--- title: Change ASE default settings description: You can change the default settings in ASE by editing the ase-defaults.yml file. component: pingintelligence version: 5.1 page_id: pingintelligence:pingintelligence_production_deployment:pingintelligence_changing_ase_default_settings canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/pingintelligence_production_deployment/pingintelligence_changing_ase_default_settings.html revdate: May 6, 2024 --- # Change ASE default settings You can change the default settings in ASE by editing the `ase-defaults.yml` file. The following table lists the variables that you can set for ASE. | Variable | Description | | ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `mode` | Sets the mode in which ASE is deployed. The default value is `inline`. Set the value to `sideband` if you want ASE to work in the sideband mode. | | `http_ws_port` | Data port used for HTTP or WebSocket protocol. The default value is 8000. | | `https_wss_port` | Data port used for HTTPS or secure WebSocket protocol. The default value is 8443. | | `management_port` | Management port used for CLI and REST API management. The default value is 8010. | | `cluster_manager_port` | ASE node uses this port number to communicate with other ASE nodes in the cluster. The default value is 8020. | | `keystore_password` | The password for ASE keystore. The default password is `asekeystore`. | | `cluster_secret_key` | This key is used for authentication among ASE cluster node. All the nodes of the cluster must have the same `cluster_secret_key`. This key must be entered manually on each node of the ASE cluster for the nodes to communicate with each other. The default value is `yourclusterkey`. | | `enable_ase_detected_attack` | This key is used to enable ASE to block auto detected attacks. Set this value to `true` to allow ASE to block auto detected attacks. The default value is `false`. | | `enable_abs_attack` | This key is used to enable ASE to fetch attack list from ABS. Set this value to `true` to fetch the list from ABS. The default value is `false`. | | `enable_sideband_keepalive` | This key is used only in ASE sideband mode. If set to `true`, ASE sends a keep-alive in response header for the TCP connection between API gateway and ASE. With the default `false` value, ASE sends a connection close in response header for connection between API gateway and ASE. | | `Email default settings` | Configure the following settings:- `enable_emails`: Set it to `true` for ASE to send email notifications. Default value is false. - `smtp_host` and `smtp_port` - `sender_email`: Email address used from which email alerts and reports are sent. - `email_password`: Password of sender's email account. - `receiver_email`: Email address to which the email alerts and reports are sent. | | `CLI admin password` | The default value for CLI admin is `admin`. To change the password, you need the current password. | | `enable_abs_publish` | Determines whether the API Security Enforcer fetches the published API list from ABS.Default: `true` | | `abs_publish_request_minutes` | Determines in minutes how often API Security Enforcer will get the published API list from ABS.Default: `10` | | `enable_strict_request_parser` | Determines whether ASE parsing blocks requests with invalid header starts.Default: `true` | | | | | - | --------------------------------------------------------------------------------------------------------------------------- | | | Make sure to take a backup of the `ase-defaults.yml` file on a secure machine after the automated installation is complete. | The following is a sample `ase-defaults.yml` file. ``` --- ase: # Deployment mode for ASE. Valid values are inline or sideband mode: inline # Define ports for the PingIntelligence API Security Enforcer # Make sure ports are not same for single server installation http_ws_port: 8000 https_wss_port: 8443 management_port: 8010 cluster_manager_port: 8020 # Password for ASE keystore keystore_password: asekeystore # cluster_secret_key for ASE cluster cluster_secret_key: yourclusterkey # Set this value to true, to allow API Security Enforcer to block auto detected attacks. enable_ase_detected_attack: false # Set this value to true, to allow API Security Enforcer to fetch attack list from ABS. enable_abs_attack: true # enable keepalive for ASE in sideband mode enable_sideband_keepalive: false # Set this value to true, to allow API Security Enforcer to fetch published API list from ABS. enable_abs_publish: true #This value determines how often API Security Enforcer will get published API list from ABS. abs_publish_request_minutes: 10 # enable strict parsing checks for client requests # If enabled, ASE will block request with invalid header start # If disabled, it will allow requests enable_strict_request_parser: true # Configure Email Alert. Set enable_emails to true to configure # email settings for ASE enable_emails: false smtp_host: smtp.example.com smtp_port: 587 sender_email: sender@example.com email_password: password receiver_email: receiver@example.com # CLI admin password current_admin_password: admin new_admin_password: admin ```