api
74 TopicsREST API to download License JSON report?
Hi, I'm completely new to F5 Big-IQ, but have plenty of experience writing API integrations. I've been asked to pull data from an F5 Big IQ instance, specifically the data held in the License Reports section (License Management->Reports). I can manually perform this by selecting the report and clicking download... ...the browser then downloads a lump of JSON that I can view. Is this possible to perform via a REST API (so I can consume the JSON into a database)? Thanks10Views0likes0CommentsASM API v16 - get list of SignatureOverride
Hello, My client would like a scheduled report on all the signatures used as exceptions in the policy items (let's say in parameters and URL object). I've figured that the info can be retrieved through API : https:///mgmt/tm/asm/policies//parameters/ I could have this kind of output where parameter1 has 2 signatures overrides, and parameter2 doesn't have any { "maximumLength": 200, "stagedSinceDatetime": "2024-10-16T13:33:54Z", "hostNameRepresentation": "domain-name", "dataType": "uri", "createdBy": "GUI", "sensitiveParameter": false, "parameterLocation": "any", "valueType": "user-input", "kind": "tm:asm:policies:parameters:parameterstate", "selfLink": "https://localhost/mgmt/tm/asm/policies/gK_P0j6j8NT8wUz2pORRRQ/parameters/SZehdfNxQfRzSeE_d2V5eA?ver=16.1.5", "inClassification": false, "urlReference": { "link": "https://localhost/mgmt/tm/asm/policies/gK_P0j6j8NT8wUz2pORRRQ/urls/OXujEJOZ7V0nU7Mgu2-Bzg?ver=16.1.5", "protocol": "https", "name": "/random-uri/path/", "method": "*", "type": "explicit" }, "checkMinValueLength": false, "isCookie": false, "mandatory": false, "id": "SZehdfNxQfRzSeE_d2V5eA", "allowEmptyValue": false, "checkMaxValueLength": true, "name": "parameter1", "lastUpdateMicros": 1.729085634e+15, "isReferenced": false, "isHeader": false, "attackSignaturesCheck": true, "level": "url", "allowRepeatedParameterName": true, "signatureOverrides": [{ "signatureReference": { "link": "https://localhost/mgmt/tm/asm/signatures/gJ3lZomuuxyJqa2InBac1w?ver=16.1.5", "isUserDefined": false, "name": "Unix/Linux \"date\" execution attempt (Parameter)", "signatureId": 200003085 }, "enabled": false }, { "signatureReference": { "link": "https://localhost/mgmt/tm/asm/signatures/YqXJ-_VkhoSiQ49IuaFmUA?ver=16.1.5", "isUserDefined": false, "name": "Unix/Linux \"time\" execution attempt (Parameter)", "signatureId": 200003155 }, "enabled": false } ], "type": "explicit", "performStaging": false } { "isBase64": false, "maximumLength": 120, "stagedSinceDatetime": "2024-11-20T09:17:03Z", "dataType": "alpha-numeric", "createdBy": "GUI", "sensitiveParameter": false, "parameterLocation": "any", "valueType": "user-input", "kind": "tm:asm:policies:parameters:parameterstate", "selfLink": "https://localhost/mgmt/tm/asm/policies/gK_P0j6j8NT8wUz2pORRRQ/parameters/iKZNHNqAGGVo_-csIuNBwQ?ver=16.1.5", "inClassification": false, "checkMinValueLength": false, "isCookie": false, "mandatory": false, "metacharsOnParameterValueCheck": true, "id": "iKZNHNqAGGVo_-csIuNBwQ", "allowEmptyValue": false, "checkMaxValueLength": true, "valueMetacharOverrides": [], "name": "parameter2", "lastUpdateMicros": 1.732094223e+15, "isReferenced": false, "isHeader": false, "parameterEnumValues": [], "attackSignaturesCheck": true, "level": "global", "allowRepeatedParameterName": false, "signatureOverrides": [], "type": "explicit", "performStaging": true, "enableRegularExpression": false } I would like to filter the query and only have the parameters with a non-empty list of SignatureOverride. I learnt that F5 API is relying on OData and that we can borrow some of its functions. I also need to consider that SignatureOverride field is an array. I tried this: $filter=signatureOverrides/any(s: s ne null) => but the any function doesn't seem to be available and I also tried this: $filter=signatureOverrides/$count ne 0 => same, the count command is not available either how can I work with OData filter on the signatureOverrides field ?2Views0likes0CommentsRetrieve GTM pool member addresses (Bigrest)
A wide-IP has a pool of servers that are virtual-servers on an LTM. I would like to retrieve the pool member addresses of the virtual servers used in the wide-IP pool using the Bigrest Python library. wide-ip = site.com Pool Name = site_pool Pool Member A = site_a_vs (server = ltm_a) Pool Member B = site_b_vs (server = ltm_b) I can load the wide-IP which provides a poolReference. I can then load the pool, which provides a membersReference. The membersReference provides a serverReference (the LTM) and the vs name. From here, I can load all virtual servers on the server provided by the serverRefence, but unsure how to retrieve only the virtual servers that are relevant to the wide-IP. There is no virtualserver ID provided by the membersReference or ServerReference.32Views0likes0CommentsImport PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP
We have more than 160 BIG-IP Virtual Edition with version 15.1.10.3 build 0.0.12. We need to import, in each one, an SSL Certificate in PFX/PKCS 12 format in the path System ›› Certificate Management: Device Certificate Management: Device Certificate. We looked in the documentation and the KB but we couldn't find a way to do it. Has anyone dealt with this and have a solution to do it via Script, CLI or API? Thank you.117Views0likes1CommentError in REST https call to get the Auth token
Hi All, I am using F5 14.1.5.6 version of F5 and trying to get auth token from /mgmt/shared/authn/login But getting 401 error, please find the detailed error message. Can any one help me with this issue. [{"code":401,"message":"Unable to process request /tm/auth/source. Service is unavailable.","referer":"10.3.4.112","restOperationId":343185765,"kind":":resterrorresponse"}]Solved212Views0likes1Comment[APM] The F5 API returned the error BadRequest(400)
Hello Team , We use a tool for whitelisting the URL and IP's and push the configuration to F5 everyday . We have below error on the tool . Can we check anything on the F5 . I did not find any error message on the audit logs . Error : F5 synchronization batch reported an error while managing F5 : SendRequest: The F5 API returned the error BadRequest(400) received from the API: request failed with null exception119Views0likes1CommentF5 API Security on AWS WAF
Hello community, We have deployed multiple APIs on EKS and have exposed them using an application load balancer. I have added AWS WAF on top of the ALB. I am using XML payload in the API and for XML security, I have enabled F5 API Security managed rule for WAF. My question is: Does F5 managed rule for API Security on AWS WAF provides XML validation? If yes, what rule is that inside the managed rule set? Can we configure the F5 managed rule to check my XML payload based on regex? How can I configure it? Thanks in advance! Avinash150Views0likes1CommentNginx is only redirecting to port 8080
I have a .net 8 solution multiple APIs and I'm using docker and Nginx to host the application. please find below the full details: Dockerfile FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base WORKDIR /app EXPOSE 8080 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build ARG BUILD_CONFIGURATION=Release ... FROM build AS publish ARG BUILD_CONFIGURATION=Release RUN dotnet publish "xxx.Api/xxx.Api.csproj" -c Release -o /app/publish /p:UseAppHost=false FROM base AS final WORKDIR /app COPY --from=publish /app/publish . ENTRYPOINT ["dotnet", "xxx.Api.dll"] launchsettings.json "Docker": { "commandName": "Docker", "launchBrowser": true, "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}/swagger", "publishAllPorts": true, "useSSL": true, "sslPort": 4430, "httpPort": 8080 } nginx.conf worker_processes auto; events { worker_connections 1024; } http{ server { listen 80; server_name domain; port_in_redirect off; location /api1 { rewrite /api1(.*) $1 break; proxy_pass http://api1:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } location /api2 { rewrite /api2(.*) $1 break; proxy_pass http://api2:8081; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } docker-compose version: '3.4' services: nginx: image: nginx ports: - 80:80 volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro depends_on: - api1 - api2 api1: image: ${DOCKER_REGISTRY-}api1:latest container_name: api1 build: context: . dockerfile: api1.Api/Dockerfile ports: - "8080:8080" api2: image: ${DOCKER_REGISTRY-}api2:latest container_name: api2 build: context: . dockerfile: api2.API/Dockerfile ports: - "8081:8081" API1 that uses port 8080 loads normally but API2 that uses 8081 get error 502 gateway error. If I switch the port on those same projects than API2 loads normally and API1 stops loading. I've been trying all kinds of stuff over last 2 days and nothing seems to work. Those same projects with the same configuration were working perfectly when I was using .net 6 with the same nginx version, but when I upgraded the project to .net 8 it broke. I need your help and suggestions. Anything will be helpfull.603Views0likes2CommentsModifying multiple entries in a datagroup via api?
We have a datagroup with entries like this: domain1.com := virtual /Common/www.domain1.com_vs_443 domain2.com := virtual /Common/www.domain2.com_vs_443 domain3.com := virtual /Common/www.domain3.com_vs_443 And so forth. This datagroup gets used by an iRule for re-routing traffic based on SNI. I need to be able to make an HTTP call to the F5 to remap these to put up a mainteance page. So in other words I want to modify the above to: domain1.com := virtual /Common/maintenance.domain1.com_vs_443 domain2.com := virtual /Common/maintenance.domain2.com_vs_443 domain3.com := virtual /Common/maintenance.domain3.com_vs_443 I figured out that I can make a curl request as such to delete entries from the datagroup: curl -ku "admin:superS3cret" -X PATCH -H 'Content-type: application/json' -d '{ "name":"dummy" }' https://lb1.internal.local/mgmt/tm/ltm/data-group/internal/dummy?options=records%20delete%20%7B%20www.domain1.com,www.domain2.com,www.domain3.com%20%7D |jq . And via this articlehttps://community.f5.com/t5/technical-forum/add-new-key-into-data-group-without-updating-entire-list-using/td-p/272699I was able to determine we could add a key using this: curl -ku "admin:superS3cret" -X PATCH -H 'Content-type: application/json' -d '{ "name":"dummy" }' 'https://lb1.internal.local/mgmt/tm/ltm/data-group/internal/dummy?options=records%20add%20%7b%20www.domain1.com%20%7b%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain1.com_vs_443%22%20%7d%20%7d' |jq . However then I have to have one HTTP Request per domain. If I need to repoint 20 sites for example I have to make 20 different requests instead of one request with all domains. Is there a way to add multiple records at once? I tried something like this: curl -ku "admin:superS3cret" -X PATCH -H 'Content-type: application/json' -d '{ "name":"dummy" }' 'https://lb1.internal.local/mgmt/tm/ltm/data-group/internal/dummy?options%3Drecords%20add%20%7B%20www.domain1.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain1.com_vs_443%22%20%7D%20domain1.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain1.com_vs_443%22%20%7D%20www.domain2.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain2.com_vs_443%22%20%7D%20www.domain3.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain3.com_vs_443%22%20%7D%20www.domain4.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain4.com_vs_443%22%20%7D%7D' |jq . Here's the URL HTML decoded (so its easier to read): https://lb1.internal.local/mgmt/tm/ltm/data-group/internal/dummy?options=records add { www.domain1.com { data "virtual /Common/maintenance.domain1.com_vs_443" } domain1.com { data "virtual /Common/maintenance.domain1.com_vs_443" } www.domain2.com { data "virtual /Common/maintenance.domain2.com_vs_443" } www.domain3.com { data "virtual /Common/maintenance.domain3.com_vs_443" } www.domain4.com { data "virtual /Common/maintenance.domain4.com_vs_443" }} However I get this error: { "code": 400, "message": "one or more properties must be specified", "errorStack": [], "apiError": 26214401 } I haven't been able to figure out if adding multiple records isn't supported or if I have the syntax wrong and frankly the documentation here:https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_ltm_data-group_internal.htmland here:https://clouddocs.f5.com/cli/tmsh-reference/v14/modules/ltm/ltm_data-group_internal.htmlisn't super clear. Frankly the fact that patch doesn't just modify entries sent seems like a bug to me and using ?options record add seems like a hack. Alternatively is there some way to run a modify instead of running delete and then add? That would be even more efficient (less HTTP calls) and less opportunity for a call to fail. I know I can just get all records, modify them and then post all records back. The trouble with that approach is that then I'm touching records I really don't want to touch and having to do some sort of regex replace. This seems like it could have the potential to accidentally modify records I don't want to modify if my regex isn't very explicit. I would prefer a more targeted approach which only modifies the records that need modifying and that touches nothing else. ThanksSolved854Views0likes9Comments