Enabling and disabling real-time API cybersecurity
API Security Enforcer (ASE) provides real-time API cybersecurity to stop hackers. Violations are immediately blocked, and attack information is sent to the API Behavioral Security (ABS) engine.
About this task
|
Real-time API cybersecurity is activated only when ASE firewall is enabled. For more information on enabling the ASE firewall, see CLI for inline ASE. |
Steps
-
To enable API cybersecurity:
-
Run the
enable_firewallcommand in the command-line interface (CLI):Example:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_firewall Firewall is now enabled
-
To verify that cybersecurity is enabled, run the
statuscommand:Example:
/opt/pingidentity/ase/bin/cli.sh status Ping Identity Inc., API Security Enforcer status : started http/ws : port 80 https/wss : port 443 firewall : enabled abs : disabled abs attack : disabled audit : enabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
-
-
To disable API cybersecurity:
-
Run the
disable_firewallcommand:Example:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_firewall Firewall is now disabled
-
To verify that cybersecurity is enabled, run the
statuscommand:Example:
/opt/pingidentity/ase/bin/cli.sh status Ping Identity Inc., API Security Enforcer status : started http/ws : port 80 https/wss : port 443 firewall : disabled abs : disabled abs attack : disabled audit : enabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
-