Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

AWAF Path Parameters with OPENAPI json file

Go to solution
ChrisThuys
Altocumulus
Altocumulus

‎12-Feb-2023 23:28 - edited ‎12-Feb-2023 23:51

Hi,  Iam securing a API with a JSON OPENAPI file  it mostly works fine however I have two positional parameters used in one url that seems to mask the following paths "/dqm/v1/projects/{customerId}/{pageNumber}  & /dqm/v1/projects/projectDetails/{workRequestId}" The result is illegal parameter length violations on a url that is actually valid. the two paths have different operationId headers associated with them Does the WAF use the operationId to match the Path? It appears not as if I delete the operation Id from the api file then the policy matches the correct URL.

Any assistance in ubderstanding what is happening and why is appreaciated.

Allowed URL's

ChrisThuys_0-1676273177418.png

 

extract from JSON openAPI file

/dqm/v1/projects/{customerId}/{pageNumber}:
get:
tags:
- customer-projects-controller
operationId: getCustomerProjectsForIdperPage
parameters:
- name: customerId
in: path
required: true
schema:
type: string
- name: pageNumber
in: path
required: true
schema:
type: string
responses:
'200':
description: OK
content:
'*/*':
schema:
$ref: '#/components/schemas/CustomerProjectsResponse'
/dqm/v1/projects/projectDetails/{workRequestId}:
get:
tags:
- customer-projects-controller
operationId: getProjectDetailswithID
parameters:
- name: workRequestId
in: path
required: true
schema:
type: string
responses:
'200':
description: OK
content:
'*/*':
schema:
$ref: '#/components/schemas/ProjectDetailsResponse'

Labels:
1 ACCEPTED SOLUTION

Go to solution
ChrisThuys
Altocumulus
Altocumulus

‎20-Feb-2023 16:59

The resolution to this issue is to use the WildCards Order TAB to set the order the URLS should be processed.

ChrisThuys_0-1676941087063.png

 

View solution in original post

4 REPLIES 4

Go to solution
Nikoolayy1
MVP
MVP

‎14-Feb-2023 02:34 - edited ‎14-Feb-2023 02:46

Good question! Never needed to do positional parameters, so I am also wondering.

 

Have you tried making manual policy with positional parameters and then to export it in JSON to see how it looks and if you can then use this in the OPENAPI/SWAGGER file as to see if it is supported (as a note your file is YAML not Json but that is just the look)  https://support.f5.com/csp/article/K52644614

 

F5 XC/distributed cloud has SWAGGER/OPENAPI discovery but that can't be done with on-prem appliance 😯

 

https://community.f5.com/t5/technical-articles/api-discovery-and-auto-generation-of-swagger-schema/t...

0 Kudos

Go to solution
ChrisThuys
Altocumulus
Altocumulus

‎20-Feb-2023 16:59

The resolution to this issue is to use the WildCards Order TAB to set the order the URLS should be processed.

ChrisThuys_0-1676941087063.png

 

Go to solution
Nikoolayy1
MVP
MVP
In response to ChrisThuys

‎20-Feb-2023 22:05 - edited ‎20-Feb-2023 22:06

Now I see what you mean and I even saw an article when you mentioned that the wildcard url order was the issue.

K13220614: The BIG-IP ASM system may not enforce wildcard URLs that are created without the wildcard order specified

https://support.f5.com/csp/article/K13220614

 

0 Kudos

Go to solution
Chris_Thuys
Altocumulus
Altocumulus
In response to Nikoolayy1

‎22-Feb-2023 19:05

Sometimes it's all about the keywords you search on. Mine were all wrong. I was focused on the jSON  file rather than the Wildcard URL's.

0 Kudos
Copyright © 2023 Khoros, LLC