f5-appsvcs-extension icon indicating copy to clipboard operation
f5-appsvcs-extension copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

WAF_Policy: allow use of policy/use refering an existing ASM Policy on the BIG-IP

Open amolari opened this issue 6 months ago • 3 comments

Environment

  • Application Services Version: 3.52.0
  • BIG-IP Version: 17.1.1.3

Summary

It would be expected that in the WAF_Policy class, one can refer to an existing ASM policy. For example, the LTM policy rule's action refers to the WAF_Policy object, which refers to an existing (already installed on the BIG-IP) on the BIG-IP (pointer).

[...]
            "actions": [
              {
                "event": "request",
                "type": "waf",
                "enabled": true,
                "policy": {
                  "use": "myPolicyA"
                }
              }
            ]
          }
        ],
        "strategy": "best-match",
        "class": "Endpoint_Policy"
      },
      "myPolicyA": {
        "class": "WAF_Policy",
        "policy": {
          "use": "/Common/policy_a"
        }
      },
[...]

Expected Behavior

Scenario mentioned above works. The WAF_Policy class object is a simple pointer to an existing ASM policy.

Actual Behavior

Not working, we get the following error: {"code":422,"errors":["/Tenant/App/myPolicyA/policy: should NOT have additional properties"],"declarationFullId":"","message":"declaration is invalid","declarationId":"691121"}

amolari avatar Jul 31 '24 19:07 amolari