block ip address to access ASM profile

Question

Hi,&nbsp;
I have hosted one application behind F5 ASM.my requirement is I want to block one ip only to access this application via ASM.all other application on different Virtual server still be accessible from same IP&nbsp;
thanks&nbsp;

hannes_rapp · Answer

ASM is not an IP-based firewall. Within ASM you can specify a set of trusted IP addresses in which case the signature-checks will not be executed. You can not define a list of blacklisted IP addresses as requested.
You have two sensible options, you should use AFM or LTM module. 
In case of a LTM solution, I'd recommend applying this iRule to the Virtual Server where you want a specific IP address to be rejected.
irule_ip_restrictions
when CLIENT_ACCEPTED {
    if { [IP::addr [IP::client_addr] equals 1.1.1.1/32] } {
      log local0. "Rejected Access, IP address: [IP::client_addr]"
      reject
    } else {
      log local0. "Permitted Access, IP address: [IP::client_addr]"
    } 
}

Forum Discussion

block ip address to access ASM profile

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

Related Content

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Deny access to F5 management from specific addresses

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

Zero Trust Application Access for Federal Agencies

Load Balancing Omnissa Unified Access Gateway with BIG-IP LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS