CLI for inline ASE

The following table shows the command-line interface (CLI) functions and their syntax for API Security Enforcer (ASE) in inline mode.

Function Description Syntax

Function	Description	Syntax
Start ASE	Starts ASE	`./start.sh`
Stop ASES	Stops ASE	`./stop.sh`
Help	Displays `cli.sh` help	`./cli.sh help`
Version	Displays the version number of ASE	`./cli.sh version`
Status	Displays the running status of ASE	`./cli.sh status`
Update password	Changes ASE admin password	`./cli.sh update_password \{-u admin}`
Change log level	Change `balancer.log` and `controller.log` log level	`./cli.sh log_level -u admin -p` Options: `warn` `info` `error` `fatal` `debug`
Get Authentication Method	Displays the current authentication method	`./cli.sh get_auth_method {method} \{-u admin}`
Update Authentication Method	Updates ASE authentication method	`./cli.sh update_auth_method {method} \{-u admin}`
Enable Audit Logging	Enables audit logging	`./cli.sh enable_audit -u admin -p admin`
Disable Audit Logging	Disables audit logging	`./cli.sh disable_audit -u admin -p admin`
Add Syslog Server	Adds a new syslog server	`./cli.sh –u admin -p admin add_syslog_server host:port`
Delete Syslog Server	Deletes the syslog server	`./cli.sh –u admin -p admin delete_syslog_server host:port`
List Syslog Server	Lists the current syslog server	`./cli.sh –u admin -p admin list_syslog_server`
Add API	Adds a new API from config file in JSON format. File should have `.json` extension	`./cli.sh –u admin -p admin add_api {config_file_path}`
Update API	Updates an API after the API JSON file has been edited and saved.	`./cli.sh –u admin -p admin update_api {api_name}`
List APIs	Lists all APIs configured in ASE	`./cli.sh –u admin -p admin list_api`
API Info	Displays the API JSON file	`./cli.sh –u admin -p admin api_info {api_id}`
API Count	Displays the total number of APIs configured	`./cli.sh –u admin -p admin api_count`
List API Mappings	Lists all the external and internal URL mappings.	`./cli.sh –u admin -p admin list_api_mappings`
Delete API	Deletes an API from ASE. Deleting an API removes the corresponding JSON file and deletes all the cookies associated with that API	`./cli.sh –u admin -p admin delete_api {api_id}`
Add a Server	Adds a backend server to an API. Provide the IP address and port number of the server	`./cli.sh –u admin -p admin add_server {api_id}\{host:port}[quota][spike_threshold]`
List Server	Lists all servers for an API	`./cli.sh –u admin -p admin list_server {api_id}`
Delete a Server	Deletes a backend server from an API. Provide the IP address and port number of the serve	`./cli.sh –u admin -p admin delete_server {api_id}\{host:port}`
Enable Per API Blocking	Enables attack blocking for the API	`./cli.sh –u admin -p admin enable_blocking {api_id}`
Disable Per API Blocking	Disables attack blocking for the API	`./cli.sh –u admin -p admin disable_blocking {api_id}`
Enable Health Check	Enables health check for a specific API	`./cli.sh -u admin -p admin enable_health_check shop_api`
Disable Health Check	Disables health check for a specific API	`./cli.sh -u admin -p admin disable_health_check {api_id}`
Generate Master Key	Generates the master obfuscation key `ase_master.key`	`./cli.sh -u admin -p admin generate_obfkey`
Obfuscate Keys and Password	Obfuscates the keys and passwords configured in various configuration files	`./cli.sh -u admin -p admin obfuscate_keys`
Create a Key Pair	Creates private key and public key pair in key store	`./cli.sh –u admin -p admin create_key_pair`
Create a CSR	Creates a certificate signing request	`./cli.sh –u admin -p admin create_csr`
Create a Self-Signed Certificate	Creates a self-signed certificate	`./cli.sh –u admin -p admin create_self_sign_cert`
Import Certificate	Imports CA-signed certificate into key store	`./cli.sh –u admin -p admin import_cert {cert_path}`
Create Management Key Pair	Creates a private key for management server	`/cli.sh –u admin -p admin create_management_key_pair`
Create Management CSR	Creates a certificate signing request for management server	`/cli.sh –u admin -p admin create_management_csr`
Create Management Self-signed Certificate	Creates a self-signed certificate for management server	`/cli.sh –u admin -p admin create_management_self_sign_cert`
Import Management Key Pair	Imports a key-pair for management server	`/cli.sh –u admin -p admin import_management_key_pair {key_path}`
Import Management Certificate	Imports CA-signed certificate for management server	`/cli.sh –u admin -p admin import_management_cert {cert_path}`
Health Status	Displays health status of all backend servers for the specified API	`./cli.sh –u admin -p admin health_status {api_id}`
Cluster Info	Displays information about an ASE cluster	`./cli.sh –u admin -p admin cluster_info`
Server Count	Lists the total number of APIs associated with an API	`./cli.sh –u admin -p admin server_count {api_id}`
Cookie Count	Lists the live cookie count associated with an API	`./cli.sh –u admin -p admin cookie_count {api_id}`
Persistent Connection Count	Lists the WebSocket or http-keep alive connection count for an API	`./cli.sh –u admin -p admin persistent_connection_count {api_id}`
Clear cookies	Clears all cookies for an API	`./cli.sh –u admin -p admin clear_cookies{api_id}`
Enable Firewall	Enables API firewall. Activates pattern enforcement, API name mapping, manual attack type	`./cli.sh –u admin -p admin enable_firewall`
Disable Firewall	Disables API firewall	`./cli.sh –u admin -p admin disable_firewall`
Enable ASE detected attacks	Enables ASE detected attacks	`./cli.sh –u admin -p admin enable_ase_detected_attack`
Disable ASE Detected Attacks	Disables API firewall	`./cli.sh –u admin -p admin disable_ase_detected_attack`
Enable ABS	Enables ABS to send access logs to ABS	`./cli.sh –u admin -p admin enable_abs`
Disable ABS	Disables ABS to stop sending access logs to ABS	`./cli.sh –u admin -p admin disable_abs`
Enable ABS Detected Attack Blocking	Enables ASE to fetch ABS detected attack lists and block access of list entries.	`./cli.sh –u admin -p admin enable_abs_attack`
Disable ABS Detected Attack Blocking	Stops ASE from blocking and fetching ABS detected attack list. This command does not stop ABS from detecting attacks.	`./cli.sh –u admin -p admin disable_abs_attack`
Adding deny list	Adds an entry to ASE deny list using CLI. Valid type values are: IP, Cookie, OAuth2 token, API Key, and username	`./cli.sh –u admin -p admin add_blacklist {type}{name}{value}` If type is `ip`, then `name` is the IP address. If type is `cookie`, then `name` is the cookie name, and `value` is the cookie value Example: `/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1`
Delete deny list Entry	Deletes entry from the deny list.	`./cli.sh –u admin -p admin delete_blacklist {type}{name}{value}` Example: `cli.sh -u admin -p delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35`
Clear deny list	Clears all the entries from the deny list	`./cli.sh –u admin -p admin clear_blacklist`
View deny list	Views the entire deny list or view a deny list for the specified attack type (for example, invalid_method)	`./cli.sh –u admin -p admin view_blacklist \{all\|manual\|abs_generated\|invalid_content_type\|invalid_method\|invalid_protocol\|decoy\|missing_token}`
View deny list for IP addresses with missing tokens	Views the deny list entries that are blocked due to missing tokens	`./cli.sh view_blacklist missing_token -uadmin -padmin`
Adding allow list	Adds an entry to ASE allow list using CLI. Valid type values are: IP, cookie, OAuth2 token, API key, and username	`./cli.sh –u admin -p admin add_whitelist {type}{name}{value}` Options: If type is `ip`, then `name` is the IP address. If type is `cookie`, then `name` is the cookie name, and `value` is the cookie value Example: `/cli.sh -u admin -p admin add_whitelist api_key AccessKey 065f73cdf39e486f9d7cda97d2dd1597`
Delete allow list entry	Deletes entry from the allow list	`./cli.sh –u admin -p admin delete_whitelist {type}{name}{value}` Example: `/cli.sh -u admin -p delete_whitelist token 58fcb0cb97c54afbb88c07a4f2d73c35`
Clear allow list	Clears all the entries from the allow list	`./cli.sh –u admin -p admin clear_whitelist`
View allow list	Views the entire allow list	`./cli.sh –u admin -p admin view_whitelist`
ABS Info	Displays ABS status information. ABS enabled or disabled, ASE fetching ABS attack types, and ABS cluster information	`./cli.sh –u admin -p admin abs_info`
Enable XFF	Enables X-Forwarded For	`./cli.sh –u admin -p admin enable_xff`
Disable XFF	Disables X-Forwarded For	`./cli.sh –u admin -p admin disable_xff`
Update Client Spike	Update Client Spike Threshold	`update_client_spike_threshold {api_id} \{+ve digit/(second\|minute\|hour)}` Example: `update_client_spike_threshold shop_api 5000/second`
Update Server Spike	Updates Server Spike Threshold `“*”` - use the same value for all servers	`update_server_spike_threshold {api_id} \{host:port} \{+ve digit/(second\|minute\|hour)}` Examples: `update_server_spike_threshold shop_api 127.0.0.1:9090 5000/second` `update_server_spike_threshold shop_api "*" 5000/second`
Update Bytes-in	Updates bytes in value for a WebSocket API	`update_bytes_in_threshold {api_id} \{+ve digit/(second\|minute\|hour)}` Example: `update_bytes_in_threshold shop_api 8096/second`
Update Bytes-out	Updates bytes out value for a WebSocket API	`update_bytes_out_threshold {api_id} \{+ve digit/(second\|minute\|hour)}` Example: `update_bytes_out_threshold shop_api 8096/second`
Update Server Quota	Updates the number of API connections allowed on a backend server `“*”` - use the same value for all backend servers	`update_server_connection_quota {api_id} \{host:port} \{+ve digit}` Examples: `update_server_connection_quota shop_api 127.0.0.1:9090 5000` `update_server_connection_quota shop_api "*" 5000`

Start ASE

Starts ASE

./start.sh

Stop ASES

Stops ASE

./stop.sh

Help

Displays cli.sh help

./cli.sh help

Version

Displays the version number of ASE

./cli.sh version

Status

Displays the running status of ASE

./cli.sh status

Update password

Changes ASE admin password

./cli.sh update_password \{-u admin}

Change log level

Change balancer.log and controller.log log level

./cli.sh log_level -u admin -p

Options:

warn
info
error
fatal
debug

Get Authentication Method

Displays the current authentication method

./cli.sh get_auth_method {method} \{-u admin}

Update Authentication Method

Updates ASE authentication method

./cli.sh update_auth_method {method} \{-u admin}

Enable Audit Logging

Enables audit logging

./cli.sh enable_audit -u admin -p admin

Disable Audit Logging

Disables audit logging

./cli.sh disable_audit -u admin -p admin

Add Syslog Server

Adds a new syslog server

./cli.sh –u admin -p admin add_syslog_server host:port

Delete Syslog Server

Deletes the syslog server

./cli.sh –u admin -p admin delete_syslog_server host:port

List Syslog Server

Lists the current syslog server

./cli.sh –u admin -p admin list_syslog_server

Add API

Adds a new API from config file in JSON format. File should have .json extension

./cli.sh –u admin -p admin add_api {config_file_path}

Update API

Updates an API after the API JSON file has been edited and saved.

./cli.sh –u admin -p admin update_api {api_name}

List APIs

Lists all APIs configured in ASE

./cli.sh –u admin -p admin list_api

API Info

Displays the API JSON file

./cli.sh –u admin -p admin api_info {api_id}

API Count

Displays the total number of APIs configured

./cli.sh –u admin -p admin api_count

List API Mappings

Lists all the external and internal URL mappings.

./cli.sh –u admin -p admin list_api_mappings

Delete API

Deletes an API from ASE. Deleting an API removes the corresponding JSON file and deletes all the cookies associated with that API

./cli.sh –u admin -p admin delete_api {api_id}

Add a Server

Adds a backend server to an API. Provide the IP address and port number of the server

./cli.sh –u admin -p admin add_server {api_id}\{host:port}[quota][spike_threshold]

List Server

Lists all servers for an API

./cli.sh –u admin -p admin list_server {api_id}

Delete a Server

Deletes a backend server from an API. Provide the IP address and port number of the serve

./cli.sh –u admin -p admin delete_server {api_id}\{host:port}

Enable Per API Blocking

Enables attack blocking for the API

./cli.sh –u admin -p admin enable_blocking {api_id}

Disable Per API Blocking

Disables attack blocking for the API

./cli.sh –u admin -p admin disable_blocking {api_id}

Enable Health Check

Enables health check for a specific API

./cli.sh -u admin -p admin enable_health_check shop_api

Disable Health Check

Disables health check for a specific API

./cli.sh -u admin -p admin disable_health_check {api_id}

Generate Master Key

Generates the master obfuscation key ase_master.key

./cli.sh -u admin -p admin generate_obfkey

Obfuscate Keys and Password

Obfuscates the keys and passwords configured in various configuration files

./cli.sh -u admin -p admin obfuscate_keys

Create a Key Pair

Creates private key and public key pair in key store

./cli.sh –u admin -p admin create_key_pair

Create a CSR

Creates a certificate signing request

./cli.sh –u admin -p admin create_csr

Create a Self-Signed Certificate

Creates a self-signed certificate

./cli.sh –u admin -p admin create_self_sign_cert

Import Certificate

Imports CA-signed certificate into key store

./cli.sh –u admin -p admin import_cert {cert_path}

Create Management Key Pair

Creates a private key for management server

/cli.sh –u admin -p admin create_management_key_pair

Create Management CSR

Creates a certificate signing request for management server

/cli.sh –u admin -p admin create_management_csr

Create Management Self-signed Certificate

Creates a self-signed certificate for management server

/cli.sh –u admin -p admin create_management_self_sign_cert

Import Management Key Pair

Imports a key-pair for management server

/cli.sh –u admin -p admin import_management_key_pair {key_path}

Import Management Certificate

Imports CA-signed certificate for management server

/cli.sh –u admin -p admin import_management_cert {cert_path}

Health Status

Displays health status of all backend servers for the specified API

./cli.sh –u admin -p admin health_status {api_id}

Cluster Info

Displays information about an ASE cluster

./cli.sh –u admin -p admin cluster_info

Server Count

Lists the total number of APIs associated with an API

./cli.sh –u admin -p admin server_count {api_id}

Cookie Count

Lists the live cookie count associated with an API

./cli.sh –u admin -p admin cookie_count {api_id}

Persistent Connection Count

Lists the WebSocket or http-keep alive connection count for an API

./cli.sh –u admin -p admin persistent_connection_count {api_id}

Clear cookies

Clears all cookies for an API

./cli.sh –u admin -p admin clear_cookies{api_id}

Enable Firewall

Enables API firewall. Activates pattern enforcement, API name mapping, manual attack type

./cli.sh –u admin -p admin enable_firewall

Disable Firewall

Disables API firewall

./cli.sh –u admin -p admin disable_firewall

Enable ASE detected attacks

Enables ASE detected attacks

./cli.sh –u admin -p admin enable_ase_detected_attack

Disable ASE Detected Attacks

Disables API firewall

./cli.sh –u admin -p admin disable_ase_detected_attack

Enable ABS

Enables ABS to send access logs to ABS

./cli.sh –u admin -p admin enable_abs

Disable ABS

Disables ABS to stop sending access logs to ABS

./cli.sh –u admin -p admin disable_abs

Enable ABS Detected Attack Blocking

Enables ASE to fetch ABS detected attack lists and block access of list entries.

./cli.sh –u admin -p admin enable_abs_attack

Disable ABS Detected Attack Blocking

Stops ASE from blocking and fetching ABS detected attack list. This command does not stop ABS from detecting attacks.

./cli.sh –u admin -p admin disable_abs_attack

Adding deny list

Adds an entry to ASE deny list using CLI. Valid type values are: IP, Cookie, OAuth2 token, API Key, and username

./cli.sh –u admin -p admin add_blacklist {type}{name}{value}

If type is ip, then name is the IP address.

If type is cookie, then name is the cookie name, and value is the cookie value

Example:

/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1

Delete deny list Entry

Deletes entry from the deny list.

./cli.sh –u admin -p admin delete_blacklist {type}{name}{value}

Example:

cli.sh -u admin -p delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35

Clear deny list

Clears all the entries from the deny list

./cli.sh –u admin -p admin clear_blacklist

View deny list

Views the entire deny list or view a deny list for the specified attack type (for example, invalid_method)

./cli.sh –u admin -p admin view_blacklist \{all|manual|abs_generated|invalid_content_type|invalid_method|invalid_protocol|decoy|missing_token}

View deny list for IP addresses with missing tokens

Views the deny list entries that are blocked due to missing tokens

./cli.sh view_blacklist missing_token -uadmin -padmin

Adding allow list

Adds an entry to ASE allow list using CLI. Valid type values are: IP, cookie, OAuth2 token, API key, and username

./cli.sh –u admin -p admin add_whitelist {type}{name}{value}

Options:

If type is ip, then name is the IP address.
If type is cookie, then name is the cookie name, and value is the cookie value

Example:

/cli.sh -u admin -p admin add_whitelist api_key AccessKey 065f73cdf39e486f9d7cda97d2dd1597

Delete allow list entry

Deletes entry from the allow list

./cli.sh –u admin -p admin delete_whitelist {type}{name}{value}

Example:

/cli.sh -u admin -p delete_whitelist token 58fcb0cb97c54afbb88c07a4f2d73c35

Clear allow list

Clears all the entries from the allow list

./cli.sh –u admin -p admin clear_whitelist

View allow list

Views the entire allow list

./cli.sh –u admin -p admin view_whitelist

ABS Info

Displays ABS status information.

ABS enabled or disabled, ASE fetching ABS attack types, and ABS cluster information

./cli.sh –u admin -p admin abs_info

Enable XFF

Enables X-Forwarded For

./cli.sh –u admin -p admin enable_xff

Disable XFF

Disables X-Forwarded For

./cli.sh –u admin -p admin disable_xff

Update Client Spike

Update Client Spike Threshold

update_client_spike_threshold {api_id} \{+ve digit/(second|minute|hour)}

Example:

update_client_spike_threshold shop_api 5000/second

Update Server Spike

Updates Server Spike Threshold

“*” - use the same value for all servers

update_server_spike_threshold {api_id} \{host:port} \{+ve digit/(second|minute|hour)}

Examples:

update_server_spike_threshold shop_api 127.0.0.1:9090 5000/second

update_server_spike_threshold shop_api "*" 5000/second

Update Bytes-in

Updates bytes in value for a WebSocket API

update_bytes_in_threshold {api_id} \{+ve digit/(second|minute|hour)}

Example:

update_bytes_in_threshold shop_api 8096/second

Update Bytes-out

Updates bytes out value for a WebSocket API

update_bytes_out_threshold {api_id} \{+ve digit/(second|minute|hour)}

Example:

update_bytes_out_threshold shop_api 8096/second

Update Server Quota

Updates the number of API connections allowed on a backend server

“*” - use the same value for all backend servers

update_server_connection_quota {api_id} \{host:port} \{+ve digit}

Examples:

update_server_connection_quota shop_api 127.0.0.1:9090 5000

update_server_connection_quota shop_api "*" 5000

PingIntelligence

CLI for inline ASE