The following table shows the command-line interface (CLI) functions and their syntax for API Security Enforcer (ASE) in inline mode.
| Function | Description | Syntax |
|---|---|---|
|
Start ASE |
Starts ASE |
|
|
Stop ASES |
Stops ASE |
|
|
Help |
Displays |
|
|
Version |
Displays the version number of ASE |
|
|
Status |
Displays the running status of ASE |
|
|
Update password |
Changes ASE admin password |
|
|
Change log level |
Change balancer.log and controller.log log level |
Options:
|
|
Get Authentication Method |
Displays the current authentication method |
|
|
Update Authentication Method |
Updates ASE authentication method |
|
|
Enable Audit Logging |
Enables audit logging |
|
|
Disable Audit Logging |
Disables audit logging |
|
|
Add Syslog Server |
Adds a new syslog server |
|
|
Delete Syslog Server |
Deletes the syslog server |
|
|
List Syslog Server |
Lists the current syslog server |
|
|
Add API |
Adds a new API from config file in JSON format. File should have .json extension |
|
|
Update API |
Updates an API after the API JSON file has been edited and saved. |
|
|
List APIs |
Lists all APIs configured in ASE |
|
|
API Info |
Displays the API JSON file |
|
|
API Count |
Displays the total number of APIs configured |
|
|
List API Mappings |
Lists all the external and internal URL mappings. |
|
|
Delete API |
Deletes an API from ASE. Deleting an API removes the corresponding JSON file and deletes all the cookies associated with that API |
|
|
Add a Server |
Adds a backend server to an API. Provide the IP address and port number of the server |
|
|
List Server |
Lists all servers for an API |
|
|
Delete a Server |
Deletes a backend server from an API. Provide the IP address and port number of the serve |
|
|
Enable Per API Blocking |
Enables attack blocking for the API |
|
|
Disable Per API Blocking |
Disables attack blocking for the API |
|
|
Enable Health Check |
Enables health check for a specific API |
|
|
Disable Health Check |
Disables health check for a specific API |
|
|
Generate Master Key |
Generates the master obfuscation key ase_master.key |
|
|
Obfuscate Keys and Password |
Obfuscates the keys and passwords configured in various configuration files |
|
|
Create a Key Pair |
Creates private key and public key pair in key store |
|
|
Create a CSR |
Creates a certificate signing request |
|
|
Create a Self-Signed Certificate |
Creates a self-signed certificate |
|
|
Import Certificate |
Imports CA-signed certificate into key store |
|
|
Create Management Key Pair |
Creates a private key for management server |
|
|
Create Management CSR |
Creates a certificate signing request for management server |
|
|
Create Management Self-signed Certificate |
Creates a self-signed certificate for management server |
|
|
Import Management Key Pair |
Imports a key-pair for management server |
|
|
Import Management Certificate |
Imports CA-signed certificate for management server |
|
|
Health Status |
Displays health status of all backend servers for the specified API |
|
|
Cluster Info |
Displays information about an ASE cluster |
|
|
Server Count |
Lists the total number of APIs associated with an API |
|
|
Cookie Count |
Lists the live cookie count associated with an API |
|
|
Persistent Connection Count |
Lists the WebSocket or http-keep alive connection count for an API |
|
|
Clear cookies |
Clears all cookies for an API |
|
|
Enable Firewall |
Enables API firewall. Activates pattern enforcement, API name mapping, manual attack type |
|
|
Disable Firewall |
Disables API firewall |
|
|
Enable ASE detected attacks |
Enables ASE detected attacks |
|
|
Disable ASE Detected Attacks |
Disables API firewall |
|
|
Enable ABS |
Enables ABS to send access logs to ABS |
|
|
Disable ABS |
Disables ABS to stop sending access logs to ABS |
|
|
Enable ABS Detected Attack Blocking |
Enables ASE to fetch ABS detected attack lists and block access of list entries. |
|
|
Disable ABS Detected Attack Blocking |
Stops ASE from blocking and fetching ABS detected attack list. This command does not stop ABS from detecting attacks. |
|
|
Adding deny list |
Adds an entry to ASE deny list using CLI. Valid type values are: IP, Cookie, OAuth2 token, API Key, and username |
If type is ip, then name is the IP address. If type is cookie, then name is the cookie name, and value is the cookie value Example:
|
|
Delete deny list Entry |
Deletes entry from the deny list. |
Example:
|
|
Clear deny list |
Clears all the entries from the deny list |
|
|
View deny list |
Views the entire deny list or view a deny list for the specified attack type (for example, invalid_method) |
|
|
View deny list for IP addresses with missing tokens |
Views the deny list entries that are blocked due to missing tokens |
|
|
Adding allow list |
Adds an entry to ASE allow list using CLI. Valid type values are: IP, cookie, OAuth2 token, API key, and username |
Options:
Example:
|
|
Delete allow list entry |
Deletes entry from the allow list |
Example:
|
|
Clear allow list |
Clears all the entries from the allow list |
|
|
View allow list |
Views the entire allow list |
|
|
ABS Info |
Displays ABS status information. ABS enabled or disabled, ASE fetching ABS attack types, and ABS cluster information |
|
|
Enable XFF |
Enables X-Forwarded For |
|
|
Disable XFF |
Disables X-Forwarded For |
|
|
Update Client Spike |
Update Client Spike Threshold |
Example:
|
|
Update Server Spike |
Updates Server Spike Threshold
|
Examples:
|
|
Update Bytes-in |
Updates bytes in value for a WebSocket API |
Example:
|
|
Update Bytes-out |
Updates bytes out value for a WebSocket API |
Example:
|
|
Update Server Quota |
Updates the number of API connections allowed on a backend server
|
Examples:
|