Forum Discussion
Dominik_312933
Apr 19, 2018Nimbostratus
Hi!
I found a solution for automating the signature enforcement for ASM policies.
The first step is to retrieve all ASM policies from the BIG-IP:
GET https://f5.intern/mgmt/tm/asm/policies/?$select=id,partition,name
{
...
"items": [
{
"name": "POLICY1",
"id": "12ABcd34-567eFgHi89",
"partition": "PART1"
},
...
]
}
In the next step you need to get all signatures, associated with a policy, which are put into staging mode:
GET https://f5.intern/mgmt/tm/asm/policies/12ABcd34_567eFgHi89/signatures/?$filter=performStaging eq true&$select=id,performStaging
{
...
"items": [
{
...
"performStaging": true,
"id": "1a2b3c4edefg128"
},
...
]
}
The last step is to enforce the target signatures (e.g. every signature of a policy individually):
PATCH https://f5.intern/mgmt/tm/asm/policies/12ABcd34_567eFgHi89/signatures/1a2b3c4edefg128
Request Payload:
{
"performStaging": false
}
The BIG-IP's response contains the staging status of the updated signature for verification:
{
...
"id": "1a2b3c4edefg128"
"performStaging": false
...
}
Result:
It is possible to enforce the signatures of an ASM policy in an automated fashion via the iControl REST ASM interface.