api-protection profile apiprotection
api-protection profile apiprotection(1) BIG-IP TMSH Manual api-protection profile apiprotection(1)
NAME
apiprotection - Configures an API protection profile.
MODULE
api-protection profile
SYNTAX
Configure the apiprotection component within the profile module using the syntax shown in the following
sections.
CREATE/MODIFY
create apiprotection [name]
modify apiprotection [name]
options:
access-profile [profile-access-name]
app-service [[string] | none]
default-response [response-name]
default-server [[server-name] | none]
defaults-from [apiprotection | [name]]
description [[string] | none]
dns-mode [ipv4-only | [ipv6-only] | [ipv6-prefer]]
dns-resolver [[dns-resolver-name] | none]
last-generated-path-id [integer]
max-concurrent-subsessions [integer]
openapi-version [[string] | none]
paths [add | delete | none | replace-all-with] {
[path-name] {
active [true | false]
app-service [[string] | none]
description [[string] | none]
method [string]
path-id [integer]
server [[server-name] | none]
uri [string]
}
}
per-request-policy [per-request-policy-name]
responses [add | delete | none | replace-all-with] {
[response-name]
}
servers [add | delete | none | replace-all-with] {
[server-name]
}
use-pool [false | true]
edit apiprotection [ [ [name] | [glob] | [regex] ] ... ]
options:
all
DISPLAY
list apiprotection
list apiprotection [ [ [name] | [glob] | [regex] ] ... ]
show running-config apiprotection
show running-config apiprotection [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
non-default-properties
one-line
recursive
show apiprotection
show apiprotection [name]
options:
all
default
exa
gig
kil
meg
peta
raw
tera
yotta
zetta
DELETE
delete apiprotection [name]
options:
all
recursive
DESCRIPTION
You use the apiprotection component to configure an apiprotection profile. An API protection profile
specified a group of settings that you can use to configure an API protection server.
NOTE: For the API protection profile to take effect, it must be associated with a virtual server that also
specifies an HTTP profile.
EXAMPLES
create apiprotection myAPIProtectionProfile {
access-profile myAPIProtectionProfile_ap
default-response myAPIProtectionProfile_response1
default-server myAPIProtectionProfile_server1
defaults-from apiprotection
description "My API protection Profile"
dns-mode ipv4-only
dns-resolver default-dns-resolver
last-generated-path-id 1
max-concurrent-subsessions 1
openapi-version "2.0"
partition Common
paths {
myAPIProtectionProfile_path1 {
active true
method GET
path-id 1
uri /somepath
}
}
per-request-policy myAPIProtectionProfile_prp
responses {
myAPIProtectionProfile_response1
}
servers {
myAPIProtectionProfile_server1
}
use-pool false
}
Creates an API protection profile named myAPIProtectionProfile based on the default profile named
apiprotection. The profile provides protection to API requests handled by the server
myAPIProtectionProfile_server1. Based on the Per-request-Policy configured in myAPIProtectionProfile_prp,
a default response configured as myAPIProtectionProfile_response1 is provided for invalid requests. This
profile serves GET requests to URI /somepath on the virtual server to which this profile is attached. The
connection to the API server myAPIProtectionProfile_server1 is determined using the DNS resolver
configuration default-dns-resolver resolving only IPv4 requests.
list apiprotection all all-properties
Displays a list of API protection profiles, including parameter values.
delete apiprotection myAPIProtectionProfile
Deletes the API protection profile named myAPIProtectionProfile.
OPTIONS
access-profile
Specifies the name of the associated access profile. If the API protection profile is created using REST
API or GUI, the default access profile is automatically created and associated. The default is none if
created using TMSH.
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
default-response
Specifies the response name available under api-protection response. This value is mandatory. If the API
protection profile is created using REST API or GUI, the default response is automatically created and
associated using OpenAPI spec configuration. Create a response under api-protection response and
associate here when using TMSH.
default-server
Specifies the server name available under api-protection server. If the API protection profile is created
using REST API or GUI, default server is automatically created and associated.
defaults-from
Specifies the default API protection profile from which this profile is created. The default is
apiprotection.
description
Specifies the description of the profile.
dns-mode
Specifies the DNS mode to use when resolving API server FQDN. Allowed values are ipv4-only, ipv6-only,
and ipv6-prefer. The default is ipv4-only.
dns-resolver
Specifies the DNS resolver name configured under net dns-resolver. This cannot be empty when API Server
is configured.
last-generated-path-id
Specifies the maximum path-id value configured for a path under paths. This value is used and set
internally and requires no manual configuration.
max-concurrent-subsessions
Specifies the maximum number of concurrent subsessions. The default is 0, which sets the maximum number
of concurrent subsessions to 5 times the licensed access session limit.
openapi-version
Specifies version information of the OpenAPI spec file used when creating the profile using REST API or
GUI. This is set automatically when you use the spec file.
paths
Specifies the list of path configurations.
path-name
Specifies the name of the path configuration.
active
Specifies if the path-name is active. If path is inactive, Request-Classification-Agent under per-request
policy will ignore the branch. The default is true.
description
Specifies description of path-name.
method
Specifies the HTTP method associated with the specific path path-name. This is mandatory input.
path-id
Specifies the path-id associated with the specific path path-name. This value is used in the Request
Classification Agent under per-request policy to create a path specific branch.
server
Specifies the API server associated with the specific path path-name.
uri Specifies the URI associated with the specific path path-name. This is mandatory input.
per-request-policy
Specifies the per-request access policy attached to the API protection profile.
responses
Specifies the API response(s) associated with the profile. The configuration is defined under api-
protection response.
servers
Specifies the API server name(s) associated with the profile. The configuration is defined under api-
protection server.
use-pool
Specifies that the API protection profile is used to protect pool members.
SEE ALSO
api-protection response, api-protection server
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2015-2018. All rights reserved.
BIG-IP 2018-10-20 api-protection profile apiprotection(1)