Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Automate the IP whitelist creation in bulk for the ASM Polciy via iControl REST

Wackitron_36350
Altostratus
Altostratus

‎01-Feb-2019 12:55 - last edited on ‎01-Jun-2023 16:20 by Fog

Hi F5 Fraternity,

I am trying to create/update the IP whitelist for a ASM Policy. I am using below POST icontrol REST API call via Postman using Basic Auth:

**POST:** https://{{bigip-dev_mgmt}}/mgmt/tm/{{module}}/policies/{{asm_policy_hash}}/whitelist-ips
**Body:**
{
            "ignoreIpReputation": true,
            "blockRequests": "policy-default",
            "ignoreAnomalies": false,
            "neverLogRequests": false,
            "ipAddress": "1.1.1.1",
            "description": "Tango",
            "kind": "tm:asm:policies:whitelist-ips:whitelist-ipstate",
            "neverLearnRequests": false,
            "ipMask": "255.255.255.255",
            "trustedByPolicyBuilder": false
        }
**Headers:**
Content-type: application/json

This one does the Job but it adds just one IP. I have like some 40-50 IPs that I need to add to the ASM IP address exception. Is there any way of adding the entire list of IPs as a body doing just one API call?

I appreciate the help in advance.

Labels:
2 REPLIES 2

Cameron_Merrick
Altostratus
Altostratus

‎14-Feb-2019 20:54

Can I ask if the IPs are representable in CIDR notation? Or are they totally random/unique? Because if it's the former, this can be done without any code from the ASM console from the address exceptions menu. If not, I am happy to work with you and craft a script to do this using the Python SDK for F5 as I would have some use for that, too. That said - it will probably involve looping through API calls so not sure if that will be feasible for you based on what you said about needing to do so in the body of a single request.

 

christopherlloy
Altostratus
Altostratus
In response to Cameron_Merrick

‎14-Jun-2019 15:48

Cameron, I am trying to do something similar in python using curl through the os module. The same curl command works from the CLI, but from python I get " Unkown field 'ignoreIpReputation' ". Deleting that field as a test, another field shows up as unknown. Here is the curl command:

 

curl -k -u UN:PW -H "Content-Type: application/json" -X POST -d '{"ignoreAnomalies":false,"trustedByPolicyBuilder":false,"description":"Baseline","neverLearnRequests":true,"ipMask":"255.255.255.255","ignoreIpReputation":true,"neverLogRequests":true,"ipAddress":"111.111.111.111","kind":"tm:asm:policies:whitelist-ips:whitelist-ipstate","neverBlockRequests":true}' https://222.222.222.222/mgmt/tm/asm/policies/g0bBBeDlyGoOK2_57

 

Any help would be greatly appreciated. This is on ASM v11

Copyright © 2023 Khoros, LLC