Per API blocking in ASE
ASE can be configured to selectively block on a per API basis by configuring an API JSON file parameter. To enable per API blocking for each API, set the enable_blocking
parameter to true
in the API JSON. For example:
api_metadata": { "protocol": "http", "url": "/", "hostname": "*", "cookie": "", "cookie_idle_timeout": "200m", "logout_api_enabled": false, "cookie_persistence_enabled": false, "oauth2_access_token": false, "apikey_qs": "", "apikey_header": "", "enable_blocking": true, "login_url": "", "api_mapping": { "internal_url": "" },
If per API blocking is disabled, ABS still detects the suspected attacks for that specific API, however, ASE does not block them. ASE will continue to block the suspected attacks on other APIs with the enable_blocking
set to true
.
ASE CLI commands are also supported to enable blocking for the specified API
-
./cli.sh –u admin -p admin enable_blocking {api_id}
Disable blocking for the specified API
-
./cli.sh –u admin -p admin disable_blocking {api_id}