Forum Discussion

Nimbostratus

Oct 13, 2015

block ip address to access ASM profile

Hi, I have hosted one application behind F5 ASM.my requirement is I want to block one ip only to access this application via ASM.all other application on different Virtual server still be access...

ASM Advanced WAF

BIG-IP Access Policy Manager (APM)

deployment

security

Hannes_Rapp

Nimbostratus

Oct 13, 2015

ASM is not an IP-based firewall. Within ASM you can specify a set of trusted IP addresses in which case the signature-checks will not be executed. You can not define a list of blacklisted IP addresses as requested.

You have two sensible options, you should use AFM or LTM module.

In case of a LTM solution, I'd recommend applying this iRule to the Virtual Server where you want a specific IP address to be rejected.

irule_ip_restrictions

when CLIENT_ACCEPTED {
    if { [IP::addr [IP::client_addr] equals 1.1.1.1/32] } {
      log local0. "Rejected Access, IP address: [IP::client_addr]"
      reject
    } else {
      log local0. "Permitted Access, IP address: [IP::client_addr]"
    } 
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)