Forum Discussion
Deploy BIG-IP ASM for API Application
- Sep 27, 2023
Hello,
The swagger file will contains all information related to the service, so you can just start checking the event logs for any violations matching with the application, and then tune the policy accodingly.
If you copied the policy, it will copy all its entities only if you have applied all changes on the old policy. But the learning suggestions will not be copied.
So you can go with the test enviornment first and create it in the learning mode, and when everythign is stable, you can import the same policy in the production enviornment, and start monitoring the policy.
Thanks,
Mohamed Salah
Hello,
For API security, it is usually recommended to import the swagger file. you can check the below link. The swagger is received from the application owners.
swagger file: allows you to describe the structure of your APIs so that machines can read them. https://swagger.io/docs/specification/2-0/what-is-swagger/
F5 DevCentral link:
Also, it is better to create it in a test environment first, and then copy the same policy to the production environment and keep monitoring the event logs for any false positives, then, you can start enforcing the the policy entities and change the mode to blocking.
Thanks,
Mohamed Salah
- IredaSep 26, 2023Cirrostratus
Thanks for reply,
There are any different in deployment from normal Web application after I upload the swagger file.
Also, how can I monitor the API application at L7? it is the web application or different.Also, If I copied the testbed policy to the production environment, it will be copied with learning parameters, URLs, ...etc or I need to make the same policy for production under monitoring in transparent mode.
- Sep 27, 2023
Hello,
The swagger file will contains all information related to the service, so you can just start checking the event logs for any violations matching with the application, and then tune the policy accodingly.
If you copied the policy, it will copy all its entities only if you have applied all changes on the old policy. But the learning suggestions will not be copied.
So you can go with the test enviornment first and create it in the learning mode, and when everythign is stable, you can import the same policy in the production enviornment, and start monitoring the policy.
Thanks,
Mohamed Salah
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com