--- title: CLI for inline ASE description: Starts ASE component: pingintelligence version: 5.1 page_id: pingintelligence:api_security_enforcer:pingintelligence_cli_for_inline_ase canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/api_security_enforcer/pingintelligence_cli_for_inline_ase.html revdate: April 3, 2024 --- # CLI for inline ASE * Start ASE Starts ASE **Syntax** `./start.sh` * Stop ASE Stops ASE **Syntax** `./stop.sh` * Help Displays cli.sh help **Syntax** `./cli.sh help` * Version Displays the version number of ASE **Syntax** `./cli.sh version` * Status Displays the running status of ASE **Syntax** `./cli.sh status` * Update Password Change ASE admin password **Syntax** `./cli.sh update_password \{-u admin}` * Change log level Change balancer.log and controller.log log level **Syntax** `./cli.sh log_level -u admin -p` **Options** `warn`, `info`, `error`, `fatal`, `debug` * Get Authentication Method Display the current authentication method **Syntax** `./cli.sh get_auth_method {method} \{-u admin}` * Update Authentication Method Update ASE authentication method **Syntax** `./cli.sh update_auth_method {method} \{-u admin}` * Enable Audit Logging Enable audit logging **Syntax** `./cli.sh enable_audit -u admin -p admin` * Disable Audit Logging Disable audit logging **Syntax** `./cli.sh disable_audit -u admin -p admin` * Add Syslog Server Add a new syslog server **Syntax** `./cli.sh –u admin -p admin add_syslog_server host:port` * Delete Syslog Server Delete the syslog server **Syntax** `./cli.sh –u admin -p admin delete_syslog_server host:port` * List Syslog Server List the current syslog server **Syntax** `./cli.sh –u admin -p admin list_syslog_server` * Add API Add a new API from config file in JSON format. File should have `.json` extension **Syntax** `./cli.sh –u admin -p admin add_api {config_file_path}` * Update API Update an API after the API JSON file has been edited and saved. **Syntax** `./cli.sh –u admin -p admin update_api {api_name}` * List APIs Lists all APIs configured in ASE **Syntax** `./cli.sh –u admin -p admin list_api` * API Info Displays the API JSON file **Syntax** `./cli.sh –u admin -p admin api_info {api_id}` * API Count Displays the total number of APIs configured **Syntax** `./cli.sh –u admin -p admin api_count` * List API Mappings Lists all the external and internal URL mappings **Syntax** `./cli.sh –u admin -p admin list_api_mappings` * Delete API Delete an API from ASE. Deleting an API removes the corresponding JSON file and deletes all the cookies associated with that API **Syntax** `./cli.sh –u admin -p admin delete_api {api_id}` * Add a Server Add a backend server to an API. Provide the IP address and port number of the server **Syntax** `./cli.sh –u admin -p admin add_server {api_id}\{host:port}[quota][spike_threshold]` * List Server List all servers for an API **Syntax** `./cli.sh –u admin -p admin list_server {api_id}` * Delete a Server Delete a backend server from an API. Provide the IP address and port number of the server **Syntax** `./cli.sh –u admin -p admin delete_server {api_id}\{host:port}` * Enable Per API Blocking Enables attack blocking for the API **Syntax** `./cli.sh –u admin -p admin enable_blocking {api_id}` * Disable Per API Blocking Disable attack blocking for the API **Syntax** `./cli.sh –u admin -p admin disable_blocking {api_id}` * Enable Health Check Enable health check for a specific API **Syntax** `./cli.sh -u admin -p admin enable_health_check shop_api` * Disable Health Check Disable health check for a specific API **Syntax** `./cli.sh -u admin -p admin disable_health_check {api_id}` * **Generate Master Key** Generate the master obfuscation key ase\_master.key **Syntax** `./cli.sh -u admin -p admin generate_obfkey` * **Obfuscate Keys and Password** Obfuscate the keys and passwords configured in various configuration files **Syntax** `./cli.sh -u admin -p admin obfuscate_keys` * **Create a Key Pair** Creates private key and public key pair in keystore **Syntax** `./cli.sh –u admin -p admin create_key_pair` * **Create a CSR** Creates a certificate signing request **Syntax** `./cli.sh –u admin -p admin create_csr` * **Create a Self-Signed Certificate** Creates a self-signed certificate **Syntax** `./cli.sh –u admin -p admin create_self_sign_cert` * **Import Certificate** Import CA signed certificate into keystore **Syntax** `./cli.sh –u admin -p admin import_cert {cert_path}` * **Create Management Key Pair** Create a private key for management server **Syntax** `/cli.sh –u admin -p admin create_management_key_pair` * **Create Management CSR** Create a certificate signing request for management server **Syntax** `/cli.sh –u admin -p admin create_management_csr` * **Create Management Self-signed Certificate** Create a self-signed certificate for management server **Syntax** `/cli.sh –u admin -p admin create_management_self_sign_cert` * **Import Management Key Pair** Import a key-pair for management server **Syntax** `/cli.sh –u admin -p admin import_management_key_pair {key_path}` * **Import Management Certificate** Import CA signed certificate for management server **Syntax** `/cli.sh –u admin -p admin import_management_cert {cert_path}` * **Health Status** Displays health status of all backend servers for the specified API **Syntax** `./cli.sh –u admin -p admin health_status {api_id}` * **Cluster Info** Displays information about an ASE cluster **Syntax** `./cli.sh –u admin -p admin cluster_info` * **Server Count** Lists the total number of APIs associated with an API **Syntax** `./cli.sh –u admin -p admin server_count {api_id}` * **Cookie Count** Lists the live cookie count associated with an API **Syntax** `./cli.sh –u admin -p admin cookie_count {api_id}` * **Persistent Connection Count** Lists the WebSocket or http-keep alive connection count for an API **Syntax** `./cli.sh –u admin -p admin persistent_connection_count {api_id}` * **Clear cookies** Clear all cookies for an API **Syntax** `./cli.sh –u admin -p admin clear_cookies{api_id}` * **Enable Firewall** Enable API firewall. Activates pattern enforcement, API name mapping, manual attack type **Syntax** `./cli.sh –u admin -p admin enable_firewall` * **Disable Firewall** Disable API firewall **Syntax** `./cli.sh –u admin -p admin disable_firewall` * **Enable ASE detected attacks** Enable ASE detected attacks **Syntax** `./cli.sh –u admin -p admin enable_ase_detected_attack` * **Disable ASE Detected Attacks** Disable API firewall **Syntax** `./cli.sh –u admin -p admin disable_ase_detected_attack` * **Enable ABS** Enable ABS to send access logs to ABS **Syntax** `./cli.sh –u admin -p admin enable_abs` * **Disable ABS** Disable ABS to stop sending access logs to ABS **Syntax** `./cli.sh –u admin -p admin disable_abs` * **Enable ABS Detected Attack Blocking** Enable ASE to fetch ABS detected attack lists and block access of list entries. **Syntax** `./cli.sh –u admin -p admin enable_abs_attack` * **Disable ABS Detected Attack Blocking** Stop ASE from blocking and fetching ABS detected attack list. This command does not stop ABS from detecting attacks. **Syntax** `./cli.sh –u admin -p admin disable_abs_attack` * **Adding Blacklist** Add an entry to ASE blacklist using CLI. Valid type values are: IP, Cookie, OAuth2 token, API Key, and username If type is ip, then Name is the IP address. If type is cookie, then name is the cookie name, and value is the cookie value **Syntax** `./cli.sh –u admin -p admin add_blacklist {type}{name}{value}` **Example**/cli.sh -u admin -p admin add\_blacklist ip 1.1.1.1 * **Delete Blacklist Entry** Delete entry from the blacklist **Syntax** `./cli.sh –u admin -p admin delete_blacklist {type}{name}{value}` **Example**cli.sh -u admin -p delete\_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35 * **Clear Blacklist** Clear all the entries from the blacklist **Syntax** `./cli.sh –u admin -p admin clear_blacklist` * **View blacklist** View the entire blacklist or view a blacklist for the specified attack type (for example, invalid\_method) **Syntax** `./cli.sh –u admin -p admin view_blacklist \{all\|manual\|abs_generated\|invalid_content_type\|invalid_method\|invalid_protocol\|decoy\|missing_token}` * **View blacklist for IP addresses with missing tokens** View the blacklist entries that are blocked due to missing tokens **Syntax** `./cli.sh view_blacklist missing_token -uadmin -padmin` * **Adding Whitelist** Add an entry to ASE whitelist using CLI. Valid type values are: IP, cookie, OAuth2 token, API key, and username If type is IP, then name is the IP address. If type is cookie, then name is the cookie name, and value is the cookie value **Syntax** `./cli.sh –u admin -p admin add_whitelist {type}{name}{value}` **Example** `/cli.sh -u admin -p admin add_whitelist api_key AccessKey 065f73cdf39e486f9d7cda97d2dd1597` * **Delete Whitelist Entry** Delete entry from the whitelist **Syntax** `./cli.sh –u admin -p admin delete_whitelist {type}{name}{value}` **Example** `/cli.sh -u admin -p delete_whitelist token 58fcb0cb97c54afbb88c07a4f2d73c35` * **Clear Whitelist** Clear all the entries from the whitelist **Syntax** `./cli.sh –u admin -p admin clear_whitelist` * **View Whitelist** View the entire whitelist **Syntax** `./cli.sh –u admin -p admin view_whitelist` * **ABS Info** Displays ABS status information. ABS enabled or disabled, ASE fetching ABS attack types, and ABS cluster information **Syntax** `./cli.sh –u admin -p admin abs_info` * **Enable XFF** Enable X-Forwarded For **Syntax** `./cli.sh –u admin -p admin enable_xff` * **Disable XFF** Disable X-Forwarded For **Syntax** `./cli.sh –u admin -p admin disable_xff` * **Update Client Spike** Update Client Spike Threshold **Syntax** `update_client_spike_threshold {api_id} \{+ve digit/(second\|minute\|hour)}` **Example** `update_client_spike_threshold shop_api 5000/second` * **Update Server Spike** Update Server Spike Threshold `"*"` - use the same value for all servers **Syntax** `update_server_spike_threshold {api_id} \{host:port} \{+ve digit/(second\|minute\|hour)}` **Example** `update_server_spike_threshold shop_api 127.0.0.1:9090 5000/secondupdate_server_spike_threshold shop_api "*" 5000/second` * **Update Bytes-in** Update bytes in value for a WebSocket API **Syntax** `update_bytes_in_threshold {api_id} \{+ve digit/(second\|minute\|hour)}` **Example** `update_bytes_in_threshold shop_api 8096/second` * **Update Bytes-out** Update bytes out value for a WebSocket API **Syntax** `update_bytes_out_threshold {api_id} \{+ve digit/(second\|minute\|hour)}` **Example** `update_bytes_out_threshold shop_api 8096/second` * **Update Server Quota** Update the number of API connections allowed on a backend server `"*"` - use the same value for all backend servers **Syntax** `update_server_connection_quota {api_id} \{host:port} \{+ve digit}` **Example** `update_server_connection_quota shop_api 127.0.0.1:9090 5000update_server_connection_quota shop_api "*" 5000`