Forum Discussion

Alex-Alderson's avatar
Alex-Alderson
Icon for Nimbostratus rankNimbostratus
Dec 11, 2024

F5 ASM API-Protection Policy

Hello F5 Community,   Apology if my question looks stupid since iam new to F5.   Recently our application starting a project which is communication between our clients and our application through...
api
asm
ASM API
ASM WAF
Mohamed_Salah_'s avatar
Mohamed_Salah_
Icon for MVP rankMVP
Dec 11, 2024

Hello,

I recently encountered a similar scenario where one of our customers requested a Swagger file for a service but received over ten files. We consulted F5 support, and they clarified that uploading multiple files into a single ASM policy is not supported. They suggested submitting a "Feature Request" to potentially make this an option in future releases.

One of the solutions we considered aligns with the one you already mentioned: merging the files. However, the team informed us that merging was not feasible.

We then explored two alternative options:

  1. Using Wildcards for API URLs: We asked the team to provide wildcards for the API URLs. This approach would allow us to create multiple security policies using LTM policy assigned to the virtual server, with each policy corresponding to a specific Swagger file and its related URL.
  2. Combining Security Policies: Another option was to create multiple security policies using the Swagger files and then combine these policies using the ASM Differences tool available in the F5 ASM GUI.

BR,

Mohamed Salah