Applies To:
Show VersionsBIG-IP ASM
- 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0
Enforcing Application Use at Specific Geolocations
Overview: Enforcing application use in certain geolocations
Geolocation software can identify the geographic location of a client or web application user. Geolocation refers either to the process of assessing the location, or to the actual assessed location.
For applications protected by Application Security Manager™, you can use geolocation enforcement to restrict or allow application use in specific countries. You adjust the lists of which countries or locations are allowed or disallowed in a security policy. If an application user tries to access the web application from a location that is not allowed, the Access from disallowed GeoLocation violation occurs. By default, all locations are allowed, and the violation learn, alarm, and block flags are enabled.
Requests from certain locations, such as RFC-1918 addresses or unassigned global addresses, do not include a valid country code. The geolocation is shown as N/A in both the request, and the list of geolocations. You have the option to disallow N/A requests whose country of origination is unknown.
Enforcing application use in certain geolocations
Setting up geolocation enforcement from a request
If a user in a disallowed location attempts to access the web application, the security policy (if in blocking mode) blocks the user and displays the violation Access from disallowed Geolocation.