Open amolari opened 1 month ago
You can use following snippet to assign an existing waf policy. There is no requirement to define a policy object.
"vs_waf": {
"class": "Service_HTTPS",
"policyWAF": {
"bigip": "/Common/asm-policy-name"
}
}
@JuergenMang Indeed, we're using today what you've mentioned. But we have a special request/use-case where we would like to switch easily the declaration from using existing (on the BIG-IP) ASM policies to URL-fetched policies.
Thanks Alexandre, we have created AUTOTOOL-4470 and added to our backlog.
Environment
Summary
It would be expected that in the WAF_Policy class, one can refer to an existing ASM policy. For example, the LTM policy rule's action refers to the WAF_Policy object, which refers to an existing (already installed on the BIG-IP) on the BIG-IP (pointer).
Expected Behavior
Scenario mentioned above works. The WAF_Policy class object is a simple pointer to an existing ASM policy.
Actual Behavior
Not working, we get the following error:
{"code":422,"errors":["/Tenant/App/myPolicyA/policy: should NOT have additional properties"],"declarationFullId":"","message":"declaration is invalid","declarationId":"691121"}