PingIntelligence

CLI for inline ASE

Start ASE

Starts ASE

Syntax

./start.sh

Stop ASE

Stops ASE

Syntax

./stop.sh

Help

Displays cli.sh help

Syntax

./cli.sh help

Version

Displays the version number of ASE

Syntax

./cli.sh version

Status

Displays the running status of ASE

Syntax

./cli.sh status

Update Password

Change ASE admin password

Syntax

./cli.sh update_password \{-u admin}

Change log level

Change balancer.log and controller.log log level

Syntax

./cli.sh log_level -u admin -p

Options

warn, info, error, fatal, debug

Get Authentication Method

Display the current authentication method

Syntax

./cli.sh get_auth_method {method} \{-u admin}

Update Authentication Method

Update ASE authentication method

Syntax

./cli.sh update_auth_method {method} \{-u admin}

Enable Audit Logging

Enable audit logging Syntax ./cli.sh enable_audit -u admin -p admin

Disable Audit Logging

Disable audit logging

Syntax

./cli.sh disable_audit -u admin -p admin

Add Syslog Server

Add a new syslog server

Syntax

./cli.sh –u admin -p admin add_syslog_server host:port

Delete Syslog Server

Delete the syslog server

Syntax

./cli.sh –u admin -p admin delete_syslog_server host:port

List Syslog Server

List the current syslog server Syntax ./cli.sh –u admin -p admin list_syslog_server

Add API

Add a new API from config file in JSON format. File should have .json extension

Syntax

./cli.sh –u admin -p admin add_api {config_file_path}

Update API

Update an API after the API JSON file has been edited and saved.

Syntax

./cli.sh –u admin -p admin update_api {api_name}

List APIs

Lists all APIs configured in ASE

Syntax

./cli.sh –u admin -p admin list_api

API Info

Displays the API JSON file

Syntax

./cli.sh –u admin -p admin api_info {api_id}

API Count

Displays the total number of APIs configured

Syntax

./cli.sh –u admin -p admin api_count

List API Mappings

Lists all the external and internal URL mappings

Syntax

./cli.sh –u admin -p admin list_api_mappings

Delete API

Delete an API from ASE. Deleting an API removes the corresponding JSON file and deletes all the cookies associated with that API

Syntax

./cli.sh –u admin -p admin delete_api {api_id}

Add a Server

Add a backend server to an API. Provide the IP address and port number of the server

Syntax

./cli.sh –u admin -p admin add_server {api_id}\{host:port}[quota][spike_threshold]

List Server

List all servers for an API

Syntax

./cli.sh –u admin -p admin list_server {api_id}

Delete a Server

Delete a backend server from an API. Provide the IP address and port number of the server

Syntax

./cli.sh –u admin -p admin delete_server {api_id}\{host:port}

Enable Per API Blocking

Enables attack blocking for the API

Syntax

./cli.sh –u admin -p admin enable_blocking {api_id}

Disable Per API Blocking

Disable attack blocking for the API

Syntax

./cli.sh –u admin -p admin disable_blocking {api_id}

Enable Health Check

Enable health check for a specific API

Syntax

./cli.sh -u admin -p admin enable_health_check shop_api

Disable Health Check

Disable health check for a specific API

Syntax

./cli.sh -u admin -p admin disable_health_check {api_id}

Generate Master Key

Generate the master obfuscation key ase_master.key

Syntax

./cli.sh -u admin -p admin generate_obfkey

Obfuscate Keys and Password

Obfuscate the keys and passwords configured in various configuration files

Syntax

./cli.sh -u admin -p admin obfuscate_keys

Create a Key Pair

Creates private key and public key pair in keystore

Syntax

./cli.sh –u admin -p admin create_key_pair

Create a CSR

Creates a certificate signing request

Syntax

./cli.sh –u admin -p admin create_csr

Create a Self-Signed Certificate

Creates a self-signed certificate

Syntax

./cli.sh –u admin -p admin create_self_sign_cert

Import Certificate

Import CA signed certificate into keystore

Syntax

./cli.sh –u admin -p admin import_cert {cert_path}

Create Management Key Pair

Create a private key for management server

Syntax

/cli.sh –u admin -p admin create_management_key_pair

Create Management CSR

Create a certificate signing request for management server

Syntax

/cli.sh –u admin -p admin create_management_csr

Create Management Self-signed Certificate

Create a self-signed certificate for management server

Syntax

/cli.sh –u admin -p admin create_management_self_sign_cert

Import Management Key Pair

Import a key-pair for management server

Syntax

/cli.sh –u admin -p admin import_management_key_pair {key_path}

Import Management Certificate

Import CA signed certificate for management server

Syntax

/cli.sh –u admin -p admin import_management_cert {cert_path}

Health Status

Displays health status of all backend servers for the specified API

Syntax

./cli.sh –u admin -p admin health_status {api_id}

Cluster Info

Displays information about an ASE cluster

Syntax

./cli.sh –u admin -p admin cluster_info

Server Count

Lists the total number of APIs associated with an API

Syntax

./cli.sh –u admin -p admin server_count {api_id}

Cookie Count

Lists the live cookie count associated with an API

Syntax

./cli.sh –u admin -p admin cookie_count {api_id}

Persistent Connection Count

Lists the WebSocket or http-keep alive connection count for an API

Syntax

./cli.sh –u admin -p admin persistent_connection_count {api_id}

Clear cookies

Clear all cookies for an API

Syntax

./cli.sh –u admin -p admin clear_cookies{api_id}

Enable Firewall

Enable API firewall. Activates pattern enforcement, API name mapping, manual attack type

Syntax

./cli.sh –u admin -p admin enable_firewall

Disable Firewall

Disable API firewall

Syntax

./cli.sh –u admin -p admin disable_firewall

Enable ASE detected attacks

Enable ASE detected attacks

Syntax

./cli.sh –u admin -p admin enable_ase_detected_attack

Disable ASE Detected Attacks

Disable API firewall

Syntax

./cli.sh –u admin -p admin disable_ase_detected_attack

Enable ABS

Enable ABS to send access logs to ABS

Syntax

./cli.sh –u admin -p admin enable_abs

Disable ABS

Disable ABS to stop sending access logs to ABS

Syntax

./cli.sh –u admin -p admin disable_abs

Enable ABS Detected Attack Blocking

Enable ASE to fetch ABS detected attack lists and block access of list entries.

Syntax

./cli.sh –u admin -p admin enable_abs_attack

Disable ABS Detected Attack Blocking

Stop ASE from blocking and fetching ABS detected attack list. This command does not stop ABS from detecting attacks.

Syntax

./cli.sh –u admin -p admin disable_abs_attack

Adding Blacklist

Add an entry to ASE blacklist using CLI. Valid type values are: IP, Cookie, OAuth2 token, API Key, and username

If type is ip, then Name is the IP address.

If type is cookie, then name is the cookie name, and value is the cookie value

Syntax

./cli.sh –u admin -p admin add_blacklist {type}{name}{value} Example/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1

Delete Blacklist Entry

Delete entry from the blacklist

Syntax

./cli.sh –u admin -p admin delete_blacklist {type}{name}{value} Examplecli.sh -u admin -p delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35

Clear Blacklist

Clear all the entries from the blacklist

Syntax

./cli.sh –u admin -p admin clear_blacklist

View blacklist

View the entire blacklist or view a blacklist for the specified attack type (for example, invalid_method)

Syntax

./cli.sh –u admin -p admin view_blacklist \{all\|manual\|abs_generated\|invalid_content_type\|invalid_method\|invalid_protocol\|decoy\|missing_token}

View blacklist for IP addresses with missing tokens

View the blacklist entries that are blocked due to missing tokens

Syntax

./cli.sh view_blacklist missing_token -uadmin -padmin

Adding Whitelist

Add an entry to ASE whitelist using CLI. Valid type values are: IP, cookie, OAuth2 token, API key, and username

If type is IP, then name is the IP address.

If type is cookie, then name is the cookie name, and value is the cookie value

Syntax

./cli.sh –u admin -p admin add_whitelist {type}{name}{value}

Example

/cli.sh -u admin -p admin add_whitelist api_key AccessKey 065f73cdf39e486f9d7cda97d2dd1597

Delete Whitelist Entry

Delete entry from the whitelist

Syntax

./cli.sh –u admin -p admin delete_whitelist {type}{name}{value}

Example

/cli.sh -u admin -p delete_whitelist token 58fcb0cb97c54afbb88c07a4f2d73c35

Clear Whitelist

Clear all the entries from the whitelist

Syntax

./cli.sh –u admin -p admin clear_whitelist

View Whitelist

View the entire whitelist

Syntax

./cli.sh –u admin -p admin view_whitelist

ABS Info

Displays ABS status information.

ABS enabled or disabled, ASE fetching ABS attack types, and ABS cluster information

Syntax

./cli.sh –u admin -p admin abs_info

Enable XFF

Enable X-Forwarded For

Syntax

./cli.sh –u admin -p admin enable_xff

Disable XFF

Disable X-Forwarded For

Syntax

./cli.sh –u admin -p admin disable_xff

Update Client Spike

Update Client Spike Threshold

Syntax

update_client_spike_threshold {api_id} \{+ve digit/(second\|minute\|hour)}

Example

update_client_spike_threshold shop_api 5000/second

Update Server Spike

Update Server Spike Threshold

“*” - use the same value for all servers

Syntax

update_server_spike_threshold {api_id} \{host:port} \{+ve digit/(second\|minute\|hour)}

Example

update_server_spike_threshold shop_api 127.0.0.1:9090 5000/secondupdate_server_spike_threshold shop_api "*" 5000/second

Update Bytes-in

Update bytes in value for a WebSocket API

Syntax

update_bytes_in_threshold {api_id} \{+ve digit/(second\|minute\|hour)}

Example

update_bytes_in_threshold shop_api 8096/second

Update Bytes-out

Update bytes out value for a WebSocket API

Syntax

update_bytes_out_threshold {api_id} \{+ve digit/(second\|minute\|hour)}

Example

update_bytes_out_threshold shop_api 8096/second

Update Server Quota

Update the number of API connections allowed on a backend server

“*” - use the same value for all backend servers

Syntax

update_server_connection_quota {api_id} \{host:port} \{+ve digit}

Example

update_server_connection_quota shop_api 127.0.0.1:9090 5000update_server_connection_quota shop_api "*" 5000