Forum Discussion

paul_dawson_258's avatar
paul_dawson_258
Icon for Nimbostratus rankNimbostratus
Mar 06, 2017

tmsh/cli command to view/change ASM IP exceptions

Hi,   Is there a tmsh/cli command to view/change ASM IP exceptions? I've tried to search but can't seem to find a way to do this.   Thanks  
ASM Advanced WAF
security
TMSH
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
Mar 06, 2017

Hi, far as I know, I think it's not possible except to you querying the iControlREST or mySQL database directly.

e.g.

 curl -k -u "admin:admin" https://192.168.1.245/mgmt/tm/asm/policies?\$select=whitelistIpReference&\$filter=name%20eq%20asm_my_policy |json-format    

{"kind":"tm:asm:policies:policycollectionstate","selfLink":"https://localhost/mgmt/tm/asm/policies?$select=whitelistIpReference&ver=13.0.0","totalItems":1,"items":[{"kind":"tm:asm:policies:policystate","selfLink":"https://localhost/mgmt/tm/asm/policies/FqWMdfXeKlK4vSy9Kj_CaA?ver=13.0.0","whitelistIpReference":{"link":"https://localhost/mgmt/tm/asm/policies/FqWMdfXeKlK4vSy9Kj_CaA/whitelist-ips?ver=13.0.0","isSubCollection":true}}]}

 curl -k -u "admin:admin" https://192.168.1.245/mgmt/tm/asm/policies/FqWMdfXeKlK4vSy9Kj_CaA/whitelist-ips |json-format

{
  "kind": "tm:asm:policies:whitelist-ips:whitelist-ipcollectionstate",
  "selfLink": "https://localhost/mgmt/tm/asm/policies/FqWMdfXeKlK4vSy9Kj_CaA/whitelist-ips?ver\u003d13.0.0",
  "totalItems": 1,
  "items": [
    {
      "ignoreIpReputation": false,
      "blockRequests": "policy-default",
      "ignoreAnomalies": false,
      "neverLogRequests": false,
      "ipAddress": "10.10.10.10",
      "lastUpdateMicros": 1.488814202e+15,
      "description": "",
      "kind": "tm:asm:policies:whitelist-ips:whitelist-ipstate",
      "neverLearnRequests": false,
      "selfLink": "https://localhost/mgmt/tm/asm/policies/FqWMdfXeKlK4vSy9Kj_CaA/whitelist-ips/QTHqYAEQ5sfuVChitjYn8Q?ver\u003d13.0.0",
      "ipMask": "255.255.255.255",
      "id": "QTHqYAEQ5sfuVChitjYn8Q",
      "trustedByPolicyBuilder": false
    }
  ]
}

MySQL:

 mysql -sN -uasm -pPASSWORD -DPLC    
mysql> select id from PL_POLICIES where name = '/Common/asm_my_policy';
2
mysql> select * from PL_IP_WHITELIST where policy_id = 2;
1       2       10.10.10.10   255.255.255.255 0       0       0       1       0       0               0       QTHqYAEQ5sfuVChitjYn8Q  1488814202      0

https://devcentral.f5.com/wiki/icontrol.homepage.ashx

https://support.f5.com/csp/article/K6979

Regards.