PingIntelligence

Managing the deny list

About this task

To manage IP addresses, Cookies, OAuth2 Tokens, and API keys on a deny list:

Steps

  • To add an IP address to the deny list.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1
ip 1.1.1.1 added to blacklist

  • To add a cookie to a deny list, run the add_blacklist command with the cookie option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist cookie JSESSIONID ad233edqsd1d23redwefew
cookie JSESSIONID ad233edqsd1d23redwefew added to blacklist

  • To add a token to a deny list, run the add_blacklist command with the token option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist token ad233edqsd1d23redwefew
token ad233edqsd1d23redwefew added to blacklist

  • To add an API key to a deny list, run the add_blacklist command with the api_key option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4
api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 added to blacklist

  • To add a username to a deny list, run the add_black list command with the username option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist username abc@example.com
username abc@example.com added to blacklist

    You can also add username with space to a deny list. For example, your name.

  • To view the entire deny list, run the view_blacklist command with the all option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist all
Manual Blacklist
1)  type : ip, value : 172.168.11.110
2)  type : token, value : cdE94R3osh283B7NoiJR41XHgt7gxroot
3)  type : username, value : blockeduser
4)  type : cookie, name : JSESSIONID, value : pZlhg5s3i8csImMoas7vh81vz
5)  type : api_key, name : x-api-key, value : d4d28833e2c24be0913f4267f3b91ce5
ABS Generated Blacklist
1)  type : token, value : fAtTzxFJZ2Zkr7HZ9KM17s7kY2Mu
2)  type : token, value : oFQOr11Gj8cCRv1k4849RZOPztPP
3)  type : token, value : Rz7vn5KoLUcAhruQZ4H5cE00s2mG
4)  type : token, value : gxbkGPNuFJw69Z5PF44PoRIfPugA
5)  type : username, value : user1
Realtime Decoy Blacklist
1)  type : ip, value : 172.16.40.15
2)  type : ip, value : 1.2.3.4

    You can view the entire deny list or based on the type of real-time violation.

  • To view the deny list based on decoy IP addresses, run the view_blacklist with the decoy option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist decoy
Realtime Decoy Blacklist
1) type : ip, value : 4.4.4.4

  • To view the deny list based on protocol violations, run the view_blacklist with the invalid_protocol option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_protocol
Realtime Protocol Blacklist
1) type : token, value : token1.1
2) type : ip, value : 1.1.1.1
3) type : cookie, name : JSESSIONID, value : cookie_1.1

  • To view the deny list based on method violations, run the view_blacklist with the invalid_method option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_method
Realtime Method Blacklist
1) type : token, value : token1.3
2) type : ip, value : 3.3.3.3
3) type : cookie, name : JSESSIONID, value : cookie_1.3

  • To view the deny list based on content-type violation, run the view_blacklist with the invalid_content_type option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_content_type
Realtime Content-Type Blacklist
1) type : token, value : token1.2
2) type : ip, value : 2.2.2.2
3) type : cookie, name : JSESSIONID, value : cookie_1.2

  • To view ABS-detected attacks, run the view_blacklist with the abs_detected option.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist abs_detected
No Blacklist

  • To delete an entry from a deny list, run the delete_blacklist command.

    Example:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist ip 1.1.1.1
ip 1.1.1.1 deleted from blacklist
./bin/cli.sh -u admin -p admin delete_blacklist cookie JSESSIONID avbry47wdfgd
cookie JSESSIONID avbry47wdfgd deleted from blacklist
./bin/cli.sh -u admin -p admin delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35
token 58fcb0cb97c54afbb88c07a4f2d73c35 deleted from blacklist
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4

  • To clear the deny list, run the clear_blacklist command.

    When clearing the deny list, make sure that the real-time ASE detected attacks and ABS detected attacks are disabled. If these are not disabled, the deny list gets populated again as both ASE and ABS are continuously detecting attacks.

    Example:

    ./bin/cli.sh -u admin -p admin clear_blacklist
This will delete all blacklist Attacks, Are you sure (y/n) :y
Blacklist cleared
./bin/cli.sh -u admin -p admin clear_blacklist
This will delete all blacklist Attacks, Are you sure (y/n) :n
Action canceled