For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dominik_312933's avatar
Dominik_312933
Icon for Nimbostratus rankNimbostratus
Mar 13, 2018

ASM Signature Enforcement via iControl REST

Hi DevCentral community!   Is there any way in ASM to enforce signatures (in staging, but ready to be enforced) via iControl REST?   We are currently trying to automate signature updates and th...
ASM Advanced WAF
devops
iControlREST
security
Dominik_312933's avatar
Dominik_312933
Icon for Nimbostratus rankNimbostratus
Apr 19, 2018

Hi!

I found a solution for automating the signature enforcement for ASM policies.

The first step is to retrieve all ASM policies from the BIG-IP:

GET https://f5.intern/mgmt/tm/asm/policies/?$select=id,partition,name

{
    ...
    "items": [
        {
            "name": "POLICY1",
            "id": "12ABcd34-567eFgHi89",
            "partition": "PART1"
        },
        ...
    ]
}

In the next step you need to get all signatures, associated with a policy, which are put into staging mode:

GET https://f5.intern/mgmt/tm/asm/policies/12ABcd34_567eFgHi89/signatures/?$filter=performStaging eq true&$select=id,performStaging

{
    ...
    "items": [
        {
            ...
            "performStaging": true,
            "id": "1a2b3c4edefg128"
        },
        ...
    ]
}

The last step is to enforce the target signatures (e.g. every signature of a policy individually):

PATCH https://f5.intern/mgmt/tm/asm/policies/12ABcd34_567eFgHi89/signatures/1a2b3c4edefg128

Request Payload:

{
    "performStaging": false
}

The BIG-IP's response contains the staging status of the updated signature for verification:

{
    ...
    "id": "1a2b3c4edefg128"
    "performStaging": false
    ...
}

Result:

It is possible to enforce the signatures of an ASM policy in an automated fashion via the iControl REST ASM interface.