Forum Discussion

Alok_Kumar's avatar
Alok_Kumar
Icon for Altostratus rankAltostratus
Mar 14, 2022

Enable Alarm and Block check on Access from Malicoous IP Address with iControl REST API

I need to enable the check box of Alarm and Block on one of the IP Address and Geolocations rule named Access from Malicoous IP Address on a mass scale on more than 100 ASM policies. What API can I call with a curl command to do this ? Please help.

Thanks. 

  • Hello 

     

    Have you seen this article: Display and configure BIG-IP ASM security policy configuration using iControl Rest API (f5.com). 

    I posted some excerpts below this should get you started. 

    Locate the security policy element MD5 hash identifier

    BIG-IP ASM security policy elements have a unique MD5 hash identifier. You must determine the MD5 hash identifier before you can make updates to the element using the iControl REST API. Include the hash value in the URI when you modify the policy elements. To determine the MD5 hash identifier, perform the following steps:

    Impact of procedure: Performing the following procedure should not have a negative impact on your system.

    1. Log in to the command line of a system with the curl and jq utilities installed.
    2. Use the following command syntax to determine the MD5 hash identifier for the policy element:

      curl -sku <username:password> https://<BIG-IP hostname or management IP address>/mgmt/tm/asm/policies/<policy MD5hash>/<policy element>?\$select=name,id | jq '.'

      For example, the following command returns two parameters, example and __VIEWSTATE, and related MD5 hash identifiers (id) for host BIGIP.example.com:

      curl -sku admin:admin https://BIGIP.example.com/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig/parameters?\$select=name,id | jq .

          {
            "kind": "tm:asm:policies:parameters:parameterstate",
            "selfLink": "https://localhost/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig/parameters/_RVuQ8606O0J3uVOk6a5og?ver=16.0.1",
            "name": "example",
            "id": "_RVuQ8606O0J3uVOk6a5og"
          },
          {
            "kind": "tm:asm:policies:parameters:parameterstate",
            "selfLink": "https://localhost/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig/parameters/UK1xSpsKgkiuR7B1N-qw4g?ver=16.0.1",
            "name": "__VIEWSTATE",
            "id": "UK1xSpsKgkiuR7B1N-qw4g"
          }

    Modify existing security policy configuration elements using iControl Rest API

    Impact of procedure: F5 recommends that you test any security policy changes in an appropriate environment.

    1. Log in to the command line of a system with the curl and jq utilities installed.
    2. Review the previous table and determine the URI syntax for the policy element.
    3. Use the following command syntax to modify the security policy element you want:

      curl -sku <username:password> -X PATCH https://<BIG-IP hostname or management IP address>/mgmt/tm/asm/policies/<policy MD5hash>/<policy element>/<policy element MD5hash> -d '<configuration in JSON format>' | jq '.'

      For example, the following command updates the parameter named example with the MD5 hash identifier _RVuQ8606O0J3uVOk6a5og for host BIGIP.example.com:

      curl -sku admin:admin -X PATCH https://10.154.210.202/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig/parameters/_RVuQ8606O0J3uVOk6a5og -d '{"performStaging":false}' | jq '.'

    4. If you are done making changes to the policy, you can apply the policy using the following syntax:

      curl -sku <username>:<password> https://<BIG-IP hostname or management IP address>/mgmt/tm/asm/tasks/apply-policy -d '{"policyReference": {"link": "https://localhost/mgmt/tm/asm/policies/<MD5hash>"}}' | jq '.'

      For example:

      curl -sku admin:admin https://BIGIP.example.com/mgmt/tm/asm/tasks/apply-policy -d '{"policyReference": {"link": "https://localhost/mgmt/tm/asm/policies/2fFJIXo8nnfwGG9O78o3ig"}}' | jq '.'

    5. Check the status of the apply-policy task using the following command:

      curl -sku <username:password> https://<BIG-IP hostname or management IP address>/mgmt/tm/asm/tasks/apply-policy | jq '.'

      For example:

      curl -sku admin:admin https://BIGIP.example.com/mgmt/tm/asm/tasks/apply-policy | jq '.'