Valid ASE operations for IP addresses, Cookies, OAuth2 Tokens, Username, and API Keys on a black list include:

  • Add an entry
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1
    ip 1.1.1.1 added to blacklist
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist cookie JSESSIONID ad233edqsd1d23redwefew 
    cookie JSESSIONID ad233edqsd1d23redwefew added to blacklist
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist token ad233edqsd1d23redwefew
    token ad233edqsd1d23redwefew added to blacklist
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4
    api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 added to blacklist
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist username user1
    username user1 added to blacklist
  • View blacklist - entire Black list or based on the type of real time violation.
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist all
    Manual Blacklist
    1) type : ip, value : 10.10.10.10
    2) type : cookie, name : JSESSIONID, value : cookie_1.4
    3) type : token, value : token1.4
    4) type : api_key, name : X-API-KEY, value : key_1.4
    Realtime Decoy Blacklist
    1) type : ip, value : 4.4.4.4
    Realtime Protocol Blacklist
    1) type : token, value : token1.1
    2) type : ip, value : 1.1.1.1
    3) type : cookie, name : JSESSIONID, value : cookie_1.1
    Realtime Method Blacklist
    1) type : token, value : token1.3
    2) type : ip, value : 3.3.3.3
    3) type : cookie, name : JSESSIONID, value : cookie_1.3
    Realtime Content-Type Blacklist
    1) type : token, value : token1.2
    2) type : ip, value : 2.2.2.2
    3) type : cookie, name : JSESSIONID, value : cookie_1.2
  • Blacklist based on decoy IP addresses
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist decoy
    Realtime Decoy Blacklist
    1) type : ip, value : 4.4.4.4
  • Blacklist based on protocol violations
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_protocol
    Realtime Protocol Blacklist
    1) type : token, value : token1.1
    2) type : ip, value : 1.1.1.1
    3) type : cookie, name : JSESSIONID, value : cookie_1.1
  • Blacklist based on method violations
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_method
    Realtime Method Blacklist
    1) type : token, value : token1.3
    2) type : ip, value : 3.3.3.3
    3) type : cookie, name : JSESSIONID, value : cookie_1.3
  • Blacklist based on content-type violation
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_content_type
    Realtime Content-Type Blacklist
    1) type : token, value : token1.2
    2) type : ip, value : 2.2.2.2
    3) type : cookie, name : JSESSIONID, value : cookie_1.2
  • Automated blacklist (ABS detected attacks)
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist abs_detected
    No Blacklist
  • Delete an entry
    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist ip 1.1.1.1
    ip 1.1.1.1 deleted from blacklist
    ./bin/cli.sh -u admin -p admin delete_blacklist cookie JSESSIONID avbry47wdfgd
    cookie JSESSIONID avbry47wdfgd deleted from blacklist
    ./bin/cli.sh -u admin -p admin delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35
    token 58fcb0cb97c54afbb88c07a4f2d73c35 deleted from blacklist
  • Clearing the blacklist
    ./bin/cli.sh -u admin -p admin clear_blacklist
    This will delete all blacklist Attacks, Are you sure (y/n) :y
    Blacklist cleared
    ./bin/cli.sh -u admin -p admin clear_blacklist
    This will delete all blacklist Attacks, Are you sure (y/n) :n
    Action canceled

When clearing the Blacklist, make sure that real-time ASE detected attacks and ABS detected attacks are disabled. If not disabled, the blacklist gets populated again as both ASE and ABS are continuously detecting attacks.