27-May-2021 03:32
Hi,
we want to use custom feeds for our IP Intelligence to block IPs recognized by us as malicious.
With the AFM module we already succeeded with setting this up.
To also have the option of blocking the requests with ASM policies (to have a blocking page and not a TCP reset) we thought of using the custom feed to set the IPs to a category blocked in all of our ASM policies (for example tor_proxy).
However in our tests we noticed that the custom IPs are not blocked by ASM. Is this a known limitation? Are there ways to activate the custom IPs also in the ASM IP-Intelligence? (Manually blacklisting them via IP Address Exceptions is not a solution we want to use)
15-Sep-2021 07:10
you need ASM IP-Intelligence license to use the feature.
If you want to use your own list of custom IPs to be blocked by ASM, a potential solution would be to write an iRule which loads the IPS from a datagroup/iFile