IP reputation

The IP reputation policy information point (PIP) uses the IP reputation database to determine the reputation of the IP address of a request. Based on the IP address reputation, we can write a policy to grant or prohibit access to the requesting IP address. The IP reputation PIP is pre-configured with Advanced Access Control. The IP reputation policy information point (PIP) capability is not available when the appliance is running in a Docker environment. Possible IP reputations include the following classifications:

IP addresses that have reputations engage in certain activities that qualify them for reputations. The IP reputation database contains classification information about IP addresses. When the IP reputation PIP requests information, the database returns a score for each classification the IP address might have. The score ranges from 0 - 100. As the value increases, the likelihood the IP address has a reputation corresponding with that score increases.

The score for each classification is compared to a threshold score that we can configure. We can also use the default score of 50. The IP address has a reputation if the score that belongs to any number of classifications is greater than or equal to the threshold score. For example, if an IP address is suspected to be a spammer, the database may return a value of 95 for the spam classification. If this value is greater than or equal to the threshold score we choose to use, the IP reputation PIP returns a Spam classification for the requesting IP address.

We can write a policy to either grant access to or prohibit access from IP addresses with specified classifications. To use the IP reputation PIP, use the ipReputation attribute in a policy.

IP reputation can also be used to influence an access decision when the IP matcher is used.

Parent topic: Attribute matchers

Related tasks