Forum Discussion
spalande
Nacreous
NacreousAPI WAF policy
Does anyone have experience in setting up API security WAF policy successfully using open API swagger file? Do we have to import JSON schema files separately along with the swagger file or JSON sch...
spalandeNacreous
NacreousThere isn't any other differentiator, such as a URL query parameter or a different content-type header. URL path is the same for all payloads. API service is designed to handle multiple schemas within the body, which may or may not include all the fields across different schema files due to business requirements.
Does F5 support open API 3 and above? Also, do we have to import JSON schema files separately if we have an openAPI swagger file imported (open API swagger file had auto-populated JSON schema though)?
Nikoolayy1
MVP
MVPThere should be a differentiator as you mentioned "API has 4 JSON schema files for diff kinds of payloads" better check with your app team as this is domain knowledge for your environment that I can't know of.
The latest versions of BIG-IP support openapi 3 (there is no above at the moment as 3.x is the latest that I am aware of). I suggest using 16.1.x or 17.1.x the latest versions (for rSeries or Velos 17.1x is the way as 16.1. is not supported).
Also see:
---
The JSON schema is validated when uploaded and any violations are noted. You can use more than 1 JSON schema file but each file must be uploaded separately and the JSON Profile Properties updated after each upload.
When using more than 1 JSON schema file, upload the file with
include
links first. An error is generated but uploading the subsequent files resolves the broken links error.
After a JSON schema is uploaded and selected, the
Parse Parameters
setting is disabled because the policy stops using any configured policy parameters and begins using the JSON parameters.
--