 IP Intelligence is maintained by brightcloud(thirdparty)

    you may request them to whitelist the IP with proper reason.(not sure whether they will do for free or charge some amount)

    • crowe's avatar
      crowe
      Icon for Cirrus rankCirrus
      Jul 01, 2020

      It is always different IPs so I feel like there is something not set right with what the consultant setup in our policy etc. Thanks though for the idea.