Forum Discussion

crowe's avatar
crowe
Icon for Cirrus rankCirrus
Jun 23, 2020
Solved

ASM IP Exceptions

We are new to having ASM implemented on our main virtual servers, over the past couple months I keep having to add IP exceptions for for valid customer IP's that get blocked as "malicious". I assume ...
application delivery
ASM Advanced WAF
exception
malicious
valid
  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Jul 02, 2020

    You need to leave Alarm enabled for malicious IP - in such case you will have ability to monitor how it works and detect (but not prevent) possible attack

crowe's avatar
crowe
Icon for Cirrus rankCirrus
Jun 30, 2020

 

  • Hello, the category that seems to be blocking the valid traffic is "Botnets", you would still recommend removing that category? or would I make adjustments on the policy learning section?

 

Ivan_Chernenkii's avatar
Ivan_Chernenkii
Icon for Employee rankEmployee
Jul 02, 2020

Yes, it really looks strange...

  1. Are you sure that all detected malicious IP are false-positive?
  2. Do you have any malicious IP, which is blocked correctly?
  3. Why it was suggested to enable malicious IP detection? What was the reason?

 

If there was no exact reason and you didn't get any real malicious IP for a long time, then I suggest to disable Block flag per violation (leave Alarm flag enabled for monitoring) or at least disable Block flag for each category, which provides false-positive.

 

Thanks, Ivan