Add IP Address Exceptions

Overview

Add IP addresses to the policy and specify whether they are always or never allowed to send requests to your protected applications.

Add, edit, or delete IP addresses exceptions that are specified within the policy.

Prerequisites

• Verify any attached application services to ensure proper security after changes are deployed.

• You need to have a user role of Security Manager or Administrator to manage a WAF policy.

How to add IP address exceptions

1. Click the workspace icon next to the F5 icon, and click Security.

2. From the left menu click Policies under WAF.

3. Select the name of the policy.

   A panel for the General Settings opens.

4. From the panel menu, click IP Address Exceptions.

   The panel displays a list of IP addresses currently specified within the policy.

5. To create an IP address exception:

   1. At the top of the panel, click Create.

   2. Enter the IP Address. You can add a Netmask if it applies.

   3. From Block Mode select how you want the policy to manage requests from the IP address:

      1. Policy Default - Requests from this IP address are blocked according to policy rules.

      2. Always Block - Requests from the IP address are always blocked.

      3. Never Block - Requests from this IP address are always allowed and never blocked.

   4. Enable additional IP address exceptions, according to your application security needs:

      1. EXCLUDE IP ADDRESS FROM POLICY BUILDER TRAFFIC - Policy builder always trusts traffic from the IP address as safe. In addition, the IP address is added to the Trust IP Address list for Policy Learning.

      2. EXCLUDE LOG TRAFFIC FROM IP ADDRESS - Requests and responses sent from the IP address are not logged, even if the request was illegal, and the security policy is configured to log all traffic.

      3. EXCLUDE IP ADDRESS FROM LEARNING SUGGESTIONS - Requests from the IP address do not generate learning suggestions.

      4. APPLY TO ADDITIONAL POLICIES - Enable this setting to apply the IP address exception rules to additional policies. Once you have enabled this setting you can select one or more policies.

   5. Click Save. The IP address is added to the IP Address Exceptions list.

6. To edit an IP address exception:

   1. From the IP Address Exception list, select the IP address.

   2. Edit the Blocking Mode settings. For more information, see step 5 for more information.

   3. Click Save to save your changes.

7. To remove an IP address from the exception list:

   1. Select the check box next to the IP address.

   2. At the top of the panel click Delete.

Resources

Configure using API

• API: IP address exception configuration

IP address exception management using the policy Editor

Edit the WAF policy JSON declaration directly through the WAF policy editor.