How to Apply Existing Attack Signaturue Set to an ASM Policy using iControl REST API
Hello, I am trying to use the iControl REST API interface in order to automatically and programmatically apply attack signature sets to all of our ASM Policies defined on our 11.6 device. Following the REST User Guide, I saw that it was possible to create new resources for a given policy (there was an example using /mgmt/tm/asm/policies/MD5HASH/urls as the resource endpoint) and so I tried extending the same principle to /mgmt/tm/asm/policies/MD5HASH/signature-sets , as that appears to be the most appropriate endpoint in order to apply defined signatures-sets to policies To illustrate further, issuing a GET request for signature-sets already applied to one of my ASM policies, I get the following as a response: {"selfLink": "https://localhost/mgmt/tm/asm/policies/tWE3e4F2jlpKH22mCw0I0Q/signature-sets", "kind": "tm:asm:policies:signature-sets:signature-setcollectionstate", "totalItems": 1, "items": [ { "learn": false, "kind": "tm:asm:policies:signature-sets:signature-setstate", "alarm": true, "signatureSetReference": {"link": "https://localhost/mgmt/tm/asm/signature-sets/2ODl_CpPYisXJvG_0bmcEA"}, "selfLink": "https://localhost/mgmt/tm/asm/policies/tWE3e4F2jlpKH22mCw0I0Q/signature-sets/GLKMhVlZQFNsMbMRD1EtkQ", "id": "GLKMhVlZQFNsMbMRD1EtkQ", "block": false}]} Based off the key/value pairs on display here, I extrapolated and structured my JSON POST payload as follows to try and add a different existing signature set to the same policy as above -- I deduced that "signatureSet" is the only required JSON key to add here based off the error output that I've been receiving from the REST API and the above signature-set payload: { "signatureSet": "iZvFXdIDR8lEbUdSWttwPQ" } However, I keep getting a 500 error from the REST API stating the following error message error_message:Could not parse/validate the Policy Signature Set. Can\'t use string ("iZvFXdIDR8lEbUdSWttwPQ") as a HASH ref while "strict refs" in use. I don't quite understand what I'm doing wrong here -- is the signature set ID value not the appropriate value to provide here? The REST API Guide hasn't been too helpful as it does not provide signature-set POST sample requests. Appreciate any help and clarification here! Thanks!
Overwriting or adding LTM SSL Traffic cert and key using iControlREST
Hi, I am trying to overwrite an existing cert and key within the LTM SSL Traffic cert and key using iControlREST. Here is the basic process, and result of each step. Upload key and cert PEM files to the uploads directory. I have tried this step both inside and outside of a transaction with the same result. This works fine. Create a transaction using the transaction REST endpoint. This works fine. Add a command to install the key over the desired SSL Traffic key referencing the local path from step 1 with the transaction id in the header. The command is set to install and from-local-file. Successfully added to the transaction commands. Add a command to install the key over the desired SSL Traffic cert referencing the local path from step 1 with the transaction id in the header. The command is set to install and from-local-file. Successfully added to the transaction commands. Get the transaction commands just to observe the contents. The commands are present, and the paths are correct per steps 3 & 4 above. Attempt to commit the transaction, and receive the failure with a message like the one below. message=transaction failed:01070712:3: file (/var/system/tmp/tmsh/GexeqO/IIS-F5v13.key) expected to exist. As you can see, F5 is looking in a different directory than specified in steps 3 & 4. I've closely examined all requests and responses using Fiddler, and there's no way to determine the randomly generated sub directory name ('GexeqO' in this particular case). It is different each transaction. Also note, this happens even when not overwriting existing entries. But I am using a transaction so that I don't get the 'key and certificate do not match' message. Any insights would be tremendously helpful. Best, GaryHow BIG-IP Token/Authentication works ?
I'm unable to find anywhere here/documentation/articles anyone that could explain a little bit better the authentication token when you get the response from the Rest. I'm sending the POST to the Rest, and the Rest is returning the Authentication. Here is an example: token : AD2GKZPXKVTE4WKJEQUZTIPOM3 name : AD2GKZPXKVTE4WKJEQUZTIPOM3 userName : admin authProviderName : tmos user : ... groupReferences : ... timeout : 1200 startTime : 2016-07-22T09:24:11.808-0500 address : 10.10.10.10 partition : [All] generation : 1 lastUpdateMicros : 1469197451807722 expirationMicros : 1469198651808000 kind : shared:authz:tokens:authtokenitemstate selfLink : https://localhost/mgmt/shared/authz/tokens/AD2GKZPXKVTE4WKJEQUZTIPOM3 Does anyone knows what is "lastUpdateMicros", "ExpirationMicros" and what is Timeout actually means ? I'm having several issues in my scripts when I call the Rest and the call just fail. If I try to get a new token the call works. I wonder if could be due the token is expired after is used once. Will the token expire only after 1200 seconds or that is not true ?
How to efficiently delete a node from LTM?
Hi, I am trying to delete a node from F5 LTM as part of our decommission process. I cannot delete a node until I remove all pool members that refer to it. The only way I know how to get pool members is to get all pools and then, for each pool, get members, and see if the IP address of a member matches. With thousands of pools we have this takes thousands of web requests. It is seriously slow even on local network but if I try to do it to our LB on another continent over 160ms round-trip link, it literally takes 15+minutes. So, is there more efficient way to delete a node? Maybe get a list of all back-references to a node? Or a list of all members of all pools in one shot? Or something else I did not think about? I am not even trying to tackle nodes used in iRules and other non-pool objects at this time (though it would be cool). I did try to delete node first and parse a 400 response but: - response only has one pool out of possibly many. - the name of the pool in response is within an arbitrary text "message" string. This string is already different between 11.4 and 11.5, and, since it is not part of API, can change at any hotfix.
iControl REST curl command to create VLAN
If you have a CURL command to create a VLAN using iControl REST which has a name, tag, and an interface assigned, can you please post it here? Here's a sample of what i'm looking for for a self IP create: curl -sk -u admin:admin https://10.0.0.20/mgmt/tm/net/self/ -H 'Content-Type: application/json' -X POST -d '{"name":"self3","address":"10.1.0.26/24","vlan":"external"}'"Ordinal" Refers to Policy Rule ID?
In the iControl Rest API, what sets the policy rule ID, is it the ordinal? I'm trying to sort the list of policies, for each new policy created that is in the last list. curl -k -X POST \ -u "${USER}:${PASS}" \ "https://bipteste/mgmt/tm/ltm/policy/~Common~Drafts~Teste_Bruno/rules" \ -H 'Accept: */*' \ -H 'Content-Type: application/json' \ -d '{ "name":"svc_teste4", "description":"teste","ordinal":0 }' I defined that svc_teste4 would be the first one on the list, but he was in the penultimate
