iControl REST API: models + specifications?
Hi. In these docs we can find the endpoints and options for the REST API. https://clouddocs.f5.com/api/icontrol-rest/ We don't find the models/specifications that these endpoints return. Eg. we can query for the list of pools. The answer contains the property 'loadBalancingMode'. https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_ltm_pool.html But where can we find the documented, complete list of values that this property can contain? From the GUI we can assume the values would be similar to Round Robin, Ratio (member), Least Connections (member), ... But where are all possible values of all properties of all the models defined and documented?
ASM Export JSON - size Limit ?
Hello, I'm trying to export an ASM Policy in json format through API I'm using theses Steps: - Start the export: https://{hostname}/mgmt/tm/asm/tasks/export-policy { "format": "json", "filename": "exported_file.json", "minimal": true, "policyReference": { "link": "https://localhost/mgmt/tm/asm/policies/{policyID}" } } - Waiting for the export to end - Download The export https://{hostname}//mgmt/tm/asm/file-transfer/downloads/exported_file.json The downloaded file is imcomplete, truncated and not usable if I try to import it Not sure if it the cause but the size of the file is 1Mo While if I export it manually through GUI it's 1,3Mo sized Also I've already modified the max_json_policy_size to 5Mo in the Security ›› Options : Application Security : Advanced Configuration : System Variables Because I had issues when importing the same policie. Is there some kind of limit for export ?
Retrieve GTM pool member addresses (Bigrest)
A wide-IP has a pool of servers that are virtual-servers on an LTM. I would like to retrieve the pool member addresses of the virtual servers used in the wide-IP pool using the Bigrest Python library. wide-ip = site.com Pool Name = site_pool Pool Member A = site_a_vs (server = ltm_a) Pool Member B = site_b_vs (server = ltm_b) I can load the wide-IP which provides a poolReference. I can then load the pool, which provides a membersReference. The membersReference provides a serverReference (the LTM) and the vs name. From here, I can load all virtual servers on the server provided by the serverRefence, but unsure how to retrieve only the virtual servers that are relevant to the wide-IP. There is no virtualserver ID provided by the membersReference or ServerReference.
F5 ASM API-Protection Policy
Hello F5 Community, Apology if my question looks stupid since iam new to F5. Recently our application starting a project which is communication between our clients and our application through API and for me as f5 administrator its my rule to protect this API communication and as i looked up in the Application Security API template there is a section which ask for the swagger file and when i asked our application team their respond was (we have 3 API endpoints so we have 3 swagger files and not one) and right now iam looking forward to check whats the best design and to how handle this request or whats the best scenario to create and deploy this policy. Is it one of below: -Asking application team to merge these swagger files and provide it to me ?which they initially respond that they can not do that and this is risky. -Creating 3 Application policy and attach it to the same virtual server (if possible)? WE are using on-primes BIG-IP. Please let me know of your thoughts and let me if you prefer additional solution over this. Thanks. Regards,
Onboarding API to web protection policy
Dear F5ers, I hope you all doing well. Please accept my apology for my question if it does look stupid since Iam new to the F5 area. Kindly note that i took the administration role on F5 appliance which was managed by a partner for a long time and the below is my questions. There is a Security Policy which is used for protecting a web app which will be destination for the mobile application such as below. Mobile App--->F5 Virtual Server which has an ASM policy on it (Policy Template is comprehensive). please note that the policy status as below now, also please note that we have two virtual servers with two different policy one for testbed environment and the other one for production environment. Enforcement Mode: Blocking Policy Building Learning Mode: Automatic Auto-Apply Policy: Realtime And the product team try to onboard some new services which will use a new API with different scheme and i want to know what is the best practice to do in this situation since the product team will do testing all time. shall i remove the blocking mode in testbed environment and leave the policy learning on automatic or move it to manual? Shall i ask them to provide the json scheme ? what shall i do after that after creating the json profile? will the json scheme will be learned automatically or no its something that need to be add manually? in which situation the f5 administrator need to add the new json profile with new json scheme ? shall i need to ask for swagger files or i don't need to do so ?also where to apply it? does the comprehensive security template work as the api protection also ?if no how we can achieve this? is it possible to have 2 separate ASM policy attached to one virtual server? I need your kind assistance to provide detailed answer as per your expertise so i can know what are the best excises to do that. Thanks for your support. Regards,
REST API to download License JSON report?
Hi, I'm completely new to F5 Big-IQ, but have plenty of experience writing API integrations. I've been asked to pull data from an F5 Big IQ instance, specifically the data held in the License Reports section (License Management->Reports). I can manually perform this by selecting the report and clicking download... ...the browser then downloads a lump of JSON that I can view. Is this possible to perform via a REST API (so I can consume the JSON into a database)? ThanksASM API v16 - get list of SignatureOverride
Hello, My client would like a scheduled report on all the signatures used as exceptions in the policy items (let's say in parameters and URL object). I've figured that the info can be retrieved through API : https:///mgmt/tm/asm/policies//parameters/ I could have this kind of output where parameter1 has 2 signatures overrides, and parameter2 doesn't have any { "maximumLength": 200, "stagedSinceDatetime": "2024-10-16T13:33:54Z", "hostNameRepresentation": "domain-name", "dataType": "uri", "createdBy": "GUI", "sensitiveParameter": false, "parameterLocation": "any", "valueType": "user-input", "kind": "tm:asm:policies:parameters:parameterstate", "selfLink": "https://localhost/mgmt/tm/asm/policies/gK_P0j6j8NT8wUz2pORRRQ/parameters/SZehdfNxQfRzSeE_d2V5eA?ver=16.1.5", "inClassification": false, "urlReference": { "link": "https://localhost/mgmt/tm/asm/policies/gK_P0j6j8NT8wUz2pORRRQ/urls/OXujEJOZ7V0nU7Mgu2-Bzg?ver=16.1.5", "protocol": "https", "name": "/random-uri/path/", "method": "*", "type": "explicit" }, "checkMinValueLength": false, "isCookie": false, "mandatory": false, "id": "SZehdfNxQfRzSeE_d2V5eA", "allowEmptyValue": false, "checkMaxValueLength": true, "name": "parameter1", "lastUpdateMicros": 1.729085634e+15, "isReferenced": false, "isHeader": false, "attackSignaturesCheck": true, "level": "url", "allowRepeatedParameterName": true, "signatureOverrides": [{ "signatureReference": { "link": "https://localhost/mgmt/tm/asm/signatures/gJ3lZomuuxyJqa2InBac1w?ver=16.1.5", "isUserDefined": false, "name": "Unix/Linux \"date\" execution attempt (Parameter)", "signatureId": 200003085 }, "enabled": false }, { "signatureReference": { "link": "https://localhost/mgmt/tm/asm/signatures/YqXJ-_VkhoSiQ49IuaFmUA?ver=16.1.5", "isUserDefined": false, "name": "Unix/Linux \"time\" execution attempt (Parameter)", "signatureId": 200003155 }, "enabled": false } ], "type": "explicit", "performStaging": false } { "isBase64": false, "maximumLength": 120, "stagedSinceDatetime": "2024-11-20T09:17:03Z", "dataType": "alpha-numeric", "createdBy": "GUI", "sensitiveParameter": false, "parameterLocation": "any", "valueType": "user-input", "kind": "tm:asm:policies:parameters:parameterstate", "selfLink": "https://localhost/mgmt/tm/asm/policies/gK_P0j6j8NT8wUz2pORRRQ/parameters/iKZNHNqAGGVo_-csIuNBwQ?ver=16.1.5", "inClassification": false, "checkMinValueLength": false, "isCookie": false, "mandatory": false, "metacharsOnParameterValueCheck": true, "id": "iKZNHNqAGGVo_-csIuNBwQ", "allowEmptyValue": false, "checkMaxValueLength": true, "valueMetacharOverrides": [], "name": "parameter2", "lastUpdateMicros": 1.732094223e+15, "isReferenced": false, "isHeader": false, "parameterEnumValues": [], "attackSignaturesCheck": true, "level": "global", "allowRepeatedParameterName": false, "signatureOverrides": [], "type": "explicit", "performStaging": true, "enableRegularExpression": false } I would like to filter the query and only have the parameters with a non-empty list of SignatureOverride. I learnt that F5 API is relying on OData and that we can borrow some of its functions. I also need to consider that SignatureOverride field is an array. I tried this: $filter=signatureOverrides/any(s: s ne null) => but the any function doesn't seem to be available and I also tried this: $filter=signatureOverrides/$count ne 0 => same, the count command is not available either how can I work with OData filter on the signatureOverrides field ?
