ASM Policy from the CLI?

If the application isn't case sensitive, it would be good to use a simple rule to set the path in requests to lower case. This ensures that you only need to configure one version (in lowercase) of each object type/object. To set the path to lowercase, you can use the following rule:

when HTTP_REQUEST {
    Set path to lower case (ie, /PATH/To/File.Ext?Parameter1=VALUE1 would be changed to /path/to/file.ext?Parameter1=VALUE1)
   HTTP::path [string tolower [HTTP::path]]
}

What version are you running? If you're running 9.4.2+, you could try using iControl to add the objects (Click here). I haven't had a chance yet to test out the new iControl functionality for ASM. It's not too clear from the wiki pages whether you can modify/add or just view the policy components like objects types. But it looks like a possibility.

For 9.4.1 and earlier, I don't think there is a supported way of making policy modifications through the CLI. The data is stored in a MySQL database. It might be possible to write a MySQL command or script to do a bulk insert, but I don't think anyone at F5 would be happy knowing you've done it. You can access the MySQL database following the steps in SOL5973 (Click here) for < 9.4 or SOL6870 (Click here) for 9.4+. The object types are stored in PLC..PL_FILETYPES and the objects are in PLC..PL_OBJECTS. The process wouldn't be trivial. Make sure to take a backup UCS before trying anything.

Aaron

I am running 9.4.3, but I have never used icontrol before. Maybe some thing to play with in the future, but probabaly to much to learn to be of any help this time. And I sorta figured that my only hope was to write some custom script to dump it into mysql. Not sure I am really interested in trying that even on my test box. Guess I am stuck with the gui. Thanks for digging up the mysql locations etc.