Onboarding API to web protection policy
Dear F5ers, I hope you all doing well. Please accept my apology for my question if it does look stupid since Iam new to the F5 area. Kindly note that i took the administration role on F5 appliance which was managed by a partner for a long time and the below is my questions. There is a Security Policy which is used for protecting a web app which will be destination for the mobile application such as below. Mobile App--->F5 Virtual Server which has an ASM policy on it (Policy Template is comprehensive). please note that the policy status as below now, also please note that we have two virtual servers with two different policy one for testbed environment and the other one for production environment. Enforcement Mode: Blocking Policy Building Learning Mode: Automatic Auto-Apply Policy: Realtime And the product team try to onboard some new services which will use a new API with different scheme and i want to know what is the best practice to do in this situation since the product team will do testing all time. shall i remove the blocking mode in testbed environment and leave the policy learning on automatic or move it to manual? Shall i ask them to provide the json scheme ? what shall i do after that after creating the json profile? will the json scheme will be learned automatically or no its something that need to be add manually? in which situation the f5 administrator need to add the new json profile with new json scheme ? shall i need to ask for swagger files or i don't need to do so ?also where to apply it? does the comprehensive security template work as the api protection also ?if no how we can achieve this? is it possible to have 2 separate ASM policy attached to one virtual server? I need your kind assistance to provide detailed answer as per your expertise so i can know what are the best excises to do that. Thanks for your support. Regards,
Using a swagger file to create an ASM policy for an API in BIG IP Ver-15
Hi, I had heard that in BIG IP Ver15 that you could create an ASM policy for an API using the swagger file for the that API. Can anyone point me in the direction of the documentation on this? We have just upgraded a TEST system to Ver15 and I want to use the swagger file I have to create the policy for the API. Thank you
AdvWAF, OpenAPI - how to update security profile as APIs are added?
Hi - We have an integration in which we want to create a security profile via Guided Configuration for an API server, and plan on importing the OpenAPI specification as the starting point. But - this server will be adding more APIs on a regular basis for the foreseeable future ... and it's not clear to us how we can add new APIs to the security policy. The documentation on importing an OpenAPI spec says that all of the APIs supported by the virtual server involved must be described ... what is the procedure to add single APIs, one by one as they become relevant, over time? Thank you!