Merge branch 'dev' of https://github.com/f5devcentral/f5xc-emea-workshop

 into dev

docs/class4/module1/lab1/lab1.rst

@@ -40,6 +40,8 @@ In term of micro-services, this is how there are used by the Webapp frontend.
 Expose the application on your F5 Distributed Cloud Namespace
 -------------------------------------------------------------
 
+The tenant URL for this lab is : https://f5-emea-workshop.console.ves.volterra.io/
+
 For this lab, we will use the following configuration
 
 1. Create the Origin Pool targeting Sentence public app

docs/class4/module2/lab1/lab1.rst

@@ -91,5 +91,39 @@ Update your API Load Balancer
 
 * SAVE your Load Balancer
 
-.. note:: We do not test now our configuration. We must enable API Discovery first, in order to have a full protection and visibility.
+Make a quick test of API Validation
+-----------------------------------
 
+* The OpenAPI Spec file, specify the type of data expected by the API Endpoint. Let's say we want to delete an entry for /adjectives.
+* The OAS spec file specify the type is ``integer``
+
+   .. code-block:: yaml
+      :emphasize-lines: 11
+      
+      delete:
+         description: delete an adjective
+         tags:
+           - adjectives
+         parameters:
+           - name: id
+             in: path
+             required: true
+             description: id of the adjective to retrieve
+             schema:
+               type: integer
+
+* Let send a wrong request where we replace the ID (integer) by a string
+
+   .. code-block:: bash
+
+      curl --location --request DELETE 'http://sentence-re-$$makeId$$.workshop.emea.f5se.com/api/adjectives/beautiful'
+
+.. note:: Here we replace the ID such as ``4``, by a string ``beautiful``
+
+* Don't expect to see any outcome from the command as we did not set ``Block`` in our settings. We set ``Report``. We need to keep ``Report`` so that the backend responds with sensitive information for the next lab.
+* Go to Security Dashboard and check your logs (can take up to 1min to be displayed). You can see a violation ``Request Path Parameter Violation``
+
+   .. image:: ../pictures/validation-log.png
+      :align: center
+
+.. note:: We sent an ID with a string instead of an integer. F5XC can validate Request and Response body payload.

docs/class4/module2/lab2/lab2.rst

@@ -41,9 +41,9 @@ Create custom PII
 * In Sensitive Data Protection, click on ``configure``
 * Add 2 new ``Defined Custom Sensitive Data Types``, enable detection for ``All Endpoint, Request and Response, Value Pattern``
 
-  * French SSN, use this regex [12][0-9]{2}(0[1-9]|1[0-2])(2[AB]|[0-9]{2})[0-9]{3}[0-9]{3}([0-9]{2})
+  * French SSN, use this regex ``[12][0-9]{2}(0[1-9]|1[0-2])(2[AB]|[0-9]{2})[0-9]{3}[0-9]{3}([0-9]{2})``
 
-  * French Mobile Phone, use this regex ^(?:(?:\+|00)33|0)\s*[1-9](?:[\s.-]*\d{2}){4}$
+  * French Mobile Phone, use this regex ``^(?:(?:\+|00)33|0)\s*[1-9](?:[\s.-]*\d{2}){4}$``
 
 .. image:: ../pictures/pii.png
    :align: left
@@ -62,6 +62,6 @@ It is time to run a traffic generator script to populate the logs and the AI/ML
 
 .. code-block:: none
 
-   cd api-protection-lab
+   cd /home/ubuntu/api-protection-lab
    bash api-all.sh sentence-re-$$makeId$$.workshop.emea.f5se.com