cancel
Showing results for 
Search instead for 
Did you mean: 

IP Intelligence Custom Feed in ASM

thomasd93
Nimbostratus
Nimbostratus

Hi,

 

we want to use custom feeds for our IP Intelligence to block IPs recognized by us as malicious.

With the AFM module we already succeeded with setting this up.

To also have the option of blocking the requests with ASM policies (to have a blocking page and not a TCP reset) we thought of using the custom feed to set the IPs to a category blocked in all of our ASM policies (for example tor_proxy).

However in our tests we noticed that the custom IPs are not blocked by ASM. Is this a known limitation? Are there ways to activate the custom IPs also in the ASM IP-Intelligence? (Manually blacklisting them via IP Address Exceptions is not a solution we want to use)

1 REPLY 1

samstep
MVP
MVP

you need ASM IP-Intelligence license to use the feature.

 

If you want to use your own list of custom IPs to be blocked by ASM, a potential solution would be to write an iRule which loads the IPS from a datagroup/iFile