Managing allow lists and deny lists
The API Security Enforcer (ASE) maintains both allow lists and deny lists.
- Allow list
-
List of safe IP addresses, cookies, OAuth2 tokens, API keys, or usernames that are not blocked by ASE.The list is manually generated by adding the client identifiers using command-line interface (CLI) commands.
- Deny list
-
List of bad IP addresses, cookies, OAuth2 tokens, API keys, or usernames that are always blocked by ASE.The list consists of entries from one or more of the following sources:
-
API Behavioral Security (ABS)-detected attacks, such as data exfiltration. ABS-detected attacks have a time-to-live (TTL) in minutes. The TTL is configured in ABS.
-
ASE-detected attacks, such as invalid method or decoy API accessed.
-
List of bad clients manually generated by CLI.
-