Enabling alarm and block of IP Intelligence through CLI and curl

Question

Is there an API for IP Intelligence enabling and disabling as well as for enabling alerting and/or blocking of items within the IP Intelligence feature in ASM. I am wanting to run a curl command like I do for IP Whitelisting and stuff to make a mass update of all ASM policies to enable IP Intelligence on all of them in one go. Please advise.

samco · Answer

I think you can do it through the REST API call to this URL :

https://x.x.x.x/mgmt/tm/asm/XXXXX/disallowed-geolocations

This article should help you :

https://support.f5.com/csp/article/K03519157

Cheers,

Sam

ismael_goncalves · Answer

Hi,
You could use the following iControl REST endpoint:
/mgmt/tm/asm/policies/&lt;pol-id&gt;/ip-intelligence
Here is an example that patches a policy to enable Block and Alarm for Spam Sources category:
curl -k -u admin:xxxxxx -X PATCH https://bigip-host.net/mgmt/tm/asm/policies/3_4-X7IjK43HRjUS7xZnyA/ip-intelligence -H "Content-Type: application/json" -d '{ "ipIntelligenceCategories": [ { "block": true, "alarm": true, "category": "Spam Sources" }], "enabled":true}'
Alternatively, you could use a Parent Policy and control the settings to children policies via 'IP Addresses and Geolocations' inheretance setting.&nbsp;

alok_kumar · Answer

Thank you. I'm going to try it.

Forum Discussion

Enabling alarm and block of IP Intelligence through CLI and curl

Recent Discussions

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Related Content

The Power of IP Intelligence (IPI)

Enriching AFM with public domain Threat Intelligence

Intelligent Proxy Steering - Office365

IP-Intelligence and IP-Shunning

Traffic Intelligence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS