F5 XC EMEA Workshop > Class 1 - F5 XC Services > Parameter Inspection Source |

Lab 1 - Rules config¶

Create the default service policy which will allow all

Web App & API Protection -> Service Policies -> Service Policies -> Add Service Policy -> Fill the bellow data -> Save and Exit

Object Value

Name default-allow

Select Policy Rules Allow All Requests

Object	Value
Name	default-allow
Select Policy Rules	Allow All Requests

Create the service policy which will verify that the email parameter value is in the appropiate email format

Web App & API Protection -> Service Policies -> Service Policies -> Add Service Policy -> Fill the bellow data

Object Value

Name arcadia-parameter-inspection
On the same page click Configure -> Add Item -> Fill the bellow data

Object Value

Name email

HTTP Method POST
On the same page click Configure under the HTTP Path section -> Add Item under the Exact Values section -> Fill the bellow data -> Apply

Object Value

Input box that just appeared /v1/login
On the same page click the Show Advanced Fields switch under the Request Match section -> Add Item under Argument Matchers ->

Object Value

Argument Name email

Object	Value
Name	arcadia-parameter-inspection

Object	Value
Name	email
HTTP Method	POST

Object	Value
Input box that just appeared	/v1/login

Object	Value
Argument Name	email

On the same page click Add Item under the Regex Values section -> Fill the bellow data -> Apply -> Apply -> Apply -> Save and Exit
Object Value
Input box that just appeared
[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}
Invert Matcher Checked

Object	Value
Input box that just appeared	[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}
Invert Matcher	Checked

Before we apply the service policy let’s do some tests

First let’s do a curl request that will simulate a user login request. All will be fine and we expect for the request to succeseed.

curl -H "Content-Type: application/json;charset=UTF-8" --data-raw "{\"email\":\"satoshi@bitcoin.com\",\"password\":\"bitcoin\"}" http://arcadia-re-$$makeId$$.workshop.emea.f5se.com/v1/login

Now we will re run the same request but with the email parameter value being just a number. We won’t be able to login but the request will not be blocked.

curl -H "Content-Type: application/json;charset=UTF-8" --data-raw "{\"email\":\"11223344\",\"password\":\"bitcoin\"}" http://arcadia-re-$$makeId$$.workshop.emea.f5se.com/v1/login

Apply the service policies to the HTTP Load Balancer

Web App & API Protection -> Load Balancers -> HTTP Load Balancer -> Click the 3 dots under the arcadia-re-lb row -> Manage Configuration -> Edit Configuration -> Fill the bellow data -> Save and Exit

Object Value

Service Policies Apply Specified Service Policies
On the same page click Configure under Policies -> Add Item -> Fill the bellow data -> Apply -> Save and Exit

Object Value

First Input Box $$namespace$$/arcadia-parameter-inspection

Second Input Box $$namespace$$/default-allow

Object	Value
Service Policies	Apply Specified Service Policies

Object	Value
First Input Box	$$namespace$$/arcadia-parameter-inspection
Second Input Box	$$namespace$$/default-allow

Previous Next