Forum Discussion
Add address to IP Address Exception via REST API
- Jun 26, 2021
Well you got me almost out of ideas.
The two things I will suggest as my final ideas:
%%%%%%%%%%%
You may see this post that I found if it helps as there could be way to add an Ip address to the ASM policy ip exceiption with ""ignoreIpReputation": true," (as I mentioned before if this can be done with REST-API the REST API call should be under the asm policy for ip exception not the IP intelligence):
My other suggestion is as you mentioned for now only the AFM supports custom feed lists other than "webroot" for some reason but you can still try adding one using the REST-API. F5 may have locked this or not if there is no AFM module but who knows:
https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_security_ip-intelligence_feed-list.html
%%%%%%%%%%%
- PhatANhappyJan 09, 2024
MVP
This is fairly confusing. Using host files - will only make things more confusing and near impossible to troubleshoot down the road. You should only modify a host file as a quick test -and put it back - and us a proper DNS entry.
That being said - can we assume the "systems " host file entry is the client side - and not either the f5- or the backed server? This would result in the client side computer making calls to abc.com -which should translate to 20.10.20.30. from the client with modified host file ping 20.10.20.30 <---will NOT do a nslookup, it will see the entry in the host file and use that.
The next step is to ping dvwa.com and make sure that comes back to the same ip ( or what ever you are expecting).
Lasty - i believe you a look for either a url rewrite - or a header re-write.
https://community.f5.com/t5/technical-forum/how-to-do-http-header-replace-with-irule/td-p/118808
or if its more complex - and you want to detect the IP - and make the change from there
https://my.f5.com/manage/s/article/K000130245 - emre_ovaliJan 09, 2024
Altostratus
I really like to use LTM policies instead of irules for these simple requirements.
Just replace 'host' header with the following ltm policy below and assign it to your virtual server.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com