Update an ASM Policy Template via REST-API - the reverse engineering way

I always want to automate as many tasks as possible. I have already a pipeline to import ASM policy templates. Today I had the demand to update this base policies. Simply overwriting the template wit...
Published Feb 17, 2026
Version 1.0
APM
devops
Distributed Cloud
security
Juergen_Mang's avatar
Juergen_Mang
Icon for MVP rankMVP
Feb 25, 2026

If you have 100 policies deployed from a template updating the template will only update new policies that are made from this template right?

I think so. I rarely configure policies manually. If you use the declarative way, the updated template is used as soon you freshly deploy your declaration.

I use the ASM policy templates only as a blank template, even more disabled and configured as the Blank template from F5. It is the best way for a declaration to start from scratch and not with some defaults from a template.

I never user Parent policies, they are crap in my opinion.

They are two solutions:

  1. Use a declaration
  2. Use a script to update your 100 policies

Both is easily possibly with my Axians Automation Framework ;)

A Restsh script could look like:

while read -r POLICY
do
    f5.asm.entity.add -t entity.urls-allowed.json -sVAR_ALLOWED_URL=/new-uri "$POLICY" urls
done < <(f5.asm.policy.list -rf ".items[].fullPath")

 

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Feb 26, 2026

Starting to become more and more interested in your  Axians Automation Framework :)

Yes parent policy is not good as it seems to only be able to push global signature or violation changes to the children but an iRule can do this as well 🙅