Forum Discussion

Ndlovumm's avatar
Ndlovumm
Icon for Cirrus rankCirrus
Feb 10, 2020

Trusted IP address and IP address exceptions

What is the difference between Trusted ip addresses and IP address exceptions? My understanding is that you can achieve the same outcome using any of the two methods, but I would like to know the difference between the two and how each is used for specifically.

5 Replies

  • A trusted IP address is one you specify as a safe source of HTTP requests. If you need to build a security policy quickly, you can classify a client IP as "trusted IP address" and then run only legitimate traffic from that IP. Advanced WAF (ASM) will treat all requests from a trusted IP address as legitimate and will use that traffic to build the policy. The key is to use legitimate traffic--don't trigger violations from a trusted IP Address because then Advanced WAF will accept potentially malicious traffic as safe. "Exceptions" simply refer to all the other security settings you can apply to a specific IP. For example, you may elect to "never block traffic from this IP" if the IP address is from a pentesting tool.

  • Technically both are almost same but slight different.

    Policy Builder trusted IP option is enabled, the Policy Builder will consider traffic from this specified IP address as being safe. The Policy Builder will automatically add to the security policy any data logged from traffic sent from this IP address. Selecting this option also automatically adds this IP address to the Trusted IP Addresses setting on the Policy Building Configuration screen. If you don't enable this option, the Policy Builder will not consider traffic from this IP address as being any different than traffic from any other IP address.

     

    IP Address Exceptions:  gives you the ability to explicitly allow certain IP addresses without checking any packet.

     

    • Ndlovumm's avatar
      Ndlovumm
      Icon for Cirrus rankCirrus

      thanks for the clarification, so basically you can add an ip address to an exception list and achieve the same results as adding it to a trusted ip address list?

  • The Exception List is simply a page that holds a list of IP addresses for which you want special handling. Merely adding an IP address to the list will NOT define it as a trusted IP. First you add it to the list, and THEN you define it as a trusted IP. "Exception" means that you want to treat the IP address differently than other IP addresses.