Change ASE default settings - PingIntelligence for APIs

Change ASE default settings - PingIntelligence for APIs - 5.0

PingIntelligence

bundle

pingintelligence-50

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.0

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-50

pingintelligence

private

ContentType_ce

Page created: 12 May 2021 |

Page updated: 1 Nov 2021

| 3 min read

5.0 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product Installation User task

You can change the default settings in ASE by editing the ase-defaults.yml file.

The following table lists the variables that you can set for ASE.

Variable	Description
`mode`	Sets the mode in which ASE is deployed. The default value is `inline`. Set the value to `sideband` if you want ASE to work in the sideband mode.
`http_ws_port`	Data port used for HTTP or WebSocket protocol. The default value is 8090.
`https_wss_port`	Data port used for HTTPS or secure WebSocket protocol. The default value is 8443.
`management_port`	Management port used for CLI and REST API management. The default value is 8010.
`cluster_manager_port`	ASE node uses this port number to communicate with other ASE nodes in the cluster. The default value is 8020.
`keystore_password`	The password for ASE keystore. The default password is `asekeystore`.
`cluster_secret_key`	This key is used for authentication among ASE cluster node. All the nodes of the cluster must have the same `cluster_secret_key`. This key must be entered manually on each node of the ASE cluster for the nodes to communicate with each other. The default value is `yourclusterkey`.
`enable_ase_detected_attack`	This key is used to enable ASE to block auto detected attacks. Set this value to `true` to allow ASE to block auto detected attacks. The default value is `false`.
`enable_abs_attack`	This key is used to enable ASE to fetch attack list from ABS. Set this value to `true` to fetch the list from ABS. The default value is `false`.
`enable_sideband_keepalive`	This key is used only in ASE sideband mode. If set to `true`, ASE sends a keep-alive in response header for the TCP connection between API gateway and ASE. With the default `false` value, ASE sends a connection close in response header for connection between API gateway and ASE.
`Email default settings`	Configure the following settings: `enable_emails`: Set it to `true` for ASE to send email notifications. Default value is false. `smtp_host` and `smtp_port` `sender_email`: Email address used from which email alerts and reports are sent. `email_password`: Password of sender’s email account. `receiver_email`: Email address to which the email alerts and reports are sent.
`CLI admin password`	The default value for CLI admin is `admin`. To change the password, you need the current password.

Important:

Make sure to take a backup of the ase-defaults.yml file on a secure machine after the automated installation is complete.

The following is a sample ase-defaults.yml file.

---
ase:
    # Deployment mode for ASE. Valid values are inline or sideband
    mode: inline

    # Define ports for the PingIntelligence API Security Enforcer
    # Make sure ports are not same for single server installation
    http_ws_port: 8090
    https_wss_port: 8443
    management_port: 8010
    cluster_manager_port: 8020
    
    # Password for ASE keystore
    keystore_password: asekeystore
    
    # cluster_secret_key for ASE cluster
    cluster_secret_key: yourclusterkey

    # enable keepalive for ASE in sideband mode
    enable_sideband_keepalive: false

    # Configure Email Alert. Set enable_emails to true to configure
    # email settings for ASE
    enable_emails: false
    smtp_host: smtp.example.com
    smtp_port: 587
    sender_email: sender@example.com
    email_password: password
    receiver_email: receiver@example.com
    
    # CLI admin password
    current_admin_password: admin
    new_admin_password: admin