The following table shows the command-line interface (CLI) functions and their syntax for API Security Enforcer (ASE) in sideband mode.
| Function | Description | Syntax |
|---|---|---|
|
Start ASE |
Starts ASE |
|
|
Stop ASE |
Stops ASE |
|
|
Help |
Displays cli.sh help |
|
|
Version |
Displays the version number of ASE |
|
|
Status |
Displays the running status of ASE |
|
|
Update Password |
Changes ASE admin password |
|
|
Change log level |
Changes balancer.log and controller.log log level |
Options:
|
|
Get Authentication Method |
Displays the current authentication method |
|
|
Update Authentication Method |
Updates ASE authentication method |
|
|
Enable Sideband Authentication |
Enables authentication between API gateway and ASE when ASE is deployed in sideband mode |
|
|
Disable Sideband Authentication |
Disables authentication between API gateway and ASE when ASE is deployed in sideband mode |
|
|
Create ASE Authentication Token |
Create the ASE token that is used to authenticate between the API gateway and ASE |
|
|
List ASE Authentication Token |
List the ASE token that is used to authenticate between the API gateway and ASE |
|
|
Import ASE Authentication Token |
Imports ASE token that is used for authentication between ASE and API gateway. The token should be 32 characters long and the allowable characters in the token are alphabets in small case and digits 0-9. |
|
|
Delete ASE Authentication Token |
Deletes the ASE token that is used to authenticate between the API gateway and ASE |
|
|
Enable Audit Logging |
Enables audit logging |
|
|
Disable Audit Logging |
Disables audit logging |
|
|
Add Syslog Server |
Adds a new syslog server |
|
|
Delete Syslog Server |
Deletes the syslog server |
|
|
List Syslog Server |
Lists the current syslog server |
|
|
Add API |
Add a new API file in JSON format. File should have |
|
|
Update API |
Updates an API after the API JSON file has been edited and saved |
|
|
List APIs |
Lists all APIs configured in ASE |
|
|
API Info |
Displays the API JSON file |
|
|
API Count |
Displays the total number of APIs configured |
|
|
Enable Per API Blocking |
Enables attack blocking for the API |
|
|
Disable Per API Blocking |
Disables attack blocking for the API |
|
|
Delete API |
Deletes an API from ASE. Deleting an API removes the corresponding JSON file and deletes all the cookies associated with that API |
|
|
Generate Master Key |
Generates the master obfuscation key |
|
|
Obfuscate Keys and Password |
Obfuscates the keys and passwords configured in various configuration files |
|
|
Create a Key Pair |
Creates private key and public key pair in keystore |
|
|
Create a CSR |
Creates a certificate signing request |
|
|
Create a Self-Signed Certificate |
Creates a self-signed certificate |
|
|
Import Certificate |
Imports a CA-signed certificate into keystore |
|
|
Create Management Key Pair |
Creates a private key for management server |
|
|
Create Management CSR |
Creates a certificate signing request for management server |
|
|
Create Management Self-signed Certificate |
Creates a self-signed certificate for management server |
|
|
Import Management Key Pair |
Imports a key-pair for management server |
|
|
Import Management Certificate |
Imports a CA-signed certificate for management server |
|
|
Cluster Info |
Displays information about an ASE cluster |
|
|
Delete Cluster Node |
Deletes an inactive ASE cluster node |
|
|
Enable Firewall |
Enables API firewall. Activates pattern enforcement, API name mapping, manual attack type |
|
|
Disable Firewall |
Disables API firewall |
|
|
Enable ASE detected attacks |
Enables ASE-detected attacks |
|
|
Disable ASE Detected Attacks |
Disables ASE-detected attacks |
|
|
Enable ABS |
Enables ABS to send access logs to ABS |
|
|
Disable ABS |
Disables ABS to stop sending access logs to ABS |
|
|
Adding deny list |
Adds an entry to ASE deny list using CLI. Valid type values are: IP, Cookie, OAuth2 token, API Key, and username |
If type is ip, then name is the IP address. If type is cookie, then name is the cookie name, and value is the cookie value Example:
|
|
Delete deny list Entry |
Deletes entry from the deny list. |
Example:
|
|
Clear deny list |
Clears all the entries from the deny list |
|
|
View deny list |
Views the entire deny list or view a deny list for the specified attack type (for example, invalid_method) |
|
|
View deny list for IP addresses with missing tokens |
Views the deny list entries that are blocked due to missing tokens |
|
|
Adding allow list |
Adds an entry to ASE allow list using CLI. Valid type values are: IP, cookie, OAuth2 token, API key, and username |
Options:
Example:
|
|
Delete allow list Entry |
Delete entry from the allow list |
Example: |
|
Clear allow list |
Clears all the entries from the allow list |
|
|
View allow list |
Views the entire allow list |
|
|
ABS Info |
Displays ABS status information ABS enabled or disabled, ASE fetching ABS attack types, and ABS cluster information |
|