For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Techgeeeg_28888's avatar
Techgeeeg_28888
Icon for Nimbostratus rankNimbostratus
Aug 06, 2015
Solved

Blocking Traffic from Single IP with block page on ASM

Hi Everyone,   I would like to have the experts input on a point, I have ASM running where I want to block the requests from a particular source IP address and the violation page with id should be...
unblock
  • Vsevolod_Petrov's avatar
    Vsevolod_Petrov
    Aug 06, 2015

    The following extensions I hope will make the rule more efficient:

    when ASM_REQUEST_DONE {
  if { [ASM::violation count] > 0 } {
    if { not([class match[IP::client_addr] == "black-list-data-group"]) } {
      ASM::unblock
    }
  }
}
    1. You can check sources against the data group.
    2. Apply ASM::unblock action only if there were violations.

    Hope this helps.

    And do not forget to enable "Trigger ASM iRule Events" option in your policy.

Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Aug 06, 2015

If you're using v11:

 

Security -> Application Security -> IP Addresses -> IP Address Exceptions

 

You can use the section above to define explicitly trusted or explicitly non-trusted IP addresses. The link is creted between the IP address(es) defined and a particular security policy. Unfortunately, you can not create a granular setup where the IP address (trusted or non-trusted) is linked to a particular Signature ID without the use of iRules.