A root API in API Security Enforcer (ASE) is defined
by configuring /
for <url> variable and
*
for <hostname>variable.
Following is a snippet of a truncated API JSON in ASE depicting the configuration of root API.
{
"api_metadata": {
"protocol": "http",
"url": "/",
"hostname": "*",
You can choose between enabling or disabling attack detection on global API by configuring
<root_api_attack> global variable in the
abs_init.js and abs_init_ldap.js file. By
default attack detection is disabled on root API. Set it to true
if you
want to detect attacks on the root API. Configure this variable either before starting
API Behavioral Security (ABS), or you can use the update.sh script to
update the value. For more information on update.sh script, see Update the training variables
db.global_config.insert({
"attack_initial_training": "24",
"attack_update_interval": "24",
"url_limit": "100",
"response_size": "100",
"job_frequency" : "10",
"window_length" : "24",
"enable_ssl": true,
"api_discovery": false,
"discovery_initial_period" : "24",
"discovery_subpath": "1",
"continuous_learning": true,
"discovery_update_interval": "1",
"attack_list_count": "500000",
"resource_monitor_interval" : "10",
"percentage_diskusage_limit" : "80",
"root_api_attack" : false,
"session_inactivity_duration" : "30"
});
Training and attack detection: If the attack detection is disabled on the root API, then
ABS Admin REST API displays n/a
(not applicable) for
training_started_at
and training_duration
. The
prediction_mode
is false
.
{
"api_name": "rest_api",
"host_name": "*",
"url": "/",
"api_type": "regular",
"creation_date": "Fri Apr 05 05:41:00 UTC 2019",
"servers": 2,
"protocol": "http",
"cookie": "",
"token": false,
"training_started_at": "n/a",
"training_duration": "n/a",
"prediction_mode": false
}