Attack management in ASE
In API Security Enforcer (ASE), you manage detected attacks through both allow list and deny list.
Client identifiers in deny list are blocked by ASE while those in the allow list are never blocked. You can also choose to block or allow a client identifier at application programming interface (API) level by configuring the individual API JavaScript Object Notation (JSON).
- Allow list
-
List of safe Internet Protocol (IP) addresses, cookies, OAuth2 Tokens, API keys, or usernames that will not be blocked by ASE.The list is manually created using ASE CLI commands.
- Deny list
-
List of bad IP addresses, cookies, OAuth2 Tokens, API keys, or usernames that are always blocked by ASE.The list consists of entries from one or more of the following sources:
-
API Behavioral Security (ABS) detected clients suspected of executing attacks (for example, data exfiltration).
-
ASE detected clients suspected of executing attacks (for example, invalid method, decoy API accessed). These attacks are reported to ABS and become part of ABS deny list also after further AI processing.
-
List of bad client identifiers manually added using ASE CLI
-