api-protection profile apiprotection
api-protection profile apiprotBIG-IP(TMapi-protection profile apiprotection(1)
NAME
apiprotection - Configures an API protection profile.
MODULE
api-protection profile
SYNTAX
Configure the apiprotection component within the profile module using
the syntax shown in the following sections.
CREATE/MODIFY
create apiprotection [name]
modify apiprotection [name]
options:
access-profile [profile-access-name]
app-service [[string] | none]
default-response [response-name]
default-server [[server-name] | none]
defaults-from [apiprotection | [name]]
description [[string] | none]
dns-mode [ipv4-only | [ipv6-only] | [ipv6-prefer]]
dns-resolver [[dns-resolver-name] | none]
last-generated-path-id [integer]
max-concurrent-subsessions [integer]
openapi-version [[string] | none]
paths [add | delete | none | replace-all-with] {
[path-name] {
active [true | false]
app-service [[string] | none]
description [[string] | none]
method [string]
path-id [integer]
server [[server-name] | none]
uri [string]
}
}
per-request-policy [per-request-policy-name]
responses [add | delete | none | replace-all-with] {
[response-name]
}
servers [add | delete | none | replace-all-with] {
[server-name]
}
use-pool [false | true]
edit apiprotection [ [ [name] | [glob] | [regex] ] ... ]
options:
all
DISPLAY
list apiprotection
list apiprotection [ [ [name] | [glob] | [regex] ] ... ]
show running-config apiprotection
show running-config apiprotection [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
non-default-properties
one-line
recursive
show apiprotection
show apiprotection [name]
options:
all
default
exa
gig
kil
meg
peta
raw
tera
yotta
zetta
DELETE
delete apiprotection [name]
options:
all
recursive
DESCRIPTION
You use the apiprotection component to configure an apiprotection
profile. An API protection profile specified a group of settings that
you can use to configure an API protection server.
NOTE: For the API protection profile to take effect, it must be
associated with a virtual server that also specifies an HTTP profile.
EXAMPLES
create apiprotection myAPIProtectionProfile {
access-profile myAPIProtectionProfile_ap
default-response myAPIProtectionProfile_response1
default-server myAPIProtectionProfile_server1
defaults-from apiprotection
description "My API protection Profile"
dns-mode ipv4-only
dns-resolver default-dns-resolver
last-generated-path-id 1
max-concurrent-subsessions 1
openapi-version "2.0"
partition Common
paths {
myAPIProtectionProfile_path1 {
active true
method GET
path-id 1
uri /somepath
}
}
per-request-policy myAPIProtectionProfile_prp
responses {
myAPIProtectionProfile_response1
}
servers {
myAPIProtectionProfile_server1
}
use-pool false
}
Creates an API protection profile named myAPIProtectionProfile
based on the default profile named apiprotection. The profile
provides protection to API requests handled by the server
myAPIProtectionProfile_server1. Based on the Per-request-Policy
configured in myAPIProtectionProfile_prp, a default response
configured as myAPIProtectionProfile_response1 is provided for
invalid requests. This profile serves GET requests to URI
/somepath on the virtual server to which this profile is attached.
The connection to the API server myAPIProtectionProfile_server1 is
determined using the DNS resolver configuration default-dns-
resolver resolving only IPv4 requests.
list apiprotection all all-properties
Displays a list of API protection profiles, including parameter
values.
delete apiprotection myAPIProtectionProfile
Deletes the API protection profile named myAPIProtectionProfile.
OPTIONS
access-profile
Specifies the name of the associated access profile. If the API
protection profile is created using REST API or GUI, the default
access profile is automatically created and associated. The
default is none if created using TMSH.
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
default-response
Specifies the response name available under api-protection
response. This value is mandatory. If the API protection profile
is created using REST API or GUI, the default response is
automatically created and associated using OpenAPI spec
configuration. Create a response under api-protection response and
associate here when using TMSH.
default-server
Specifies the server name available under api-protection server.
If the API protection profile is created using REST API or GUI,
default server is automatically created and associated.
defaults-from
Specifies the default API protection profile from which this
profile is created. The default is apiprotection.
description
Specifies the description of the profile.
dns-mode
Specifies the DNS mode to use when resolving API server FQDN.
Allowed values are ipv4-only, ipv6-only, and ipv6-prefer. The
default is ipv4-only.
dns-resolver
Specifies the DNS resolver name configured under net dns-resolver.
This cannot be empty when API Server is configured.
last-generated-path-id
Specifies the maximum path-id value configured for a path under
paths. This value is used and set internally and requires no
manual configuration.
max-concurrent-subsessions
Specifies the maximum number of concurrent subsessions. The
default is 0, which sets the maximum number of concurrent
subsessions to 5 times the licensed access session limit.
openapi-version
Specifies version information of the OpenAPI spec file used when
creating the profile using REST API or GUI. This is set
automatically when you use the spec file.
paths
Specifies the list of path configurations.
path-name
Specifies the name of the path configuration.
active
Specifies if the path-name is active. If path is inactive,
Request-Classification-Agent under per-request policy will ignore
the branch. The default is true.
description
Specifies description of path-name.
method
Specifies the HTTP method associated with the specific path path-
name. This is mandatory input.
path-id
Specifies the path-id associated with the specific path path-name.
This value is used in the Request Classification Agent under per-
request policy to create a path specific branch.
server
Specifies the API server associated with the specific path path-
name.
uri Specifies the URI associated with the specific path path-name.
This is mandatory input.
per-request-policy
Specifies the per-request access policy attached to the API
protection profile.
responses
Specifies the API response(s) associated with the profile. The
configuration is defined under api-protection response.
servers
Specifies the API server name(s) associated with the profile. The
configuration is defined under api-protection server.
use-pool
Specifies that the API protection profile is used to protect pool
members.
SEE ALSO
api-protection response, api-protection server
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2015-2018. All rights reserved.
BIG-IP 2018-api-protection profile apiprotection(1)