For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tausif's avatar
Tausif
Icon for Nimbostratus rankNimbostratus
Sep 10, 2025

AS3 Storage

I declared 2 WAF polices using AS3, now I deleted one using the tmsh command. In the bigip.conf I can see only 1 WAF policy, but while I do a GET api call for that App, I am still getting 2 WAF policies. It is persistent on reboots. Where does F5 store the AS3 declaration? From where am I getting both the WAF policies (from where f5 is returning the original as3 declaration?)

in Rest api : https:///mgmt/shared/appsvcs/declare/Dummy/applications/SYNCGW_Common

        "wms_egls_asm_v174": {

            "class": "WAF_Policy",

            "file": "/var/tmp/v17/wms_egls_asm_file.xml",

            "ignoreChanges": true

        },

        "wms_egls_asm_v173": {

            "class": "WAF_Policy",

            "file": "/var/tmp/v17/wms_egls_asm_file.xml",

            "ignoreChanges": true

        }

In Bigip.conf:

asm policy /Dummy/SYNCGW_Common/wms_egls_asm_v174 {
    active
    encoding utf-8
}

AS3
waf

3 Replies

  • JoseLabra's avatar
    JoseLabra
    Icon for MVP rankMVP
    Sep 10, 2025

    When declaring WAF policies with AS3, the declaration is stored in a persistent REST database, not directly in the bigip.conf file. The bigip.conf file only displays the currently enabled configuration.

     

    You need modify/delete via AS3 directly.

     

    Cheers!

    • Tausif's avatar
      Tausif
      Icon for Nimbostratus rankNimbostratus
      Sep 11, 2025

      Thanks, Jose
      Can you please tell me if I can access that REST Database in my F5 System.

      • JoseLabra's avatar
        JoseLabra
        Icon for MVP rankMVP
        Sep 11, 2025

        Dont exist like a bigip.conf explicit, you need use used API REST and GET for modify of AS3 endpoint