Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Dec 30, 2021

F5 ASM Geolocation filter and Amazon Regions IP ranges

We're using Geolocation filtering in a ASM profile to allow only a few countries to an application. Now a part of the web-application is moving to Amazon Cloud. These ip addresses are outside the all...

ASM Advanced WAF

Icon for Admin rank

Admin

Dec 30, 2021

if you are not using AFM, this is probably fine. If you are, you might need to move some of that geolocation logic earlier, as it's processed before ASM (see here). But to your specific question on automating this, if amazon has an api where you can get those addresses, you can pull that on a cron frequency, and then use iControl REST to push those to your policies. Example (just put placeholder values on those attributes, you'd need to set appropriately for your environment):

Icon for Nimbostratus rank

Nimbostratus

Jan 03, 2022

Hi Jason,

Best wishes for 2022.

We're not using AFM, so that's fine.

The AWS ip ranges and updates on it, can be dowloaded in a Json file.

I'll try to get it working using iControl REST.

Thank you for the reply.

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

DevCentral News

F5 Academies Are Back – And We’re Coming to a City Near You

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5