Enable Alarm and Block check on Access from Malicoous IP Address with iControl REST API

Hello 

 

Have you seen this article: Display and configure BIG-IP ASM security policy configuration using iControl Rest API (f5.com). 

I posted some excerpts below this should get you started. 

Locate the security policy element MD5 hash identifier

BIG-IP ASM security policy elements have a unique MD5 hash identifier. You must determine the MD5 hash identifier before you can make updates to the element using the iControl REST API. Include the hash value in the URI when you modify the policy elements. To determine the MD5 hash identifier, perform the following steps:

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

1. Log in to the command line of a system with the curl and jq utilities installed.
2. Use the following command syntax to determine the MD5 hash identifier for the policy element:

   curl -sku <username:password> https://<BIG-IP hostname or management IP address>/mgmt/tm/asm/policies/<policy MD5hash>/<policy element>?\$select=name,id | jq '.'

   For example, the following command returns two parameters, example and __VIEWSTATE, and related MD5 hash identifiers (id) for host BIGIP.example.com:

   curl -sku admin:admin https://BIGIP.example.com/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig/parameters?\$select=name,id | jq .

       {
         "kind": "tm:asm:policies:parameters:parameterstate",
         "selfLink": "https://localhost/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig/parameters/_RVuQ8606O0J3uVOk6a5og?ver=16.0.1",
         "name": "example",
         "id": "_RVuQ8606O0J3uVOk6a5og"
       },
       {
         "kind": "tm:asm:policies:parameters:parameterstate",
         "selfLink": "https://localhost/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig/parameters/UK1xSpsKgkiuR7B1N-qw4g?ver=16.0.1",
         "name": "__VIEWSTATE",
         "id": "UK1xSpsKgkiuR7B1N-qw4g"
       }

Modify existing security policy configuration elements using iControl Rest API

Impact of procedure: F5 recommends that you test any security policy changes in an appropriate environment.

1. Log in to the command line of a system with the curl and jq utilities installed.
2. Review the previous table and determine the URI syntax for the policy element.
3. Use the following command syntax to modify the security policy element you want:

   curl -sku <username:password> -X PATCH https://<BIG-IP hostname or management IP address>/mgmt/tm/asm/policies/<policy MD5hash>/<policy element>/<policy element MD5hash> -d '<configuration in JSON format>' | jq '.'

   For example, the following command updates the parameter named example with the MD5 hash identifier _RVuQ8606O0J3uVOk6a5og for host BIGIP.example.com:

   curl -sku admin:admin -X PATCH https://10.154.210.202/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig/parameters/_RVuQ8606O0J3uVOk6a5og -d '{"performStaging":false}' | jq '.'

4. If you are done making changes to the policy, you can apply the policy using the following syntax:

   curl -sku <username>:<password> https://<BIG-IP hostname or management IP address>/mgmt/tm/asm/tasks/apply-policy -d '{"policyReference": {"link": "https://localhost/mgmt/tm/asm/policies/<MD5hash>"}}' | jq '.'

   For example:

   curl -sku admin:admin https://BIGIP.example.com/mgmt/tm/asm/tasks/apply-policy -d '{"policyReference": {"link": "https://localhost/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig"}}' | jq '.'

5. Check the status of the apply-policy task using the following command:

   curl -sku <username:password> https://<BIG-IP hostname or management IP address>/mgmt/tm/asm/tasks/apply-policy | jq '.'

   For example:

   curl -sku admin:admin https://BIGIP.example.com/mgmt/tm/asm/tasks/apply-policy | jq '.'