F5 BIG-IP Creating Custom Whitelists for DoS Profile

How to apply an IP whitelist to a DoS Profile. 

This is F5 BIG-IP version 13.1.1.

If you are looking at this screen trying to figure out how to add your custom address list in place of the Default list for a DoS Profile, you are not alone!

F5 does give you the ability to add addresses on the right hand side, pictured below. You can also create an address list under Security > Network Firewall > Address List.

This is an excellent feature. Now we just need to actually add this newly created list in place of the default list. As far as I can tell there is no way to do this on the GUI, but you can do this from the CLI.

SSH into the F5

Command:

tmsh modify security dos profile dos whitelist test-list

After dos profile you will enter the name of your dos profile as well as the name of your whitelist in place of test-list. After running this command, to verify that this is working you can run the command: tmsh list security dos profile dos. Hit space until you are at the bottom of the profile.

You should be able to see your whitelist inside your DoS profile.

Please comment below if this helped you or if you have any further questions!

Hope this helped!

Leave a Reply

Your email address will not be published. Required fields are marked *