Forum Discussion

jeromeb's avatar
jeromeb
Icon for Altostratus rankAltostratus
Apr 10, 2020
Solved

BIG-IP API - WAF suggestions - issue in selecting properties

Hello there,

I'm currently working on a Python application (web + API) retrieving policies and suggestions from F5 via F5's REST API.

I have a usecase in which I want to know, for one given suggestion, if it has at least one blocked request. I'm getting suggestion data using following API request :

https://f5-ip/mgmt/tm/asm/policies/policy-id/suggestions/suggestion-id

I'm selecting various properties with '$select' query parameter, and to get the info I want on blocked requests, I'm expanding 'requestReferences' property, and then select what I'm interested in, which leads to (simplified to reproduce the issue):

?$expand=requestReferences&
$select=requests/enforcementState/isBlocked,requests/enforcementState/isUnblocked

The problem I'm encountering is the F5 API is only retrieving 'isUnblocked' property, and not 'isBlocked' property. Doing more tests, it seems it's only retrieving the last property of the '$select' parameter. This only happens with "level 2" properties, I have no issue selecting other properties of the suggestion.

Doing some research on here, I found a F5 SDK exists for Python apps. I tested it and encounter the same issue (only last level 2 property is retrieved).

As a workaround to this problem, I discovered using wildcard * allows to retrieve all properties of 'enforcementState' object. But in my usecase, this results in overloading the result with data I won't be using.

Is this a limitation of the F5 API? Or am I just missing something in how I'm using the API?

Thanks a lot for your help!

F5 API version : 13.1.0

F5 SDK version tested : 3.0.21

  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Apr 14, 2020

    Hello Jerome,

    Yes, it looks you don't have requestStatus.

    Most probably we don't have it in version 13.1.0, while we have it in further versions.

    In such case you can use next request - /mgmt/tm/asm/policies/6224t7jz2UltQZsOfifTog/suggestions/cMuuspF_0p5Me-nAYZyWRg?$expand=requestReferences&$filter=requests/enforcementState/isBlocked eq true and requests/enforcementState/isUnblocked eq false. This request will give you 404 response in case of no blocked requests for suggestion and 200 response in case of blocked requests exist.

    As I understand, you don't need to use $select and you need to use $filter.

    Thanks, Ivan

9 Replies

  • Hello jeromed,

     

    If I understood you usecase correctly, you want to know, for one given suggestion, if it has at least one blocked request or not.

    May be it will be better to use next $filter in such case - ?$expand=requests&$filter=requests/requestStatus eq 'blocked'

     

    Thanks, Ivan

  • Hello Ivan,

    And thank you for your quick answer!

     

    Your understanding of my usecase is correct. I tried to test what you suggested, but it seems the property 'requestStatus' does not exist in requests properties. Close match could be 'acceptStatus' but I'm not sure it would have the same meaning.

    As you suggest to filter on this property, do you agree that I should be able to select (using $select) it also?

     

    Thanks,

    Jérôme

    • Ivan_Chernenkii's avatar
      Ivan_Chernenkii
      Icon for Employee rankEmployee

      Hello Jerome,

      it is very strange that you don’t see requestStatus for request. It should always exist.

      Could you post your Rest request and response here?

      As I understand $select is not needed and you can just use $filter.

      Thanks, Ivan

      • Ivan_Chernenkii's avatar
        Ivan_Chernenkii
        Icon for Employee rankEmployee

        Hello Jerome,

        Yes, it looks you don't have requestStatus.

        Most probably we don't have it in version 13.1.0, while we have it in further versions.

        In such case you can use next request - /mgmt/tm/asm/policies/6224t7jz2UltQZsOfifTog/suggestions/cMuuspF_0p5Me-nAYZyWRg?$expand=requestReferences&$filter=requests/enforcementState/isBlocked eq true and requests/enforcementState/isUnblocked eq false. This request will give you 404 response in case of no blocked requests for suggestion and 200 response in case of blocked requests exist.

        As I understand, you don't need to use $select and you need to use $filter.

        Thanks, Ivan

    • jeromeb's avatar
      jeromeb
      Icon for Altostratus rankAltostratus

      Hello Ivan,

      I've been able to get the information on blocked requests using a mix of all suggestions in our discussion (using $select with requests/enforcementState/*). Result is acceptable for now and not impacting too much performance.

      Thanks again for your help !

      Jérôme