--- title: Managing the deny list description: To manage IP addresses, Cookies, OAuth2 Tokens, and API keys on a deny list: component: pingintelligence version: 5.2 page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_managing_deny_list canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_managing_deny_list.html revdate: May 6, 2024 section_ids: about-this-task: About this task steps: Steps example: Example: example-2: Example: example-3: Example: example-4: Example: example-5: Example: example-6: Example: example-7: Example: example-8: Example: example-9: Example: example-10: Example: example-11: Example: example-12: Example: example-13: Example: --- # Managing the deny list ## About this task To manage IP addresses, Cookies, OAuth2 Tokens, and API keys on a deny list: ## Steps * To add an IP address to the deny list. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1 ip 1.1.1.1 added to blacklist ``` * To add a cookie to a deny list, run the `add_blacklist` command with the `cookie` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist cookie JSESSIONID ad233edqsd1d23redwefew cookie JSESSIONID ad233edqsd1d23redwefew added to blacklist ``` * To add a token to a deny list, run the `add_blacklist` command with the `token` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist token ad233edqsd1d23redwefew token ad233edqsd1d23redwefew added to blacklist ``` * To add an API key to a deny list, run the `add_blacklist` command with the `api_key` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 added to blacklist ``` * To add a username to a deny list, run the `add_black list` command with the `username` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist username abc@example.com username abc@example.com added to blacklist ``` You can also add username with space to a deny list. For example, `your name`. * To view the entire deny list, run the `view_blacklist` command with the `all` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist all Manual Blacklist 1) type : ip, value : 172.168.11.110 2) type : token, value : cdE94R3osh283B7NoiJR41XHgt7gxroot 3) type : username, value : blockeduser 4) type : cookie, name : JSESSIONID, value : pZlhg5s3i8csImMoas7vh81vz 5) type : api_key, name : x-api-key, value : d4d28833e2c24be0913f4267f3b91ce5 ABS Generated Blacklist 1) type : token, value : fAtTzxFJZ2Zkr7HZ9KM17s7kY2Mu 2) type : token, value : oFQOr11Gj8cCRv1k4849RZOPztPP 3) type : token, value : Rz7vn5KoLUcAhruQZ4H5cE00s2mG 4) type : token, value : gxbkGPNuFJw69Z5PF44PoRIfPugA 5) type : username, value : user1 Realtime Decoy Blacklist 1) type : ip, value : 172.16.40.15 2) type : ip, value : 1.2.3.4 ``` | | | | - | ------------------------------------------------------------------------------ | | | You can view the entire deny list or based on the type of real-time violation. | * To view the deny list based on decoy IP addresses, run the `view_blacklist` with the `decoy` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist decoy Realtime Decoy Blacklist 1) type : ip, value : 4.4.4.4 ``` * To view the deny list based on protocol violations, run the `view_blacklist` with the `invalid_protocol` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_protocol Realtime Protocol Blacklist 1) type : token, value : token1.1 2) type : ip, value : 1.1.1.1 3) type : cookie, name : JSESSIONID, value : cookie_1.1 ``` * To view the deny list based on method violations, run the `view_blacklist` with the `invalid_method` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_method Realtime Method Blacklist 1) type : token, value : token1.3 2) type : ip, value : 3.3.3.3 3) type : cookie, name : JSESSIONID, value : cookie_1.3 ``` * To view the deny list based on content-type violation, run the `view_blacklist` with the `invalid_content_type` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_content_type Realtime Content-Type Blacklist 1) type : token, value : token1.2 2) type : ip, value : 2.2.2.2 3) type : cookie, name : JSESSIONID, value : cookie_1.2 ``` * To view ABS-detected attacks, run the `view_blacklist` with the `abs_detected` option. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist abs_detected No Blacklist ``` * To delete an entry from a deny list, run the `delete_blacklist` command. ### Example: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist ip 1.1.1.1 ip 1.1.1.1 deleted from blacklist ./bin/cli.sh -u admin -p admin delete_blacklist cookie JSESSIONID avbry47wdfgd cookie JSESSIONID avbry47wdfgd deleted from blacklist ./bin/cli.sh -u admin -p admin delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35 token 58fcb0cb97c54afbb88c07a4f2d73c35 deleted from blacklist /opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 ``` * To clear the deny list, run the `clear_blacklist` command. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When clearing the deny list, make sure that the real-time ASE detected attacks and ABS detected attacks are disabled. If these are not disabled, the deny list gets populated again as both ASE and ABS are continuously detecting attacks. | ### Example: ``` ./bin/cli.sh -u admin -p admin clear_blacklist This will delete all blacklist Attacks, Are you sure (y/n) :y Blacklist cleared ./bin/cli.sh -u admin -p admin clear_blacklist This will delete all blacklist Attacks, Are you sure (y/n) :n Action canceled ```