F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

mkeenan_289714's avatar
mkeenan_289714
Icon for Nimbostratus rankNimbostratus
Nov 07, 2016

Whitelist IP address for specific ASM signature

I am looking for a way to whitelist a specific source IP address for a specific attack signature. Note that I am not looking to whitelist the signature all together or create a new security policy for hte IP address. Is there a way that I can accomplish this?

 

The specific signature is 200021093.

 

ASM Advanced WAF
devops
iRules
security

1 Reply

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Nov 07, 2016

    Considering the current exceptions capability in ASM, you're looking for a "workaround 'ish" solution. There's no built-in feature set for this level of granularity. Your equally good long-term scalable solutions are

     

    • a secondary "Relaxed Policy" matched for a specific Source IP address in LTM,
    • or an "Unblock iRule". In case of more exceptions - preferably built on top of a LTM data-group.

    How likely you consider a scenario of having similar exceptions for other Source IP addresses? If you're rather positive, you're definitely better off with the "Unblock iRule" solution. If you need a reference, look around the codeshare. If you're still stuck, feel free to ask a fellow comrade write the whole thing for you.

     

    Regards,