You can change the default settings in ASE by editing the ase-defaults.yml file.
The following table lists the variables that you can set for ASE.
Variable | Description |
---|---|
|
Sets the mode in which ASE is deployed. The default value is
|
|
Data port used for HTTP or WebSocket protocol. The default value is 8000. |
|
Data port used for HTTPS or secure WebSocket protocol. The default value is 8443. |
|
Management port used for CLI and REST API management. The default value is 8010. |
|
ASE node uses this port number to communicate with other ASE nodes in the cluster. The default value is 8020. |
|
The password for ASE keystore. The default password is
|
|
This key is used for authentication among ASE cluster node. All the nodes of
the cluster must have the same |
|
This key is used to enable ASE to block auto detected attacks. Set this
value to |
|
This key is used to enable ASE to fetch attack list from ABS. Set this value
to |
|
This key is used only in ASE sideband mode. If set to |
|
Configure the following settings:
|
|
The default value for CLI admin is |
|
Determines whether the API Security Enforcer fetches the published API list from ABS. Default: |
|
Determines in minutes how often API Security Enforcer will get the published API list from ABS. Default: |
|
Determines whether ASE parsing blocks requests with invalid header starts. Default: |
Make sure to take a backup of the ase-defaults.yml file on a secure machine after the automated installation is complete.
The following is a sample ase-defaults.yml file.
---
ase:
# Deployment mode for ASE. Valid values are inline or sideband
mode: inline
# Define ports for the PingIntelligence API Security Enforcer
# Make sure ports are not same for single server installation
http_ws_port: 8000
https_wss_port: 8443
management_port: 8010
cluster_manager_port: 8020
# Password for ASE keystore
keystore_password: asekeystore
# cluster_secret_key for ASE cluster
cluster_secret_key: yourclusterkey
# Set this value to true, to allow API Security Enforcer to block auto detected attacks.
enable_ase_detected_attack: false
# Set this value to true, to allow API Security Enforcer to fetch attack list from ABS.
enable_abs_attack: true
# enable keepalive for ASE in sideband mode
enable_sideband_keepalive: false
# Set this value to true, to allow API Security Enforcer to fetch published API list from ABS.
enable_abs_publish: true
#This value determines how often API Security Enforcer will get published API list from ABS.
abs_publish_request_minutes: 10
# enable strict parsing checks for client requests
# If enabled, ASE will block request with invalid header start
# If disabled, it will allow requests
enable_strict_request_parser: true
# Configure Email Alert. Set enable_emails to true to configure
# email settings for ASE
enable_emails: false
smtp_host: smtp.example.com
smtp_port: 587
sender_email: sender@example.com
email_password: password
receiver_email: receiver@example.com
# CLI admin password
current_admin_password: admin
new_admin_password: admin