For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

nirsham_178691's avatar
nirsham_178691
Icon for Nimbostratus rankNimbostratus
Mar 31, 2015

IP Address Exception in ASM

Hi,   Is there a way to create an IP ADDRESS exception per ASM signature ?   The IP Address exceptions list is too general for all ASM protections . I need something more specific .   I know...
ASM Advanced WAF
management
security
Hannes_Rapp_162's avatar
Hannes_Rapp_162
Icon for Nacreous rankNacreous
Mar 31, 2015

As far as I'm aware, the closest option in GUI you have is creating an IP address exception (linked to a particular ASM policy). If you want something more granular (an exception, linked to a specific signature ID), it can be done using iRules only.

A single IP and signature:

when ASM_REQUEST_DONE {

  if { ([IP::client_addr] == "My-IP-Address") && ( [ASM::violation details] contains "My-Signature-ID") }{
    ASM::unblock
    log local0. "[ASM::violation_data]. Unblocked for [IP::client_addr]"
  }

}

Multiple IP addresses and multiple signatures:

when ASM_REQUEST_DONE {

  if { ( [class match[IP::client_addr] == "data-group-ip-address-list"] ) && ( [class match[ASM::violation details] contains "data-group-signature-ids"] ) }{
    log local0. "[ASM::violation_data]. Unblocked for [IP::client_addr]"
    ASM::unblock
  }

}
gsharri's avatar
gsharri
Icon for Altostratus rankAltostratus
Mar 31, 2015
I agree with Hannes. This requires an iRule. There is no option in security policies to exempt an IP address from an individual attack signature.