Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

ASM exclude geolocation from traffic learning

Marvin
Cirrostratus
Cirrostratus

‎31-Aug-2021 07:42

It would be an awesome feature if it were possible to exclude geolocation countries from the ASM traffic learning, for example only allowing to learn from specific countries. Likewise preventing traffic learning entries to be spoiled with foreign countries.

 

Is there any upcoming release where it would be possible to configure geographic location exclusions in the IP address exclusion section and/or inside the traffic learning settings of ASM?

Labels:
0 Kudos
3 REPLIES 3

SanjayP
MVP
MVP

‎31-Aug-2021 10:30

This isn't available with ASM, but can be achieved using iRule, where you can drop from blacklisted countries or allow traffic f​rom whitelisted one. So that ASM learning would be only from allowed geo locations

0 Kudos

Marvin
Cirrostratus
Cirrostratus
In response to SanjayP

‎01-Sep-2021 07:47

Yes i understand but I would still allow it but not learn from it that would be very helpful and improve the product

0 Kudos

Daniel_Wolf
Nacreous
Nacreous

‎01-Sep-2021 10:10

Hi Marvin,

 

Maybe with LTM Traffic Policy? Like this requests from US would come unfiltered to the backend.

Other alternative would be to use different policies for different country codes. Maybe for the "bad" country codes you use only a policy with Attack Signatures and Threat Campaings, but not Entity Learning.

0691T00000DzFIpQAN.pngNo offense, DE and US were the country codes I know by heart. 🙂

 

KR

Daniel

 

Edit: same can be achieved with iRules.

0 Kudos
Copyright © 2023 Khoros, LLC