Forum Discussion

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Oct 04, 2023

F5 AWAF/ASM support for wildcard url and parameter names with a swagger/openapi file

Hello to everyone,

 

I have a project where I am trying to make use of the F5 wildcard options for parameter names and url paths by importing a swagger/openapi file but I do not know if F5 have exposed those options like custom non RFC options when importing API definitions. In the future I may try this to import it in the F5 XC Distributed Cloud API protection feature but for now I am trying to make it work on normal BIG-IP AWAF/ASM.

 

By playing with pets store test api app swagger file I managed to do the code below for wildcard url by using postional parameters of type string but for wildcard parameter names I still am figuring out the options. 😅

 

Any ideas will be helpfull as this is a nice subject to think about.

 

{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "Swagger Petstore",
"description": "A sample API that uses a petstore as an example to demonstrate features in the swagger-2.0 specification",
"termsOfService": "http://swagger.io/terms/",
"contact": {
"name": "Swagger API Team"
},
"license": {
"name": "MIT"
}
},
"host": "petstore.swagger.io",
"basePath": "/",
"schemes": [
"http"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"paths": {
"/{path}": {
"get": {
"description": "Returns a user based on a single ID, if the user does not have access to the pet",
"operationId": "findPetById",
"produces": [
"application/json",
"application/xml",
"text/xml",
"text/html"
],
"parameters": [
{
"name": "path",
"in": "path",
"description": "wildcard path",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "pet response",
"schema": {
"$ref": "#/definitions/Pet"
}
},
"default": {
"description": "unexpected error",
"schema": {
"$ref": "#/definitions/ErrorModel"
}
}
}
}
}
}

 

Edit:

 

I found that "/{path=**}": {      triggers the url to be wildcard and not positional parameter and this is great but for wildcard parameter names still no luck. I also wonder if there is way to define global parameters (not url based) and to use any request method or any location for a parameter as for each POST , GET etc I need to add a column. This are not in the OpenAPI spec but maybe F5 have made some custom stuff and if someone knows anything it will be great!

 

I also found this https://github.com/OAI/OpenAPI-Specification/issues/2622 for free form parameters and tested it and as of now it seems the only solution for wildcard parameters names but maybe in F5 BIG-IP there is way to trigger the wildcard checkmark for parameter names with a Swagger or openapi, so still hoping that someone will know a way 🙂

devops
security

2 Replies

Sort By
Related Content