api-protection profile apiprotection
api-protection profile apiprotection(1) BIG-IP TMSH Manual api-protection profile apiprotection(1)
NAME
apiprotection - Configures an API protection profile.
MODULE
api-protection profile
SYNTAX
Configure the apiprotection component within the profile module using the syntax shown in the following sections.
CREATE/MODIFY
create apiprotection [name]
modify apiprotection [name]
options:
access-profile [profile-access-name]
app-service [[string] | none]
default-response [response-name]
default-server [[server-name] | none]
defaults-from [apiprotection | [name]]
description [[string] | none]
dns-mode [ipv4-only | [ipv6-only] | [ipv6-prefer]]
dns-resolver [[dns-resolver-name] | none]
last-generated-path-id [integer]
max-concurrent-subsessions [integer]
openapi-version [[string] | none]
paths [add | delete | none | replace-all-with] {
[path-name] {
active [true | false]
app-service [[string] | none]
description [[string] | none]
method [string]
path-id [integer]
server [[server-name] | none]
uri [string]
}
}
per-request-policy [per-request-policy-name]
responses [add | delete | none | replace-all-with] {
[response-name]
}
servers [add | delete | none | replace-all-with] {
[server-name]
}
use-pool [false | true]
edit apiprotection [ [ [name] | [glob] | [regex] ] ... ]
options:
all
DISPLAY
list apiprotection
list apiprotection [ [ [name] | [glob] | [regex] ] ... ]
show running-config apiprotection
show running-config apiprotection [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
non-default-properties
one-line
recursive
show apiprotection
show apiprotection [name]
options:
all
default
exa
gig
kil
meg
peta
raw
tera
yotta
zetta
DELETE
delete apiprotection [name]
options:
all
recursive
DESCRIPTION
You use the apiprotection component to configure an apiprotection profile. An API protection profile specified a group of
settings that you can use to configure an API protection server.
NOTE: For the API protection profile to take effect, it must be associated with a virtual server that also specifies an
HTTP profile.
EXAMPLES
create apiprotection myAPIProtectionProfile {
access-profile myAPIProtectionProfile_ap
default-response myAPIProtectionProfile_response1
default-server myAPIProtectionProfile_server1
defaults-from apiprotection
description "My API protection Profile"
dns-mode ipv4-only
dns-resolver default-dns-resolver
last-generated-path-id 1
max-concurrent-subsessions 1
openapi-version "2.0"
partition Common
paths {
myAPIProtectionProfile_path1 {
active true
method GET
path-id 1
uri /somepath
}
}
per-request-policy myAPIProtectionProfile_prp
responses {
myAPIProtectionProfile_response1
}
servers {
myAPIProtectionProfile_server1
}
use-pool false
}
Creates an API protection profile named myAPIProtectionProfile based on the default profile named apiprotection. The
profile provides protection to API requests handled by the server myAPIProtectionProfile_server1. Based on the Per-
request-Policy configured in myAPIProtectionProfile_prp, a default response configured as
myAPIProtectionProfile_response1 is provided for invalid requests. This profile serves GET requests to URI /somepath
on the virtual server to which this profile is attached. The connection to the API server
myAPIProtectionProfile_server1 is determined using the DNS resolver configuration default-dns-resolver resolving only
IPv4 requests.
list apiprotection all all-properties
Displays a list of API protection profiles, including parameter values.
delete apiprotection myAPIProtectionProfile
Deletes the API protection profile named myAPIProtectionProfile.
OPTIONS
access-profile
Specifies the name of the associated access profile. If the API protection profile is created using REST API or GUI,
the default access profile is automatically created and associated. The default is none if created using TMSH.
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
default-response
Specifies the response name available under api-protection response. This value is mandatory. If the API protection
profile is created using REST API or GUI, the default response is automatically created and associated using OpenAPI
spec configuration. Create a response under api-protection response and associate here when using TMSH.
default-server
Specifies the server name available under api-protection server. If the API protection profile is created using REST
API or GUI, default server is automatically created and associated.
defaults-from
Specifies the default API protection profile from which this profile is created. The default is apiprotection.
description
Specifies the description of the profile.
dns-mode
Specifies the DNS mode to use when resolving API server FQDN. Allowed values are ipv4-only, ipv6-only, and
ipv6-prefer. The default is ipv4-only.
dns-resolver
Specifies the DNS resolver name configured under net dns-resolver. This cannot be empty when API Server is configured.
last-generated-path-id
Specifies the maximum path-id value configured for a path under paths. This value is used and set internally and
requires no manual configuration.
max-concurrent-subsessions
Specifies the maximum number of concurrent subsessions. The default is 0, which sets the maximum number of concurrent
subsessions to 5 times the licensed access session limit.
openapi-version
Specifies version information of the OpenAPI spec file used when creating the profile using REST API or GUI. This is
set automatically when you use the spec file.
paths
Specifies the list of path configurations.
path-name
Specifies the name of the path configuration.
active
Specifies if the path-name is active. If path is inactive, Request-Classification-Agent under per-request policy will
ignore the branch. The default is true.
description
Specifies description of path-name.
method
Specifies the HTTP method associated with the specific path path-name. This is mandatory input.
path-id
Specifies the path-id associated with the specific path path-name. This value is used in the Request Classification
Agent under per-request policy to create a path specific branch.
server
Specifies the API server associated with the specific path path-name.
uri Specifies the URI associated with the specific path path-name. This is mandatory input.
per-request-policy
Specifies the per-request access policy attached to the API protection profile.
responses
Specifies the API response(s) associated with the profile. The configuration is defined under api-protection response.
servers
Specifies the API server name(s) associated with the profile. The configuration is defined under api-protection
server.
use-pool
Specifies that the API protection profile is used to protect pool members.
SEE ALSO
api-protection response, api-protection server
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2015-2018. All rights reserved.
BIG-IP 2018-10-20 api-protection profile apiprotection(1)