Forum Discussion

Ireda's avatar
Ireda
Icon for Cirrus rankCirrus
Sep 26, 2023
Solved

Deploy BIG-IP ASM for API Application

Dears
My Manager informed me that we need to configure BIG-IP LTM and ASM for API application, what is the API application for F5? Is this different in implementation from normal web application or it is the same?


Can you support me with guide or implementation example?


Also, if i will implement this for testbed first, Can I copy the ASM policy for production or must make the production policy in learning and transparent mode also?

 

 

 

ASM API
security
  • Mohamed_Salah_'s avatar
    Mohamed_Salah_
    Sep 27, 2023

    Hello,

    The swagger file will contains all information related to the service, so you can just start checking the event logs for any violations matching with the application, and then tune the policy accodingly.

    If you copied the policy, it will copy all its entities only if you have applied all changes on the old policy. But the learning suggestions will not be copied.

    So you can go with the test enviornment first and create it in the learning mode, and when everythign is stable, you can import the same policy in the production enviornment, and start monitoring the policy.

    Thanks,

    Mohamed Salah

4 Replies

Sort By
  • Mohamed_Salah_'s avatar
    Mohamed_Salah_
    Icon for MVP rankMVP
    Sep 26, 2023

    Hello,

    For API security, it is usually recommended to import the swagger file. you can check the below link. The swagger is received from the application owners.

    swagger file: allows you to describe the structure of your APIs so that machines can read them. https://swagger.io/docs/specification/2-0/what-is-swagger/

    F5 DevCentral link:

    https://community.f5.com/t5/technical-forum/using-a-swagger-file-to-create-an-asm-policy-for-an-api-in-big/td-p/227007

    Also, it is better to create it in a test environment first, and then copy the same policy to the production environment and keep monitoring the event logs for any false positives, then, you can start enforcing the the policy entities and change the mode to blocking.

     

    Thanks,

    Mohamed Salah

    • Ireda's avatar
      Ireda
      Icon for Cirrus rankCirrus
      Sep 26, 2023

      Thanks for reply,
      There are any different in deployment from normal Web application after I upload the swagger file.
      Also, how can I monitor the API application at L7? it is the web application or different.

      Also, If I copied the testbed policy to the production environment, it will be copied with learning parameters, URLs, ...etc or I need to make the same policy for production under monitoring in transparent mode.

      • Mohamed_Salah_'s avatar
        Mohamed_Salah_
        Icon for MVP rankMVP
        Sep 27, 2023

        Hello,

        The swagger file will contains all information related to the service, so you can just start checking the event logs for any violations matching with the application, and then tune the policy accodingly.

        If you copied the policy, it will copy all its entities only if you have applied all changes on the old policy. But the learning suggestions will not be copied.

        So you can go with the test enviornment first and create it in the learning mode, and when everythign is stable, you can import the same policy in the production enviornment, and start monitoring the policy.

        Thanks,

        Mohamed Salah