For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Abhisar's avatar
Abhisar
Icon for Nimbostratus rankNimbostratus
Jun 22, 2020
Solved

WAF - URL advance option - header based content profiles

Dear All,

 

We have WAF Policy with 600 + URLs with header based content profile - default action set to - apply value and content Signatures.

 

I want to change that default action to Form Data. So is there is fastest way to do that?

 

Please advise.

 

Thank You,

Abhisar

  • personally i would look into exporting the policy, looking at the code in the xml file and see if you can do a find and replace on that. if that isnt possible a script to make the change might be an option.

4 Replies

  • personally i would look into exporting the policy, looking at the code in the xml file and see if you can do a find and replace on that. if that isnt possible a script to make the change might be an option.

  • Hello Abhisar,

     

    What version of BIG-IP do you have?

     

    Starting version 13.0.0 you can update all needed URLs in ASM policy via sending next RESTAPI request to https://mgmt_ip/mgmt/tm/asm/policies/policy_id/urls?appendnested=1:

    PATCH /mgmt/tm/asm/policies/policy_id/urls?appendnested=1 HTTP/1.1

    Host: mgmt_ip

    Content-Type: application/json

     

    {

      "urlContentProfiles": [

        {

          "headerValue": "*",

          "headerName": "*",

          "headerOrder": "default",

          "type": "form-data"

        }

      ]

    }

     

    Pay attention that appendnested=1 QS parameter is needed in this case, because without it all other (not default) header based content profiles will be deleted.

    Also, you can use additional $filter= QS parameter to filter out all needed URLs

     

    Thanks, Ivan

  • Thank you Ivan, I would love to try this.

    For time beging I exported the policy and changed config and imported again.