Forum Discussion

ChrisThuys's avatar
ChrisThuys
Icon for Altocumulus rankAltocumulus
Feb 13, 2023

AWAF Path Parameters with OPENAPI json file

Hi,  Iam securing a API with a JSON OPENAPI file  it mostly works fine however I have two positional parameters used in one url that seems to mask the following paths "/dqm/v1/projects/{customerId}/{...
advanced waf
asm
openapi
security
  • ChrisThuys's avatar
    ChrisThuys
    Feb 21, 2023

    The resolution to this issue is to use the WildCards Order TAB to set the order the URLS should be processed.

     

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Oct 04, 2023

By the way ChrisThuys / Chris_Thuys  I seem to found a workaround as for example if you create the policy from the start like the one below it will result in the following order but you need to create asm policy from the start with the correct order as if you modify the openapi/swagger file it may not change the order.

 

Outside of that I am trying to use positional parameters as to trigger wildcard url match and still figuring out if wildcard parameter names are supported by F5 AWAF/ASM when importing a swagger/openapi file. I do not know if you have tried this as well.

 

 

 

 

  "paths": {
      "/{path}": {
  "get": {
        "description": "Returns a user based on a single ID, if the user does not have access to the pet",
        "operationId": "findPetById",
        "produces": [
          "application/json",
          "application/xml",
          "text/xml",
          "text/html"
        ],
        "parameters": [
          {
            "name": "path",
            "in": "path",
            "description": "ID of pet to fetch",
            "required": true,
            "type": "string"
          }
        ],
        "responses": {
          "200": {
            "description": "pet response",
            "schema": {
              "$ref": "#/definitions/Pet"
            }
          },
          "default": {
            "description": "unexpected error",
            "schema": {
              "$ref": "#/definitions/ErrorModel"
            }
          }
        }
  }
    },
      "/{path1}/{path2}": {
  "get": {
        "description": "Returns a user based on a single ID, if the user does not have access to the pet",
        "operationId": "findPetById",
        "produces": [
          "application/json",
          "application/xml",
          "text/xml",
          "text/html"
        ],
        "parameters": [
          {
            "name": "path1",
            "in": "path",
            "description": "ID of pet to fetch",
            "required": true,
            "type": "string"
          },
  {
            "name": "path2",
            "in": "path",
            "description": "ID of pet to fetch",
            "required": true,
            "type": "string"
          }
        ],
        "responses": {
          "200": {
            "description": "pet response",
            "schema": {
              "$ref": "#/definitions/Pet"
            }
          },
          "default": {
            "description": "unexpected error",
            "schema": {
              "$ref": "#/definitions/ErrorModel"
            }
          }
        }
  }
    }
  },