How to create a active asm policy use rest api in v11.6.1?

Question

Hi everyone,&nbsp;I want to create a active asm policy use rest api, but it didn't work.&nbsp;{u'code': 401, u'restOperationId': 52707, u'originalRequestBody': u'{"templateReference": {"link": ";}, "name": "rapid-4_asm_policy", "policyBuilderEnabled": false, "active": true, "applicationLanguage": "utf-8", "enforcementMode": "blocking"', u'referer': u'10.10.0.1', u'errorStack': [u'ASMConfigException(error_message:Policy must be applied and/or activated by a Task, error_code:ACTION_NOT_ALLOWED, internal_error:Failed set_active : Error message = Policy must be applied and/or activated by a Task, rest_code:REST_UNAUTHORIZED)'&nbsp;here is my code:&nbsp;!/usr/bin/env python
 -*- coding=utf-8 -*-
import requests
import json

requests.packages.urllib3.disable_warnings()

创建LTM Policy
def create_ltm_policy_asm(bigip, ltm_policy_name, asm_policy_name):
    """create ltm policy with asm policy"""
    policy_payload = {}
    policy_payload['name'] = ltm_policy_name
    policy_payload['strategy'] = 'first-match'
    policy_payload['controls'] = ['asm']
    policy_payload['rules'] = [{'name': ltm_policy_name + '_rules',
                                'actions': [{'name': '0',
                                             'enable': True,
                                             'asm': True,
                                             'request': True,
                                             'policy': asm_policy_name}
                                            ]}
                               ]
    return bigip.post('%s/ltm/policy' % BIGIP_BASE_URL, data=json.dumps(policy_payload)).json()

给VIP关联POLICY
def modify_vip_add_ltm_policy(bigip, ltm_policy_name, vip_name):
    """modify vip to add ltm policy to enable asm policy"""
    payload = {}
    payload['policies'] = [{'name': ltm_policy_name}]
    payload['profiles'] = [{'name': 'websecurity'}, {'name': 'http'}]
    return bigip.put('%s/ltm/virtual/~Common~%s' % (BIGIP_BASE_URL, vip_name), data=json.dumps(payload)).json()

创建ASM Policy
def create_asm_policy(bigip, asm_policy_name):
    """create active asm policy"""
    payload = {}
    payload['name'] = asm_policy_name + '_asm_policy'
    payload['applicationLanguage'] = 'utf-8'
    payload['enforcementMode'] = 'blocking'
    payload['active'] = True
    payload['templateReference'] = {'link': 'https://localhost/mgmt/tm/asm/policy-templates/EY4J-L6HK0AXUYXIc0VjDQ'}
    payload['policyBuilderEnabled'] = False
    return bigip.post('%s/asm/policies' % BIGIP_BASE_URL, data=json.dumps(payload)).json()
     policy_url = bigip.get('%s/asm/policies?select=name+eq+%s' % (BIGIP_BASE_URL, asm_policy_name)).json()['items'][0]['selfLink']
     print policy_url
     policy_payload={}
     policy_payload['policyReference'] = {'link': policy_url}
     return bigip.post('%s/asm/tasks/apply-policy/' % BIGIP_BASE_URL, data=json.dumps(policy_payload)).json()

active = {}
     active['active'] = True
     return bigip.put('%s%s' % (BIGIP_BASE_URL, policy_url[25:]), data=json.dumps(active)).json()

bigip = requests.session()
bigip.auth = ('admin', 'admin')
bigip.verify = False
bigip.headers.update({'Content-Type': 'application/json'})
BIGIP_ADDRESS = '10.10.0.21'
BIGIP_BASE_URL = 'https://%s/mgmt/tm' % BIGIP_ADDRESS

print create_asm_policy(bigip, 'rapid1')

sinan_wang · Answer

Here is code I test worked to create a active asm policy.&nbsp;!/usr/bin/env python
 -*- coding=utf-8 -*-
import requests
import json

requests.packages.urllib3.disable_warnings()
def create_asm_policy(bigip, asm_policy_name):
    """create active asm policy"""
    payload = {}
    payload['name'] = asm_policy_name + '_asm_policy'
    payload['applicationLanguage'] = 'utf-8'
    payload['enforcementMode'] = 'transparent'
    payload['templateReference'] = {'link': 'https://localhost/mgmt/tm/asm/policy-templates/EY4J-L6HK0AXUYXIc0VjDQ'}
    payload['policyBuilderEnabled'] = False
    bigip.post('%s/asm/policies' % BIGIP_BASE_URL, data=json.dumps(payload)).json()
    policy_url = bigip.get('%s/asm/policies?$filter=name+eq+%s' % (BIGIP_BASE_URL, asm_policy_name + '_asm_policy')).json()['items'][0]['selfLink']
    policy_payload = {}
    policy_payload['policyReference'] = {'link': policy_url}
    bigip.post('%s/asm/tasks/apply-policy/' % BIGIP_BASE_URL, data=json.dumps(policy_payload)).json()
    bigip.patch('%s%s/' % (BIGIP_BASE_URL, policy_url[25:]), data=json.dumps({'active': True})).json()

if __name__ == '__main__':
    bigip = requests.session()
    bigip.auth = ('admin', 'admin')
    bigip.verify = False
    bigip.headers.update({'Content-Type': 'application/json'})
    BIGIP_ADDRESS = '10.10.0.21'
    BIGIP_BASE_URL = 'https://%s/mgmt/tm' % BIGIP_ADDRESS

dani_martinez_2 · Answer

Is there any way to do this with f5-common-python library? Thanks&nbsp;

Forum Discussion

How to create a active asm policy use rest api in v11.6.1?

2 Replies

Recent Discussions

Stable Firmware for F5

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Create a DevCentral account

Create F5 BIG-IP Next Instance on Proxmox Virtual Environment

POC: Create and sign a JWT with iRule

Azure Active Directory and BIG-IP APM Integration