Forum Discussion

Sharath413's avatar
Sharath413
Icon for Nimbostratus rankNimbostratus
Dec 09, 2020

IP address exception

I'm new to F5 and we recently implemented WAF in one-arm mode. I'm getting quite a few complaints from web developers about some of their HTTP requests getting blocked. I was thinking if it's a better idea to add RFC 1918 addresses to the IP address exception list and select "never block this IP"?

Can someone please advise if it's a good solution?

Thanks.

ASM Advanced WAF
security
  • Lidev's avatar
    Lidev
    Dec 10, 2020

    Hello,

     

    if you consider IP address as being safe, you can set a address exception and categorized Wed Developpers IP Adresses as Trusted IP.

    Regards

  • Lidev's avatar
    Lidev
    Icon for MVP rankMVP
    Dec 10, 2020

    Hello,

     

    if you consider IP address as being safe, you can set a address exception and categorized Wed Developpers IP Adresses as Trusted IP.

    Regards

    • Sharath413's avatar
      Sharath413
      Icon for Nimbostratus rankNimbostratus
      Dec 11, 2020

       Thanks for responding. I made the exception to just "never block the IP' but didn't add the IP as trusted IP. I was told that adding the IP as trusted will cause Big-IP to build policy signatures based on their traffic. I surely didn't want to do that.

      • Lidev's avatar
        Lidev
        Icon for MVP rankMVP
        Dec 14, 2020

        OK Sharath413,

        If this answer was helpful, please don't forget to mark the answer as "Select as Best" in order to pass your post as resolved and help other people to find it.