Change ASE default settings

You can change the default settings in ASE by editing the ase-defaults.yml file.

The following table lists the variables that you can set for ASE.

Variable Description

Variable	Description
`mode`	Sets the mode in which ASE is deployed. The default value is `inline`. Set the value to `sideband` if you want ASE to work in the sideband mode.
`http_ws_port`	Data port used for HTTP or WebSocket protocol. The default value is 8000.
`https_wss_port`	Data port used for HTTPS or secure WebSocket protocol. The default value is 8443.
`management_port`	Management port used for CLI and REST API management. The default value is 8010.
`cluster_manager_port`	ASE node uses this port number to communicate with other ASE nodes in the cluster. The default value is 8020.
`keystore_password`	The password for ASE keystore. The default password is `asekeystore`.
`cluster_secret_key`	This key is used for authentication among ASE cluster node. All the nodes of the cluster must have the same `cluster_secret_key`. This key must be entered manually on each node of the ASE cluster for the nodes to communicate with each other. The default value is `yourclusterkey`.
`enable_ase_detected_attack`	This key is used to enable ASE to block auto detected attacks. Set this value to `true` to allow ASE to block auto detected attacks. The default value is `false`.
`enable_abs_attack`	This key is used to enable ASE to fetch attack list from ABS. Set this value to `true` to fetch the list from ABS. The default value is `false`.
`enable_sideband_keepalive`	This key is used only in ASE sideband mode. If set to `true`, ASE sends a keep-alive in response header for the TCP connection between API gateway and ASE. With the default `false` value, ASE sends a connection close in response header for connection between API gateway and ASE.
`Email default settings`	Configure the following settings: `enable_emails`: Set it to `true` for ASE to send email notifications. Default value is false. `smtp_host` and `smtp_port` `sender_email`: Email address used from which email alerts and reports are sent. `email_password`: Password of sender’s email account. `receiver_email`: Email address to which the email alerts and reports are sent.
`CLI admin password`	The default value for CLI admin is `admin`. To change the password, you need the current password.
`enable_abs_publish`	Determines whether the API Security Enforcer fetches the published API list from ABS. Default: `true`
`abs_publish_request_minutes`	Determines in minutes how often API Security Enforcer will get the published API list from ABS. Default: `10`
`enable_strict_request_parser`	Determines whether ASE parsing blocks requests with invalid header starts. Default: `true`

mode

Sets the mode in which ASE is deployed. The default value is inline. Set the value to sideband if you want ASE to work in the sideband mode.

http_ws_port

Data port used for HTTP or WebSocket protocol. The default value is 8000.

https_wss_port

Data port used for HTTPS or secure WebSocket protocol. The default value is 8443.

management_port

Management port used for CLI and REST API management. The default value is 8010.

cluster_manager_port

ASE node uses this port number to communicate with other ASE nodes in the cluster. The default value is 8020.

keystore_password

The password for ASE keystore. The default password is asekeystore.

cluster_secret_key

This key is used for authentication among ASE cluster node. All the nodes of the cluster must have the same cluster_secret_key. This key must be entered manually on each node of the ASE cluster for the nodes to communicate with each other. The default value is yourclusterkey.

enable_ase_detected_attack

This key is used to enable ASE to block auto detected attacks. Set this value to true to allow ASE to block auto detected attacks. The default value is false.

enable_abs_attack

This key is used to enable ASE to fetch attack list from ABS. Set this value to true to fetch the list from ABS. The default value is false.

enable_sideband_keepalive

This key is used only in ASE sideband mode. If set to true, ASE sends a keep-alive in response header for the TCP connection between API gateway and ASE. With the default false value, ASE sends a connection close in response header for connection between API gateway and ASE.

Email default settings

Configure the following settings:

enable_emails: Set it to true for ASE to send email notifications. Default value is false.
smtp_host and smtp_port
sender_email: Email address used from which email alerts and reports are sent.
email_password: Password of sender’s email account.
receiver_email: Email address to which the email alerts and reports are sent.

CLI admin password

The default value for CLI admin is admin. To change the password, you need the current password.

enable_abs_publish

Determines whether the API Security Enforcer fetches the published API list from ABS.

Default: true

abs_publish_request_minutes

Determines in minutes how often API Security Enforcer will get the published API list from ABS.

Default: 10

enable_strict_request_parser

Determines whether ASE parsing blocks requests with invalid header starts.

Default: true

Make sure to take a backup of the ase-defaults.yml file on a secure machine after the automated installation is complete.

The following is a sample ase-defaults.yml file.

---
ase:
 # Deployment mode for ASE. Valid values are inline or sideband
 mode: inline

 # Define ports for the PingIntelligence API Security Enforcer
 # Make sure ports are not same for single server installation
 http_ws_port: 8000
 https_wss_port: 8443
 management_port: 8010
 cluster_manager_port: 8020

 # Password for ASE keystore
 keystore_password: asekeystore

 # cluster_secret_key for ASE cluster
 cluster_secret_key: yourclusterkey

 # Set this value to true, to allow API Security Enforcer to block auto detected attacks.
 enable_ase_detected_attack: false
 # Set this value to true, to allow API Security Enforcer to fetch attack list from ABS.
 enable_abs_attack: true

 # enable keepalive for ASE in sideband mode
 enable_sideband_keepalive: false

 # Set this value to true, to allow API Security Enforcer to fetch published API list from ABS.
 enable_abs_publish: true

 #This value determines how often API Security Enforcer will get published API list from ABS.
 abs_publish_request_minutes: 10


 # enable strict parsing checks for client requests
 # If enabled, ASE will block request with invalid header start
 # If disabled, it will allow requests
 enable_strict_request_parser: true

 # Configure Email Alert. Set enable_emails to true to configure
 # email settings for ASE
 enable_emails: false
 smtp_host: smtp.example.com
 smtp_port: 587
 sender_email: sender@example.com
 email_password: password
 receiver_email: receiver@example.com

 # CLI admin password
 current_admin_password: admin
 new_admin_password: admin