Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

Automate the IP whitelist creation in bulk for the ASM Polciy via iControl REST


Hi F5 Fraternity,

I am trying to create/update the IP whitelist for a ASM Policy. I am using below POST icontrol REST API call via Postman using Basic Auth:

**POST:** https://{{bigip-dev_mgmt}}/mgmt/tm/{{module}}/policies/{{asm_policy_hash}}/whitelist-ips
            "ignoreIpReputation": true,
            "blockRequests": "policy-default",
            "ignoreAnomalies": false,
            "neverLogRequests": false,
            "ipAddress": "",
            "description": "Tango",
            "kind": "tm:asm:policies:whitelist-ips:whitelist-ipstate",
            "neverLearnRequests": false,
            "ipMask": "",
            "trustedByPolicyBuilder": false
Content-type: application/json   

This one does the Job but it adds just one IP. I have like some 40-50 IPs that I need to add to the ASM IP address exception. Is there any way of adding the entire list of IPs as a body doing just one API call?

I appreciate the help in advance.



Can I ask if the IPs are representable in CIDR notation? Or are they totally random/unique? Because if it's the former, this can be done without any code from the ASM console from the address exceptions menu. If not, I am happy to work with you and craft a script to do this using the Python SDK for F5 as I would have some use for that, too. That said - it will probably involve looping through API calls so not sure if that will be feasible for you based on what you said about needing to do so in the body of a single request.


Cameron, I am trying to do something similar in python using curl through the os module. The same curl command works from the CLI, but from python I get " Unkown field 'ignoreIpReputation' ". Deleting that field as a test, another field shows up as unknown. Here is the curl command:


curl -k -u UN:PW -H "Content-Type: application/json" -X POST -d '{"ignoreAnomalies":false,"trustedByPolicyBuilder":false,"description":"Baseline","neverLearnRequests":true,"ipMask":"","ignoreIpReputation":true,"neverLogRequests":true,"ipAddress":"","kind":"tm:asm:policies:whitelist-ips:whitelist-ipstate","neverBlockRequests":true}'


Any help would be greatly appreciated. This is on ASM v11