For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JamesS_40157's avatar
JamesS_40157
Icon for Nimbostratus rankNimbostratus
Jan 03, 2012

Blocking a single IP in ASM - send to the blocking page

Hi all,     I can't for the life of me work out what I would have thought would be a simple thing to do in ASM.       What we would like to do is blacklist a single IP address (or potent...
app sec
BIG-IP Access Policy Manager (APM)
security
JamesS_40157's avatar
JamesS_40157
Icon for Nimbostratus rankNimbostratus
Jan 03, 2012
A slightly revised version, would this be ok? (more specific to webscraping now)

 

 

when ASM_REQUEST_VIOLATION {

 

 

set x [ASM::violation_data]

 

 

 

if {([lindex $x 0] contains "VIOLATION_WEB_SCRAPING_DETECTED")} {

 

 

 

if { ! [matchclass [IP::remote_addr] equals /Common/asmblockips] } {

 

 

ASM::disable

 

}

 

}

 

}

 

 

 

 

 

 

 

However i have just read the asm::enable and asm::disable functions only work within HTTP_CLASS_SELECTED, if this is the case, i guess i cant be specific down to the attack type?