--- title: Managing the ASE deny list description: Manage API Security Enforcer (ASE) operations for OAuth2 tokens, cookies, Internet Protocol (IP) addresses, username, and application programming interface (API) keys on a deny list. component: pingintelligence version: 5.2 page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_managing_ase_deny_list canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_managing_ase_deny_list.html revdate: April 3, 2024 section_ids: about-this-task: About this task steps: Steps --- # Managing the ASE deny list Manage API Security Enforcer (ASE) operations for OAuth2 tokens, cookies, Internet Protocol (IP) *(tooltip: \
\

The method by which data is sent across the internet from the source host to the destination host.\

\
)* addresses, username, and application programming interface (API) *(tooltip: \
\

A specification of interactions available for building software to access an application or service.\

\
)* keys on a deny list. ## About this task To manage the ASE deny list: ## Steps * To add an IP address to the deny list, run the `add_blacklist` command with the `ip` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1 ip 1.1.1.1 added to blacklist ``` * To add a cookie to a deny list, run the `add_blacklist` command with the `cookie` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist cookie JSESSIONID ad233edqsd1d23redwefew cookie JSESSIONID ad233edqsd1d23redwefew added to blacklist ``` * To add a token to a deny list, run the `add_blacklist` command with the `token` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist token ad233edqsd1d23redwefew token ad233edqsd1d23redwefew added to blacklist ``` * To add an API key to a deny list, run the `add_blacklist` command with the `api_key` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 added to blacklist ``` * To add a username to a deny list, run the `add_black list` command with the `username` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist username user1 username user1 added to blacklist ``` * To view the entire deny list, run the `view_blacklist` command with the `all` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist all Manual Blacklist 1) type : ip, value : 10.10.10.10 2) type : cookie, name : JSESSIONID, value : cookie_1.4 3) type : token, value : token1.4 4) type : api_key, name : X-API-KEY, value : key_1.4 Realtime Decoy Blacklist 1) type : ip, value : 4.4.4.4 Realtime Protocol Blacklist 1) type : token, value : token1.1 2) type : ip, value : 1.1.1.1 3) type : cookie, name : JSESSIONID, value : cookie_1.1 Realtime Method Blacklist 1) type : token, value : token1.3 2) type : ip, value : 3.3.3.3 3) type : cookie, name : JSESSIONID, value : cookie_1.3 Realtime Content-Type Blacklist 1) type : token, value : token1.2 2) type : ip, value : 2.2.2.2 3) type : cookie, name : JSESSIONID, value : cookie_1.2 ``` * To view the deny list based on decoy IP addresses, run the `view_blacklist` command with the `decoy` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist decoy Realtime Decoy Blacklist 1) type : ip, value : 4.4.4.4 ``` * To view the deny list based on protocol violations, run the `view_blacklist` command with the `invalid_protocol` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_protocol Realtime Protocol Blacklist 1) type : token, value : token1.1 2) type : ip, value : 1.1.1.1 3) type : cookie, name : JSESSIONID, value : cookie_1.1 ``` * To view the deny list based on method violations, run the `view_blacklist` command with the `invalid_method` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_method Realtime Method Blacklist 1) type : token, value : token1.3 2) type : ip, value : 3.3.3.3 3) type : cookie, name : JSESSIONID, value : cookie_1.3 ``` * To view the deny list based on content-type violation, run the `view_blacklist` command with the `invalid_content_type` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_content_type Realtime Content-Type Blacklist 1) type : token, value : token1.2 2) type : ip, value : 2.2.2.2 3) type : cookie, name : JSESSIONID, value : cookie_1.2 ``` * To view API Behavioral Security (ABS) -detected attacks, run the `view_blacklist` command with the `abs_detected` option: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist abs_detected No Blacklist ``` * To delete an entry from a deny list, run the `delete_blacklist` command: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist ip 1.1.1.1 ip 1.1.1.1 deleted from blacklist ./bin/cli.sh -u admin -p admin delete_blacklist cookie JSESSIONID avbry47wdfgd cookie JSESSIONID avbry47wdfgd deleted from blacklist ./bin/cli.sh -u admin -p admin delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35 token 58fcb0cb97c54afbb88c07a4f2d73c35 deleted from blacklist ``` * To clear the deny list, run the `clear_blacklist` command: ``` ./bin/cli.sh -u admin -p admin clear_blacklist This will delete all blacklist Attacks, Are you sure (y/n) :y Blacklist cleared ./bin/cli.sh -u admin -p admin clear_blacklist This will delete all blacklist Attacks, Are you sure (y/n) :n Action canceled ``` | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When clearing the deny list, make sure that [Real-time Detected attacks for inline ASE](pingintelligence_detected_attacks_inline_ase.html) attacks and ABS-detected attacks are disabled. If not disabled, the deny list gets populated again as both ASE and ABS are continuously detecting attacks. |