IP Address Exception: How does a policy manage conflicting exceptions

Question

Goal: For 10.0.0.0/8 range
- Do not block (can add IP Address Exception for ASM Policy)
- Learn (Can note learning in IP Exception setup)
- BUT, for specific 20 IP in 10.0.0.0/8, Turn OFF learning (but do not block) as allowed vulnerability scanner.
Unsure how asm policy would manage if exceptions conflict.  Any suggestions for implementing this scenario? Thank you.&nbsp;

simon_blakely · Answer

From the help notes for ASM IP Address Exceptions&nbsp;

Note: If an IP address belongs to more than one range (using netmasks) so that there are overlapping IP address ranges, and one IP address is configured as Enabled on any setting on this screen, while another is configured as Disabled, the Enable action takes priority over the Disable action.&nbsp;

check1t_282465 · Answer

Thanks for the clarification. &nbsp;

boneyard · Answer

if you feel it was the correct answer please flag it as such.&nbsp;

Forum Discussion

IP Address Exception: How does a policy manage conflicting exceptions

3 Replies

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

except ip from asm logging

Redirect all request except few path

Ansible Error: An exception occurred during task execution

ASM IP Exceptions

Exception for GeoBlocked Country. Without Allow-Listing a specific IP