ASE maintains the following two types of lists:

  • Whitelist – List of “safe” IP addresses, cookies, OAuth2 Tokens, API keys, or Usernames that are not blocked by ASE. The list is manually generated by adding the client identifiers using CLI commands.
  • Blacklist – List of “bad” IP addresses, cookies, OAuth2 Tokens, API keys, or Usernames that are always blocked by ASE. The list consists of entries from one or more of the following sources:
    • ABS detected attacks (for example data exfiltration). ABS detected attacks have a time-to-live (TTL) in minutes. The TTL is configured in ABS.
    • ASE detected attacks (for example invalid method, decoy API accessed). The ASE detected attacks
    • List of “bad” clients manually generated by CLI

Manage whitelists

Valid operations for OAuth2 Tokens, cookies, IP addresses, API keys, and usernames on a whitelist include:

Add an entry
  • Add an IP address to whitelist: 
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist ip 10.10.10.10
ip 10.10.10.10 added to whitelist
  • Add a cookie to whitelist:
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist cookie JSESSIONID cookie_1.4
cookie JSESSIONID cookie_1.4 added to whitelist
  • Add a token to whitelist:
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist token token1.4
token token1.4 added to whitelist
  • Add an API Key to whitelist: 
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist api_key X-API-KEY key_1.4
api_key X-API-KEY key_1.4 added to whitelist
  • Add a username to whitelist: 
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist username abc@example.com
username abc@example.com added to whitelist

View whitelist 

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_whitelist
Whitelist
1) type : ip, value : 1.1.1.1
2) type : cookie, name : JSESSIONID, value : cookie_1.1
3) type : token, value : token1.3
4) type : api_key, name : X-API-KEY, value : key_1.4
5) type : username, value : abc@example.com

Delete an entry 

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist ip 4.4.4.4
ip 4.4.4.4 deleted from whitelist

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist cookie JSESSIONID cookie_1.1
cookie JSESSIONID cookie_1.1 deleted from whitelist

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist token token1.1
token token1.1 deleted from whitelist

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist api_key X-API-KEY key_1.4
api_key X-API-KEY key_1.4 deleted from whitelist

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist username abc@example.com

Clear the whitelist 

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin clear_whitelist
This will delete all whitelist Attacks, Are you sure (y/n) : y
Whitelist cleared
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin clear_whitelist
This will delete all whitelist Attacks, Are you sure (y/n) : n
Action canceled

Manage blacklists

Valid operations for IP addresses, Cookies, OAuth2 Tokens, and API keys on a blacklist include:

Add an entry
  • Add an IP address to blacklist: 
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1
ip 1.1.1.1 added to blacklist
  • Add a cookie to blacklist: 
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist cookie JSESSIONID ad233edqsd1d23redwefew 
cookie JSESSIONID ad233edqsd1d23redwefew added to blacklist
  • Add a token to blacklist:
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist token ad233edqsd1d23redwefew
token ad233edqsd1d23redwefew added to blacklist
  • Add an API Key to blacklist:
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4
api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 added to blacklist
  • Add an username to blacklist:
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist username abc@example.com
username abc@example.com added to blacklist
    Note: You can also add username with space to blacklist. For example, "your name".
View blacklist - entire blacklist or based on the type of real time violation.
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist all
Manual Blacklist
1)  type : ip, value : 172.168.11.110
2)  type : token, value : cdE94R3osh283B7NoiJR41XHgt7gxroot
3)  type : username, value : blockeduser
4)  type : cookie, name : JSESSIONID, value : pZlhg5s3i8csImMoas7vh81vz
5)  type : api_key, name : x-api-key, value : d4d28833e2c24be0913f4267f3b91ce5
ABS Generated Blacklist
1)  type : token, value : fAtTzxFJZ2Zkr7HZ9KM17s7kY2Mu
2)  type : token, value : oFQOr11Gj8cCRv1k4849RZOPztPP
3)  type : token, value : Rz7vn5KoLUcAhruQZ4H5cE00s2mG
4)  type : token, value : gxbkGPNuFJw69Z5PF44PoRIfPugA
5)  type : username, value : user1
Realtime Decoy Blacklist
1)  type : ip, value : 172.16.40.15
2)  type : ip, value : 1.2.3.4

Blacklist based on decoy IP addresses 

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist decoy
Realtime Decoy Blacklist
1) type : ip, value : 4.4.4.4

Blacklist based on protocol violations 

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_protocol
Realtime Protocol Blacklist
1) type : token, value : token1.1
2) type : ip, value : 1.1.1.1
3) type : cookie, name : JSESSIONID, value : cookie_1.1

Blacklist based on method violations 

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_method
Realtime Method Blacklist
1) type : token, value : token1.3
2) type : ip, value : 3.3.3.3
3) type : cookie, name : JSESSIONID, value : cookie_1.3

Blacklist based on content-type violation 

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_content_type
Realtime Content-Type Blacklist
1) type : token, value : token1.2
2) type : ip, value : 2.2.2.2
3) type : cookie, name : JSESSIONID, value : cookie_1.2

ABS detected attacks 

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist abs_detected
No Blacklist

Delete an entry 

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist ip 1.1.1.1
ip 1.1.1.1 deleted from blacklist
./bin/cli.sh -u admin -p admin delete_blacklist cookie JSESSIONID avbry47wdfgd
cookie JSESSIONID avbry47wdfgd deleted from blacklist
./bin/cli.sh -u admin -p admin delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35
token 58fcb0cb97c54afbb88c07a4f2d73c35 deleted from blacklist
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4

Clear the blacklist 

./bin/cli.sh -u admin -p admin clear_blacklist
This will delete all blacklist Attacks, Are you sure (y/n) :y
Blacklist cleared
./bin/cli.sh -u admin -p admin clear_blacklist
This will delete all blacklist Attacks, Are you sure (y/n) :n
Action canceled

When clearing the blacklist, make sure that the real-time ASE detected attacks and ABS detected attacks are disabled. If not disabled, the blacklist gets populated again as both ASE and ABS are continuously detecting attacks.