F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Seçkin's avatar
Seçkin
Icon for Cirrus rankCirrus
Oct 10, 2022
Solved

Global Blacklist or Whitelist

Does anyone know f5 has blacklist or whitelist globally not per security policy? Thanks
security
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Oct 12, 2022

You may call me Nik 😉 as a shortcut. I was going to also suggest to make a parent policy to attach the whitelist under it or to script the 200 VIP iRule attachment as no one will do this manually but Mohamed's solution seems nice as I did not know packet filters will unblock ASM/aWAF policy or DDOS blocking as this never crossed my mind as I thought that packet filters are just  stateless layer 3/4 access lists that do not affect something like layer 7 Security but if that is the case it seems easy to do it  and I may try it as well for some clients 😀

Mohamed_Salah_'s avatar
Mohamed_Salah_
Icon for MVP rankMVP
Oct 12, 2022

Hello Nik,

I think the packet filter rules are occurring before the ASM is applied to the request as this event is based on the IP/port and the ASM is an event that matched when the client sends an HTTP request which is after the "client accepted" event, so I thought these rules are occurring before L7 requests are being sent to the F5.

As the matching criteria are:

  • The source IP address of a packet
  • The destination IP address of a packet
  • The destination port of a packet

BR,

Mohamed Salah