Manual Chapter : Working with Declarative Policy

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Working with Declarative Policy

Incorporating policy builder suggestions

  1. Export policy builder suggestions.
    Send a POST request to
    https://<your-BIG-IP>/mgmt/tm/asm/tasks/export-suggestions
    . Use the following body content:
    { "inline": "true", "policyReference": { "link": "https://<Your_BigIP_Ip>/mgmt/tm/asm/policies/Policy_Key/" } }
    Send a GET request to
    https://<your-BIG-IP>/mgmt/tm/asm/tasks/export-suggestions
    .
    The following is an example for exported suggestions:
    "suggestions": [ { "entityChanges": { "signatureOverrides": [ { "name": "my_TAGGED_SIG", "tag": "my_tag", "enabled": false } ], "type": "explicit" }, "entity": { "protocol": "http", "name": "/index.php", "method": "*" }, "entityType": "url", "action": "update-append", "description": "Disable the matched signature on the matched URL" }, { "entityChanges": { "signatureOverrides": [ { "name": "my_UNTAGGED_SIG", "tag": "", "enabled": false } ], "type": "explicit" }, "entity": { "protocol": "http", "name": "/index.php", "method": "*" }, "entityType": "url", "action": "update-append", "description": "Disable the matched signature on the matched URL" } ]
  2. Update the declarative policy with exported suggestions.
    Use the
    Modifications
    property to add suggestions in the policy. The following is an example:
    "modifications": [ { "entity": { "protocol": "http", "name": "/index.php", "method": "*" }, "entityChanges": { "signatureOverrides": [ { "name": "my_TAGGED_SIG", "tag": "my_tag", "enabled": false } ], "type": "explicit" }, "entityType": "url", "action": "update-append", "description": "Disable the matched signature on the matched URL" }, { "entity": { "protocol": "http", "name": "/index.php", "method": "*" }, "entityChanges": { "signatureOverrides": [ { "name": "my_UNTAGGED_SIG", "tag": "", "enabled": false } ], "type": "explicit" }, "entityType": "url", "action": "update-append", "description": "Disable the matched signature on the matched URL" } ]
  3. Import the updated declarative policy, refer to Declarative policy import.

Declarative policy log files

Advanced WAF and ASM store the import policy log file in BIG-IP device folder
/var/log/asm
.
These log files can be used to identify and troubleshoot issues while processing the declarative policies.