WAF Policy, how is the open-api-files url handled by AS3?

[amolari]

Environment

• Application Services Version: 3.52.0
• BIG-IP Version: 17.1.1.3

Summary

Please explain how AS3 handles the open-api-files link in a WAF Policy.
Using a WAF Policy of type template=API Security, we have in the policy json file such key:

"open-api-files": [
      {
        "link": "https://myexample.com/openspec.yml?ref=main&private_token=xxxxxxx"
      }
    ]

I would like to know how is that openspec.yml file provided to ASM to complete the WAF Policy installation.

Is it fetched by AS3? Is the WAF policy passed to ASM and ASM will url-fetch that openspec.yml file?

[JuergenMang]

As far I know and observed: The OpenAPI file is fetched by ASM as with all others declarative waf policies.

[amolari]

@JuergenMang you're perfectly right:
On my repo I see that the following

• user agent f5-appsvcs/3.0 fetches the ASM policy
• user-agent libwww-perl/6.05 fetches the OpenAPI spec file

However, after a discussion with AS3 PE, we wanted to formalize it here.

[sunitharonan]

Thanks Alexandre, we have created AUTOTOOL-4469 and added to our backlog.