Forum Discussion

Nimbostratus

Dec 30, 2021

F5 ASM Geolocation filter and Amazon Regions IP ranges

We're using Geolocation filtering in a ASM profile to allow only a few countries to an application. Now a part of the web-application is moving to Amazon Cloud. These ip addresses are outside the all...

ASM Advanced WAF

security

JRahm

Admin

Dec 30, 2021

if you are not using AFM, this is probably fine. If you are, you might need to move some of that geolocation logic earlier, as it's processed before ASM (see here). But to your specific question on automating this, if amazon has an api where you can get those addresses, you can pull that on a cron frequency, and then use iControl REST to push those to your policies. Example (just put placeholder values on those attributes, you'd need to set appropriately for your environment):

AndréB
Nimbostratus
Jan 03, 2022
Hi Jason,
Best wishes for 2022.
We're not using AFM, so that's fine.
The AWS ip ranges and updates on it, can be dowloaded in a Json file.
I'll try to get it working using iControl REST.
Thank you for the reply.

Forum Discussion

F5 ASM Geolocation filter and Amazon Regions IP ranges

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

F5 Distributed Cloud - Regional Decryption with Virtual Sites

F5 NGINXaaS for Azure: Multi-Region Architecture

Deploying F5 BIG-IP with Azure Cross-region load balancer

F5 Distributed Cloud - Regional Edge Health Monitoring Insights

F5 SIRT ESRP Case Study: Regional Bank