PingIntelligence

Managing allow lists and deny lists

The API Security Enforcer (ASE) maintains both allow lists and deny lists.

Allow list

List of safe IP addresses, cookies, OAuth2 tokens, API keys, or usernames that are not blocked by ASE.The list is manually generated by adding the client identifiers using command-line interface (CLI) commands.

Deny list

List of bad IP addresses, cookies, OAuth2 tokens, API keys, or usernames that are always blocked by ASE.The list consists of entries from one or more of the following sources:

  • API Behavioral Security (ABS)-detected attacks, such as data exfiltration. ABS-detected attacks have a time-to-live (TTL) in minutes. The TTL is configured in ABS.

  • ASE-detected attacks, such as invalid method or decoy API accessed.

  • List of bad clients manually generated by CLI.