asm policy
1 TopicMethods to attach ASM policy to virtual server via REST API requests
Two method to attach the ASM policy to a virtual. First method: Start with the policy and list the virtual names under one of its properties. This allows more than one virtual name to be listed and therefore applies the policy to all of them. This method is intuitive and easy to follow. You have to first locate the policy hash ID and then reference it by this ID as you post the names of the virtuals. Second Method (Alternate): Start with the virtual and assign to iy a "websecurity" profile and an LTM Layer 7 policy (pointing tothe ASM policy). This method is less intuitive but safer to use in some cases. Use this method to add a policy to a virtual server without affecting any other virtual that may be using the same policy. First Method: Request PATCH https://{{big_ip_a_mgmt}}/mgmt/tm/asm/policies/{{asm_policy_hash}} Headers Content-Type: application/json X-F5-Auth-Token: {{big_ip_a_auth_token}} Body { "virtualServers":["/Common/hackazon_vs"] } Get more information here: Lab 3.4: Apply ASM Policy to VS — F5 Programmability Training documentation If not careful, aproblem with this procedure appears when more than one virtual uses the same policy. You must post the list of virtual names in the body of the PATCH request. If any of the virtuals already listed under the policy is not resubmitted, the policy would be be dropped from to the virtual. Alternate Method: This alternate method applies the policy to one vritual server at a time. Step 1: Create the policy in LTM L7 policy (in draft mode) which activates the ASM policy for all traffic. POST /mgmt/tm/ltm/policy Body: { "name": "<name_for_LTM_L7_policy>", "partition": "/Common/Drafts/", "controls": [ "asm" ], "requires": [ "http" ], "status": "legacy", "strategy": "/Common/first-match", "rules" : [ { "name": "default", "fullPath": "default", "ordinal": 1, "actions" : [ { "name": "1", "fullPath": "1", "asm": true, "code": 0, "enable": true, "expirySecs": 0, "length": 0, "offset": 0, "policy": "<name_for_ASM_policy>", "port": 0, "request": true, "status": 0, "timeout": 0, "vlanId": 0 }]}] } Step 2: Publish the LTM policy created. POST /mgmt/tm/ltm/policy Body: {command: "publish", name: "/Common/Drafts/<name_for_LTM_L7_policy>"} Step 3: Add the default "websecurity" profile to the virtual server. POST /mgmt/tm/ltm/virtual/~Common~<virtual_server_name>/profiles Body: { "context": "all", "name": "websecurity" } Step 4:Add the LTM L7 policy to the virtual server. POST /mgmt/tm/ltm/virtual/~Common~<virtual_server_name>/policies Body: { "name": "<name_for_LTM_L7_policy>" } Note: you do not directly add the ASM policy to the virtual, you add the LTM policy which references the ASM policy.1.4KViews2likes0Comments