Forum Discussion

Alex-Alderson's avatar
Alex-Alderson
Icon for Nimbostratus rankNimbostratus
Dec 11, 2024

F5 ASM API-Protection Policy

Hello F5 Community,

 

Apology if my question looks stupid since iam new to F5.

 

Recently our application starting a project which is communication between our clients and our application through API  and for me as f5 administrator its my rule to protect this API communication and as i looked up in the Application Security API template there is a section which ask for the swagger file and when i asked our application team their respond was (we have 3 API endpoints so we have 3 swagger files and not one) and right now iam looking forward to check whats the best design and to how handle this request or whats the best scenario to create and deploy this policy.

 

Is it one of below:

-Asking application team to merge these swagger files and provide it to me ?which they initially respond that they can not do that and this is risky.

-Creating 3 Application policy and attach it to the same virtual server (if possible)?

 

WE are using on-primes BIG-IP.

Please let me know of your thoughts and let me if you prefer additional solution over this.

Thanks.

 

Regards,

  • Hello,

    I recently encountered a similar scenario where one of our customers requested a Swagger file for a service but received over ten files. We consulted F5 support, and they clarified that uploading multiple files into a single ASM policy is not supported. They suggested submitting a "Feature Request" to potentially make this an option in future releases.

    One of the solutions we considered aligns with the one you already mentioned: merging the files. However, the team informed us that merging was not feasible.

    We then explored two alternative options:

    1. Using Wildcards for API URLs: We asked the team to provide wildcards for the API URLs. This approach would allow us to create multiple security policies using LTM policy assigned to the virtual server, with each policy corresponding to a specific Swagger file and its related URL.
    2. Combining Security Policies: Another option was to create multiple security policies using the Swagger files and then combine these policies using the ASM Differences tool available in the F5 ASM GUI.

    BR,

    Mohamed Salah

  • Hello Mohamed_Salah_ ,

     

    Many Thanks for your support and suggestion.

     

    Also i have another concern regarding this till now the ASM policy which attached to this virtual server is Comprehensive template . so shall i add another 3 ASM policy which will be totall 4 ASM policy ? correct me if iam wrong .

     

    This mean that for any new API i need to add an ASM policy which applied swagger file to it, Also what about the json scheme ? will it be learner automatically ? or i should add it manually?

     

    Also does i need to add the