Forum Discussion

Rasman_75397's avatar
Rasman_75397
Icon for Nimbostratus rankNimbostratus
May 25, 2016

Get rid of log requests from geo IP blocking

Our ASM log gets flooded with requests blocked from Geo IP blocking filter. This makes it hard to find important log events. I have not found any way to get rid of these alerts:

 

 

In the blocking settings:

 

 

We are now on version 12 hf2 but it has been the same since version 11.6. These alerts are also sent to remote log even though it's set to not alarm. Please advice.

 

  • Hello Rasman,

     

    i did not found a native way to do that. But you could in your case use session awareness to do delay blocking. I'm not 100% sure but i think when you block at ip level there will be no more logs on subsequent violations.

     

    • go in sessions & logins/activate session tracking with no login page
    • move to delay blocking tab and select a IP address treshold
    • then select only access from disallowed geolocation.