An IP address exception is an IP address that you want the system to treat in a
specific way for a security policy. For example, you can specify IP addresses from which the
system should always trust traffic, IP addresses for which you do not want the system to generate
learning suggestions for the traffic, and IP addresses for which you want to exclude information
from the logs. You can use the IP address exception feature to create exceptions for IP addresses
of internal tools that your company uses, such as penetration tools, manual or automatic
scanners, or web scraping tools. You can add an IP address exception, and instruct the system how
to handle traffic coming from that address.
You can view a centralized list of IP address exceptions, and you can add new IP address
exceptions to the list. The list of IP address exceptions shows exceptions that you add directly
to the list, or those which you add from other locations, as shown by the following examples:
- When creating a security policy, you can specify IP addresses that you want the Policy
Builder to always trust.
- When creating a security policy that is integrated with a vulnerability assessment tool, you
can configure the scanner IP address as an IP address exception.
- When setting up anomaly detection (such as for DoS, brute force, and web scraping
protections), you can specify IP addresses that the system should consider legitimate (called
- When setting up IP address intelligence, you can add IP addresses that the system should
allow even if the IP address is in the IP intelligence database.
The IP Address Exceptions list shows in one location all of the IP exceptions configured for
this security policy. You can view or modify IP exceptions both from the centralized IP exception
list and from the specific feature screens.
This implementation describes how to create, delete, and update the list of IP address
Creating IP address exceptions
For each security policy, you can
create a list of IP address exceptions, and indicate how you want the system to handle
the traffic from these IP addresses. From the centralized IP Address Exceptions list,
you can configure whitelists or blacklists to allow or block traffic from an IP address
On the Main tab, click
The IP Address Exceptions screen opens, and displays a centralized list of
configured IP address exceptions.
The New IP Address Exception screen opens.
In the IP Address field, type the IP address that you want the system to trust.
Note: To add a route domain, type %n
the IP address where n is the route domain identification
In the Netmask field, type the netmask of the IP address
If you omit the netmask value, the system uses a default value of
255.255.255.255. So to block the
10.10.0.0 subnet, specify
10.10.0.0 as the IP address and
255.255.0.0 as the Netmask.
To consider traffic from this IP address as being safe, for the
Policy Builder trusted IP setting, select
The system adds this IP address to the Trusted IP
Addresses list on the Learning and Blocking Settings screen.
To ignore this IP address when performing brute force and web scraping
detection, for the Ignore in Anomaly Detection and do not collect
Device ID setting, select Enabled.
The system adds this IP address to the IP Address
Whitelist setting on the anomaly detection screens for
configuring brute force and web scraping.
If you do not want the system to generate learning suggestions for traffic sent
from this IP address, for the Ignore in Learning Suggestions
setting, select Enabled.
Security Manager does not generate learning suggestions for requests that
result in the web server returning HTTP responses with 400 or 404 status
codes unless the security policy is configured to learn and block traffic
(the Ignore in Learning Suggestions check box cannot
be selected and the Block this IP Address cannot be
set to Never Block this IP).
For Block this IP Address:
- To never block traffic from this IP address, select Never
block this IP Address.
- To always block traffic from this IP address, select Always
block this IP.
- To block according to policy rules, select Policy
To disable logging for this address, enable Never log traffic from
this IP Address.
The system does not log requests or responses sent from this IP address,
even if the traffic is illegal, and even if your security policy is configured
to log all traffic.
To consider traffic from this IP address to be legitimate even if it is found
in the IP Intelligence database, for the Ignore IP Address
Intelligence setting, select
The system adds this IP address to the IP Address Whitelist
setting on the IP Address Intelligence screen.
The IP Address Exceptions screen opens and shows all of the exceptions
configured for the security policy including the one you created.
You can view and manage all of your IP address exceptions from the centralized IP
Address Exceptions screen.