I have been working with ASM for the last 5 years and I very rarely come across application team with a complete list of URL's which have been been in their application. To my luck this time they have one and that to of 16 pages :(
Adding them via GUI would be real pain..... So i was wondering is there a way in which I can import or copy paste them via CLI. I mean a faster way of adding the list of Allowed URL's ........ Any one working suggestion would help me a great deal.
The easiest way to do this as of BigIP v11.4 - v13.1 is to work with raw XML file.
Export policy as XML (Security ›› Application Security : Security Policies : Policies List)
In the exported XML file, search for line <urls>
Right below <urls>, go ahead and insert your own explicit URL definitions as shown below. If you have a list of URLs, you can easily wrap your whole document to comply with this syntax. Either write a few lines of code in your language of choice, or use tools like VIM or MS Excel.
<url protocol="HTTP" type="explicit" name="/test1"></url>
<url protocol="HTTP" type="explicit" name="/test2"></url>
<url protocol="HTTP" type="explicit" name="/test3"></url>
<url protocol="HTTP" type="explicit" name="/test4"></url>
<url protocol="HTTP" type="explicit" name="/test5"></url>
Note that URLs have more options than shown above, to a point where each explicit URL is 100 lines of XML by itself. However, you're not obliged to specify all 100 lines for each URL. Just ignore the details and system will assume defaults on import, unless specified otherwise. If you have specific needs such as including Clickjacking Protection with all URLs, create one entry with desired non-default setting in GUI, and then refer to XML export for the syntax. What is shown above is the bare minimum.
When done, just import the XML document as a new policy or replace old one.
Thanks a lot Hannes,
I thought of doing that. However, when I saw a lot of additional lines in the XML under each URL, I skipped the idea.
Thanks for letting me know that the system will take the default if you do not specify them.
This makes the task lot easier now.
Thanks again for the usual support in the community.
There is no way, presently, to do that sorta thing via the CLI (I've been griping about this for several years).
There is probably a a way to do it via the mysql db. You'd likely have to do some reverse engineering and experimenting to get a working and repeatable method. F5 support would likely have a brain hemorrhage if you mentioned this on a support call as well, so I would keep it on the down low if you went down that path.
Stuff seems DB DCC into PL_OBJECTS and PL_CONFIG_LOG when you add an allowed URL.
Did someone came with any easy solution to add a list of Allowed URLs. I mean adding a huge list of Allowed URLs which is going to take a huge time via GUI..
So, looking for some easier solution ..
I advise looking into the REST API option.
You can write a python script that can go over you 16 pages file and add every URL to the policy.
Here is an example from the v13 user guide:
"protocol": "http","description": "A Login Page"