Forum Discussion

Wackitron_36350's avatar
Icon for Altocumulus rankAltocumulus
Feb 01, 2019

Automate the IP whitelist creation in bulk for the ASM Polciy via iControl REST

Hi F5 Fraternity,

I am trying to create/update the IP whitelist for a ASM Policy. I am using below POST icontrol REST API call via Postman using Basic Auth:

**POST:** https://{{bigip-dev_mgmt}}/mgmt/tm/{{module}}/policies/{{asm_policy_hash}}/whitelist-ips
            "ignoreIpReputation": true,
            "blockRequests": "policy-default",
            "ignoreAnomalies": false,
            "neverLogRequests": false,
            "ipAddress": "",
            "description": "Tango",
            "kind": "tm:asm:policies:whitelist-ips:whitelist-ipstate",
            "neverLearnRequests": false,
            "ipMask": "",
            "trustedByPolicyBuilder": false
Content-type: application/json   

This one does the Job but it adds just one IP. I have like some 40-50 IPs that I need to add to the ASM IP address exception. Is there any way of adding the entire list of IPs as a body doing just one API call?

I appreciate the help in advance.

2 Replies

  • Can I ask if the IPs are representable in CIDR notation? Or are they totally random/unique? Because if it's the former, this can be done without any code from the ASM console from the address exceptions menu. If not, I am happy to work with you and craft a script to do this using the Python SDK for F5 as I would have some use for that, too. That said - it will probably involve looping through API calls so not sure if that will be feasible for you based on what you said about needing to do so in the body of a single request.


    • christopherlloy's avatar
      Icon for Altostratus rankAltostratus

      Cameron, I am trying to do something similar in python using curl through the os module. The same curl command works from the CLI, but from python I get " Unkown field 'ignoreIpReputation' ". Deleting that field as a test, another field shows up as unknown. Here is the curl command:


      curl -k -u UN:PW -H "Content-Type: application/json" -X POST -d '{"ignoreAnomalies":false,"trustedByPolicyBuilder":false,"description":"Baseline","neverLearnRequests":true,"ipMask":"","ignoreIpReputation":true,"neverLogRequests":true,"ipAddress":"","kind":"tm:asm:policies:whitelist-ips:whitelist-ipstate","neverBlockRequests":true}'


      Any help would be greatly appreciated. This is on ASM v11