Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
F5 Employee
F5 Employee

This cookbook lists selected ready-to-use iControl REST curl commands for LTM policy related resources (the tmsh command xxx ltm policy). Each recipe consists of the curl command and it's tmsh equivallent.

See also

Get a list of policies

The iControl REST call returns both drafts and published policies: In the /Common partition, they are located under /Common/Drafts and /Common respectively. On the other hand, the tmsh equivalent command outputs only the ones under the current folder.

list ltm policy

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy

To get a specific published policy, just add its name to the URI.

list ltm policy <PublishedPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/<PublishedPolicy>

To get a specific draft policy, add the full path to the policy. Note that '~' (tilde) is used instead of '/' (slash) for the path delimiter.

list ltm policy Drafts/<TestPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>

The rules in a policy is stored in the subcollections, hence the above calls return only links to the rules. To get the contents of the rules, use the expandSubcollections=true query option.

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>?expandSubcollections=true

Get the rules of a policy

The following call will get all the rules in the draft policy.

list ltm policy Drafts/<TestPolicy> rules

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules?expandSubcollections=true

For obtaining the particular one, run this.

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule>?expandSubcollections=true

Create a draft policy

The following call creates a new draft policy with the 'first-match' strategy. Note that the path to the policy inside the post data uses '/'.

create ltm policy Drafts/<TestPolicy> strategy first-match

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy \
  -X POST -H "Content-type:application/json" \
  -d '{"name":"/Common/Drafts/<TestPolicy>", "strategy":"first-match"}'

To create (copy) a draft policy from the existing draft policy, run this. Note that the path to the existing draft policy (?options argument) uses '/'.

create ltm policy /Common/Drafts/<TestPolicy2> copy-from /Common/Drafts/<TestPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy?options=copy-from,/Common/Drafts/<TestPolicy> \
  -X POST -H "Content-type:application/json" \
  -d '{"name":"/Common/Drafts/<TestPolicy2>"}'

Adding a rule to the draft policy

modify ltm policy Drafts/<TestPolicy> rules add { <SampleRule> { description sat1 } }

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules \
  -X POST -H "Content-type:application/json" \
  -d '{"name":"<SampleRule>", "description":"sat1" }'

Modifying the rule

modify ltm policy Drafts/<TestPolicy> rules modify { <SampleRule> { description "Hello World"} }

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule> \
  -X PATCH -H "Content-type:application/json" \
  -d '{"description":"Hello World" }'

Deleting the rule from the draft policy

modify ltm policy Drafts/<TestPolicy> rules delete { <SampleRule> }

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule> -X DELETE

Deleging the draft policy

delete ltm policy Drafts/<TestPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy> -X DELETE

Publishing the draft policy

publish ltm policy Drafts/<TestPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy \
  -X POST -H "Content-type: application/json" \
  -d '{"command":"publish", "name":"Drafts/<TestPolicy>"}'

Creating the draft policy from a published policy

modify ltm policy <PublishedPolicy> create-draft

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/<PublishedPolicy>?options=create-draft \
  -X PATCH -H "Content-type: application/json" \
  -d '{}'

Modifying a virtual

To replace the policies attached to a virtual with a specific published policy, run this

modify ltm virtual <vs> policies replace-all-with { <PublishedPolicy> }

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>/policies \
  -H "Content-type: application/json" -X POST \
  -d '{"name":<PublishedPolicy>}'

To remove the policies from a virtual, run this

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs> \
  -H "Content-type: application/json" -X PATCH \
  -d '{"policiesReference":{ "items":[] } }'

How you do the same with transactions ? it doesn't work for me... Publishing seems to have problems....



It doesn't work for me the API for replace the policies attached to a virtual server,


curl -sku admin:default \

 -H "Content-type: application/json" -X POST \

 -d '{"name":policy_sorrypage}' | jq . -M


 "code": 400,

 "message": "Found invalid JSON body in the request.",

 "errorStack": [],

 "apiError": 1



where is the error?



Community Manager
Community Manager

, the policy_sorrypage should also be in quotes.


Thank you! I had solved in any case, if necessary I share you


Version history
Last update:
‎14-Feb-2019 05:00
Updated by: