Forum Discussion
MVPF5 AWAF/ASM support for wildcard url and parameter names with a swagger/openapi file
Hello to everyone,
I have a project where I am trying to make use of the F5 wildcard options for parameter names and url paths by importing a swagger/openapi file but I do not know if F5 have exposed those options like custom non RFC options when importing API definitions. In the future I may try this to import it in the F5 XC Distributed Cloud API protection feature but for now I am trying to make it work on normal BIG-IP AWAF/ASM.
By playing with pets store test api app swagger file I managed to do the code below for wildcard url by using postional parameters of type string but for wildcard parameter names I still am figuring out the options. π
Any ideas will be helpfull as this is a nice subject to think about.
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "Swagger Petstore",
"description": "A sample API that uses a petstore as an example to demonstrate features in the swagger-2.0 specification",
"termsOfService": "http://swagger.io/terms/",
"contact": {
"name": "Swagger API Team"
},
"license": {
"name": "MIT"
}
},
"host": "petstore.swagger.io",
"basePath": "/",
"schemes": [
"http"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"paths": {
"/{path}": {
"get": {
"description": "Returns a user based on a single ID, if the user does not have access to the pet",
"operationId": "findPetById",
"produces": [
"application/json",
"application/xml",
"text/xml",
"text/html"
],
"parameters": [
{
"name": "path",
"in": "path",
"description": "wildcard path",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "pet response",
"schema": {
"$ref": "#/definitions/Pet"
}
},
"default": {
"description": "unexpected error",
"schema": {
"$ref": "#/definitions/ErrorModel"
}
}
}
}
}
}
Edit:
I found that "/{path=**}": { triggers the url to be wildcard and not positional parameter and this is great but for wildcard parameter names still no luck. I also wonder if there is way to define global parameters (not url based) and to use any request method or any location for a parameter as for each POST , GET etc I need to add a column. This are not in the OpenAPI spec but maybe F5 have made some custom stuff and if someone knows anything it will be great!
I also found this https://github.com/OAI/OpenAPI-Specification/issues/2622 for free form parameters and tested it and as of now it seems the only solution for wildcard parameters names but maybe in F5 BIG-IP there is way to trigger the wildcard checkmark for parameter names with a Swagger or openapi, so still hoping that someone will know a way π
2 Replies
- Nikoolayy1
Thanks for the links but they seem not the thing I need at the moment.
I want to create wildcard parameter with importing a swagger/openapi file that will create the wildcard parameter not just creating it from the GUI/CLI or the F5 BIG-IP API as I am aware how to do this as I have many years for experience with AWAF/ASM and as of now I played a lot with Swagger/OpenAPI file imports in ASM/AWAF/XC π .
Also the last link that you provided is for XC Distributed Cloud for the WAAP API protection cloud service not F5 BIG-IP AWAF/ASM as the two products have swagger/openapi import that works in completely different ways.
The correct link is:
https://my.f5.com/manage/s/article/K07241201
If you decide, you can review the two features at the links below as they show feature on AWAF and XC:
https://www.youtube.com/watch?v=F-OwVLsCw-M
https://www.youtube.com/watch?v=fT6i_HDRt9Q
Outside of that I managed to create a parameter with location any from a swagger file , so only the wildcard parameter (except the possible complex workaround of using JSON profile for a parameter match that I mentioned that is a parameter type object in the Swagger file) or using request method "any" or no request method at all (In the F5 GUI you do not need to specify one) seems an issue at the moment.
"parameters": [
{
"name": "test",
"in": "any",
"description": "wildcard path",
"required": true,
"type": "string"
}
],
