Malvin,
Like I mentioned to you directly, we maintain these special IP list internally and support can help you process this in a simpler fashion.
As for the policy creation, please see the curl example below:
curl -X POST -H "Content-Type: application/json" 'https://api.imperva.com/policies/v2/policies?api_id=XXXXX&api_key=XXXXXX' --data-raw '{"policySettings":[{"settingsAction":"BLOCK","policySettingType":"IP","data":{"geo":{"countries":["US","JP"]},"ips":["1.1.1.1"],"urls":[]},"policyDataExceptions":[]}],"defaultPolicyConfig":[],"name":"test IP block","enabled":true,"accountId":XXXXX,"policyType":"ACL"}'
Let me know if you're looking for something more complex.
------------------------------
Joe Moore
Director of Technology
imperva
------------------------------
Original Message:
Sent: 11-10-2020 13:04
From: Malvin Tay
Subject: How can i manage huge list of IP address which is to be blacklisted
Hi Joe,
Thanks for getting back.
An example would be we'd like to configure blocking of Tor exit nodes IPs. So we'd like to block users if they are coming from the Tor network, this list of IPs do not necessary belong to contiguous set of addresses.
Eventually it will be applied to multiple sites on boarded with Imperva's Cloud WAF. We'd also be using geographical locations to restrict access.
I'm also wondering if the API calls from the documentation are in good order, as I tested using the suggested codes, but seems like it keeps returning a "unable to fetch" error and a curl request would result an "internal server error" which I'm suspecting is a 500 response code.
Looking forward to hear back from you.
Cheers!
Malvin
Original Message:
Sent: 11/10/2020 11:04:00 AM
From: Joe Moore
Subject: RE: How can i manage huge list of IP address which is to be blacklisted
Malvin,
Can you provide some more information around the use case and the IP count?
1. Is this IP(s) going to be applied to multiple sites or just one or two?
2. When saying thousands of IPs, are the contiguous and part of aggregated /24 or less? As there are 65536 IPs in a /16.
3. Are you blocking certain countries in the IP list for embargoed nations?
I have a few ideas that can help you in addition to helping you resolve your API POST issue.
Cheers
Joe
------------------------------
Joe Moore
Director of Technology
imperva
Original Message:
Sent: 11-10-2020 08:46
From: Malvin Tay
Subject: How can i manage huge list of IP address which is to be blacklisted
Hi All,
Say i have a list of blacklisted IP address which has been identified as "not allowed" to access my sites. I would like to create an ACL policy which contain these list of IP addresses. however my list contains hundreds if not thousands of addresses.
As i understand, there is no bulk IP upload function, only other option which i have explored is the API calls in an attempt to create a new policy containing this list of IP address. Following the documentation (Policy Management API Definition), i noticed that for all POST requests, the examples listed using curl, is not working, this is even after i have input the API ID and Key.
Would like to find out from everyone what is the best way to manage huge list of IP address for an ACL policy, and if you have working codes other than the ones listed by Imperva to share.
thanks a million!
#CloudWAF(formerlyIncapsula)
------------------------------
Malvin Tay
------------------------------