a10_waf_template

Synopsis

Manage WAF template configuration

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

name

str/required

WAF Template Name

csp

bool

Insert HTTP header Content-Security-Policy if necessary

csp_value

str

CSP header value, e.g., ‘script-src ‘none’’

csp_insert_type

str

‘insert-if-not-exist’= Only insert the header when it does not exist; ‘insert- always’= Always insert the header even when there is a header with the same name;

http_redirect

str

Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)

http_resp_200

bool

Send HTTP response with status code 200 OK

resp_url_200

str

Response content to send client when denying request

reset_conn

bool

Reset the client connection

http_resp_403

bool

Send HTTP response with status code 403 Forbidden (default)

resp_url_403

str

Response content to send client when denying request

deploy_mode

str

‘active’= Deploy WAF in active (blocking) mode; ‘passive’= Deploy WAF in passive (log-only) mode; ‘learning’= Deploy WAF in learning mode;

log_succ_reqs

bool

Log successful waf requests

learn_pr

bool

Enable per-request logs for WAF learning

parent

bool

inherit from parent template

parent_template_waf

str

WAF template (WAF Config name)

pcre_match_limit

int

Maximum number of matches allowed (default 30000)

pcre_match_recursion_limit

int

Maximum levels of recursive allowed (default 5000)

soap_format_check

bool

Check XML document for SOAP format compliance

logging

str

Logging template (Logging Config name)

wsdl_file

str

Specify name of WSDL file for verifying XML body contents

wsdl_resp_val_file

str

Specify name of WSDL file for verifying XML body contents

xml_schema_file

str

Specify name of XML-Schema file for verifying XML body contents

xml_schema_resp_val_file

str

Specify name of XML-Schema file for verifying XML body contents

uuid

str

uuid of the object

user_tag

str

Customized tag

brute_force_protection

dict

Field brute_force_protection

challenge_action_cookie

bool

Use Set-Cookie to determine if client allows cookies

challenge_action_javascript

bool

Add JavaScript to response to test if client allows JavaScript

challenge_action_captcha

bool

Initiate a Captcha to verify client can respond

brute_force_challenge_limit

int

Maximum brute-force events before sending challenge (default 2) (Maximum brute- force events before locking out client (default 2))

enable_disable_action

str

‘enable’= Enable brute force protections; ‘disable’= Disable brute force protections (default);

brute_force_global

bool

Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally)

brute_force_lockout_limit

int

Maximum brute-force events before locking out client (default 5)

brute_force_lockout_period

int

Number of seconds client should be locked out (default 600)

brute_force_resp_codes

bool

Trigger brute-force check on HTTP response code

brute_force_resp_codes_file

str

Name of WAF policy list file

brute_force_resp_headers

bool

Trigger brute-force check on HTTP response header names

brute_force_resp_headers_file

str

Name of WAF policy list file

brute_force_resp_string

bool

Trigger brute-force check on HTTP response reason phrase

brute_force_resp_string_file

str

Name of WAF policy list file

brute_force_test_period

int

Number of seconds for brute-force event counting (default 60)

uuid

str

uuid of the object

http_limit_check

dict

Field http_limit_check

disable

bool

Disable all checks for HTTP limit

max_content_length

bool

Max length of content (Maximum length of content allowed)

max_content_length_value

int

Max length of content (default 4096) (Maximum length of content allowed (default 4096))

max_cookie_header_length

bool

Max Cookie header length allowed in request (Maximum length of cookie header allowed)

max_cookie_header_length_value

int

Max Cookie header length allowed in request (default 4096) (Maximum length of cookie header allowed (default 4096))

max_cookie_name_length

bool

Max Cookie name length allowed in request (Maximum length of cookie name allowed)

max_cookie_name_length_value

int

Max Cookie name length allowed in request (default 64) (Maximum length of cookie name allowed (default 64))

max_cookie_value_length

bool

Max Cookie value length allowed in request (Maximum length of cookie value allowed)

max_cookie_value_length_value

int

Max Cookie value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))

max_cookies

bool

Max Cookies allowed in request (Maximum number of cookie allowed)

max_cookies_value

int

Max Cookies allowed in request (default 20) (Maximum number of cookie allowed (default 20))

max_cookies_length

bool

Total Cookies length allowed in request (Maximum length of all cookies in request)

max_cookies_length_value

int

Total Cookies length allowed in request (default 4096) (Maximum length of all cookies in request (default 4096))

max_data_parse

bool

Max data to be parsed for Web Application Firewall

max_data_parse_value

int

Max data to be parsed for Web Application Firewall (default 262144)

max_entities

bool

Maximum number of MIME entities allowed in request

max_entities_value

int

Maximum number of MIME entities allowed in request (default 10)

max_header_length

bool

Max header length allowed in request (Maximum length of header allowed)

max_header_length_value

int

Max header length allowed in request (default 4096) (Maximum length of header allowed (default 4096))

max_header_name_length

bool

Max header name length allowed in request (Maximum length of header name allowed)

max_header_name_length_value

int

Max header name length allowed in request (default 64) (Maximum length of header name allowed (default 64))

max_header_value_length

bool

Max header value length allowed in request (Maximum length of header value allowed)

max_header_value_length_value

int

Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))

max_headers

bool

Total number of headers allowed in request (Maximum number of headers in request)

max_headers_value

int

Total number of headers allowed in request (default 64) (Maximum number of headers in request (default 64))

max_headers_length

bool

Total headers length allowed in request (Maximum length of all headers in request)

max_headers_length_value

int

Total headers length allowed in request (default 4096) (Maximum length of all headers in request (default 4096))

max_param_name_length

bool

Max query/POST parameter name length allowed in request (Maximum length of query/POST parameter names allowed)

max_param_name_length_value

int

Max query/POST parameter name length allowed in request (default 256) (Maximum length of query/POST parameter names allowed (default 256))

max_param_value_length

bool

Max query/POST parameter value length allowed in request (Maximum length of query/POST parameter value allowed)

max_param_value_length_value

int

Max query/POST parameter value length allowed in request (default 4096) (Maximum length of query/POST parameter value allowed (default 4096))

max_params

bool

Total query/POST parameters allowed in request (Maximum number of query/POST parameters in request)

max_params_value

int

Total query/POST parameters allowed in request (default 64) (Maximum number of query/POST parameters in request (default 64))

max_params_length

bool

Total query/POST parameters length allowed in request (Maximum length of all params in request)

max_params_length_value

int

Total query/POST parameters length allowed in request (default 4096) (Maximum length of all params in request (default 4096))

max_post_length

bool

Maximum content length allowed in POST request

max_post_length_value

int

Maximum content length allowed in POST request (default 20480)

max_query_length

bool

Max length of query string (Maximum length of query string allowed)

max_query_length_value

int

Max length of query string (default 4096) (Maximum length of query string allowed (default 4096))

max_request_length

bool

Max length of request (Maximum length of request allowed)

max_request_length_value

int

Max length of request (default 20480) (Maximum length of request allowed (default 20480))

max_request_line_length

bool

Max length of request line (Maximum length of request line)

max_request_line_length_value

int

Max length of request line (default 4096) (Maximum length of request line (default 4096))

max_url_length

bool

Max length of url (Maximum length of url allowed)

max_url_length_value

int

Max length of url (default 4096) (Maximum length of url allowed (default 4096))

internal_violation_action

str

‘allow’= Allow the transaction and skip WAF checks; ‘deny’= Deny the transaction;

uuid

str

uuid of the object

http_protocol_check

dict

Field http_protocol_check

disable

bool

Disable all checks for HTTP protocol compliance

allowed_headers

bool

Enable allowed-headers check (default disabled)

allowed_headers_list

str

Allowed HTTP headers. Default ‘Host Referer User-Agent Accept Accept-Encoding …’ (see docs for full list) (Allowed HTTP headers (default ‘Host Referer User-Agent Accept Accept-Encoding …’ (see docs for full list)))

allowed_methods

bool

Enable allowed-methods check (default disabled)

allowed_methods_list

str

List of allowed HTTP methods. Default is ‘GET POST’. (List of HTTP methods allowed (default ‘GET POST’))

allowed_versions

bool

Enable allowed-versions check (default disabled)

allowed_versions_list

str

List of allowed HTTP versions (default ‘1.0 1.1 2’)

bad_multipart_request

bool

Check for bad multipart/form-data request body

body_without_content_type

bool

Check for Body request without Content-Type header in request

get_with_content

bool

Check for GET request with Content-Length headers in request

head_with_content

bool

Check for HEAD request with Content-Length headers in request

host_header_with_ip

bool

Check for Host header with IP address

invalid_url_encoding

bool

Check for invalid URL encoding in request

malformed_content_length

bool

Check for malformed content-length in request

malformed_header

bool

Check for malformed HTTP header

malformed_parameter

bool

Check for malformed HTTP query/POST parameter

malformed_request

bool

Check for malformed HTTP request

malformed_request_line

bool

Check for malformed HTTP request line

missing_header_value

bool

Check for missing header value in request

missing_host_header

bool

Check for missing Host header in HTTP/1.1 request

multiple_content_length

bool

Check for multiple Content-Length headers in request

post_with_0_content

bool

Check for POST request with Content-Length 0

post_without_content

bool

Check for POST request without Content-Length/Chunked Encoding headers in request

post_without_content_type

bool

Check for POST request without Content-Type header in request

non_ssl_cookie_prefix

bool

Check for Bad __Secure- or __Host- Cookie Name prefixes in non-ssl request

uuid

str

uuid of the object

cookie_security

dict

Field cookie_security

enable_disable_action

str

‘enable’= Enable cookie security (default); ‘disable’= Disable cookie security;

allow_missing_cookie

bool

Allow requests with missing cookies

allow_unrecognized_cookie

bool

Allow requests with unrecognized cookies

cookie_policy

list

Field cookie_policy

set_cookie_policy

list

Field set_cookie_policy

tamper_protection_http_only

bool

Add HttpOnly flag to cookies not in set-cookie-policy list (default on)

tamper_protection_secure

bool

Add Secure flag to cookies not in set-cookie-policy list (default on)

tamper_protection_samesite

str

‘none’= none; ‘lax’= lax; ‘strict’= strict;

tamper_protection_secret

str

Cookie encryption secret

tamper_protection_secret_encrypted

str

Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

tamper_protection_grace_period

int

Allow unrecognized cookies for a period of time after cookie encryption being applied (default 120 minutes)

tamper_protection_session_cookie_only

bool

Only encrypt session cookies

tamper_protection_sign

bool

Sign cookies

uuid

str

uuid of the object

evasion_check

dict

Field evasion_check

apache_whitespace

bool

Check for whitespace characters in URL

decode_entities

bool

Decode entities in internal url (default on)

decode_escaped_chars

bool

Decode escaped characters such as r n ' xXX u00YY in internal url (default on)

decode_plus_chars

bool

Decode ‘+’ as space in URL (default on)

decode_unicode_chars

bool

Check for evasion attempt using %u encoding of Unicode chars to bypass (default on)

dir_traversal

bool

Check for directory traversal attempt (default on)

high_ascii_bytes

bool

Check for evasion attempt using ASCII bytes with values

invalid_hex_encoding

bool

Check for evasion attempt using invalid hex characters (not in 0-9,a-f)

multiple_encoding_levels

bool

Check for evasion attempt using multiple levels of encoding

multiple_slashes

bool

Check for evasion attempt using multiple slashes/backslashes

max_levels

int

Max levels of encoding allowed in request (default 2)

remove_comments

bool

Remove comments from internal url

remove_spaces

bool

Remove spaces from internal url (default on)

uuid

str

uuid of the object

data_leak_prevention

dict

Field data_leak_prevention

ccn_mask

bool

Mask credit card numbers in response

ssn_mask

bool

Mask US Social Security numbers in response

pcre_mask

str

Mask matched PCRE pattern in response

keep_start

int

Number of unmasked characters at the beginning (default= 0)

keep_end

int

Number of unmasked characters at the end (default= 0)

mask

str

Character to mask the matched pattern (default= X)

uuid

str

uuid of the object

form_protection

dict

Field form_protection

enable_disable_action

str

‘enable’= Enable web form protections (default); ‘disable’= Disable web form protections;

csrf_check

bool

Tag the form to protect against Cross-site Request Forgery

field_consistency_check

bool

Form input consistency check

password_check_non_masked

bool

Check forms that have a password field with a textual type, resulting in this field not being masked

password_check_non_ssl

bool

Check forms that has a password field if the form is not sent over an SSL connection

password_check_autocomplete

bool

Check to protect against server-generated form which contain password fields that allow autocomplete

form_check_non_ssl

bool

Check whether SSL is used for request with forms

form_check_caching

bool

Disable caching for response with forms

form_check_non_post

bool

Check whether POST is used for request with forms

form_check_request_non_post

bool

Check whether POST is used for request with forms

form_check_response_non_post

bool

Check whether form method POST is used for response with forms

form_check_response_non_post_sanitize

bool

Change form method GET to POST (Use with caution= make sure server application still work)

uuid

str

uuid of the object

response_cloaking

dict

Field response_cloaking

filter_headers

bool

Removes web server’s identifying headers

hide_status_codes

bool

Hides response status codes that are not allowed (default 4xx, 5xx)

hide_status_codes_file

str

Name of WAF policy list file

uuid

str

uuid of the object

request_check

dict

Field request_check

bot_check

bool

Check User-Agent for known bots

bot_check_policy_file

str

Name of WAF policy list file

command_injection_check

str

Check to protect against command injection attacks

command_injection_check_policy_file

str

Name of WAF policy command injection list file

redirect_whitelist

bool

Check Redirect URL against list of previously learned redirects

referer_check

bool

Check referer to protect against CSRF attacks

referer_domain_list

str

List of referer domains allowed

referer_safe_url

str

Safe URL to redirect to if referer is missing

referer_domain_list_only

str

List of referer domains allowed

session_check

bool

Enable session checking via session cookie

lifetime

int

Session lifetime in minutes (default 10)

sqlia_check

str

‘reject’= Reject requests with SQLIA patterns;

sqlia_check_policy_file

str

Name of WAF policy list file

url_blacklist

bool

specify name of WAF policy list file to blacklist

waf_blacklist_file

str

Name of WAF policy list file

url_whitelist

bool

specify name of WAF policy list file to whitelist

waf_whitelist_file

str

Name of WAF policy list file

url_learned_list

bool

Check URL against list of previously learned URLs

xss_check

str

‘reject’= Reject requests with bad cookies;

xss_check_policy_file

str

Name of WAF policy list file

uuid

str

uuid of the object

violation_log_mask

dict

Field violation_log_mask

query_param_name_equal_type

str

‘equals’= Mask the query value if the query name equals to the string;

query_param_name_value

str

The list of Query parameter names

uuid

str

uuid of the object

json_check

dict

Field json_check

format_check

bool

Check HTTP body for JSON format compliance

max_array_values

int

Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))

max_depth

int

Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))

max_object_members

int

Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))

max_string_length

int

Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))

uuid

str

uuid of the object

xml_check

dict

Field xml_check

disable

bool

Disable all checks for XML limit

max_attr

int

Maximum number of attributes of an XML element (default 256)

max_attr_name_len

int

Maximum length of an attribute name (default 128)

max_attr_value_len

int

Maximum length of an attribute text value (default 128)

max_cdata_len

int

Maximum length of an CDATA section of an element (default 65535)

max_elem

int

Maximum number of XML elements (default 1024)

max_elem_child

int

Maximum number of children of an XML element (default 1024)

max_elem_depth

int

Maximum recursion level for element definition (default 256)

max_elem_name_len

int

Maximum length for an element name (default 128)

max_entity_decl

int

Maximum number of entity declarations (default 1024)

max_entity_depth

int

Maximum depth of entities (default 32)

max_entity_exp

int

Maximum number of entity expansions (default 1024)

max_entity_exp_depth

int

Maximum nested depth of entity expansions (default 32)

max_namespace

int

Maximum number of namespace declarations (default 16)

max_namespace_uri_len

int

Maximum length of a namespace URI (default 256)

format

bool

Check HTTP body for XML format compliance

sqlia

bool

Check XML data against SQLIA policy

xss

bool

Check XML data against XSS policy

uuid

str

uuid of the object

stats

dict

Field stats

total_req

str

Total Requests

req_allowed

str

Requests Allowed

req_denied

str

Requests Denied

resp_denied

str

Responses Denied

brute_force_success

str

Brute-Force checks passed

brute_force_violation

str

Brute-Force checks violation

brute_force_challenge_cookie_sent

str

Cookie Challenge Sent

brute_force_challenge_cookie_success

str

Cookie Challenge check passed

brute_force_challenge_cookie_violation

str

Cookie challenge violation

brute_force_challenge_javascript_sent

str

JavaScript challenge sent

brute_force_challenge_javascript_success

str

JavaScript challenge check passed

brute_force_challenge_javascript_violation

str

JavaScript challenge violation

brute_force_challenge_captcha_sent

str

Captcha challenge sent

brute_force_challenge_captcha_success

str

Captcha challenge check passed

brute_force_challenge_captcha_violation

str

Captcha challenge violation

brute_force_lockout_limit_success

str

Lockout limit check passed

brute_force_lockout_limit_violation

str

Lockout limit violation

brute_force_challenge_limit_success

str

Lockout limit check passed

brute_force_challenge_limit_violation

str

Lockout limit violation

brute_force_response_codes_triggered

str

Response Codes Triggered

brute_force_response_headers_triggered

str

Brute Force Response Headers Triggered

brute_force_response_string_triggered

str

Brute Force Response string Triggered

cookie_security_encrypt_success

str

Cookie Security - encrypt successful

cookie_security_encrypt_violation

str

Cookie Security - encrypt violation

cookie_security_encrypt_limit_exceeded

str

Cookie Security - encrypt limit exceeded

cookie_security_encrypt_skip_rcache

str

Cookie Security - encrypt skipped - RAM cache

cookie_security_decrypt_success

str

Cookie Security - decrypt successful

cookie_security_decrypt_violation

str

Cookie Security - decrypt violation

cookie_security_sign_success

str

Cookie Security - signing successful

cookie_security_sign_violation

str

Cookie Security - signing violation

cookie_security_sign_limit_exceeded

str

Cookie Security - signing limit exceeded

cookie_security_sign_skip_rcache

str

Cookie Security - signing skipped - RAM Cache

cookie_security_signature_check_success

str

Cookie Security - signature check successful

cookie_security_signature_check_violation

str

Cookie Security - signature check violation

cookie_security_add_http_only_success

str

Cookie Security - http-only flag added

cookie_security_add_http_only_violation

str

Cookie Security - http-only flag violation

cookie_security_add_secure_success

str

Cookie Security - secure flag added

cookie_security_add_secure_violation

str

Cookie Security - secure flag violation

cookie_security_missing_cookie_success

str

Cookie Security - request with missing cookie

cookie_security_missing_cookie_violation

str

Cookie Security - missing cookie violation

cookie_security_unrecognized_cookie_success

str

Cookie Security - request with unrecognized cookie

cookie_security_unrecognized_cookie_violation

str

Cookie Security - unrecognized cookie violation

cookie_security_cookie_policy_success

str

Cookie Security - cookie policy passed

cookie_security_cookie_policy_violation

str

Cookie Security - cookie policy violation

cookie_security_persistent_cookies

str

Cookie Security - persistent cookies

cookie_security_persistent_cookies_encrypted

str

Cookie Security - encrypted persistent cookies

cookie_security_persistent_cookies_signed

str

Cookie Security - signed persistent cookies

cookie_security_session_cookies

str

Cookie Security - session cookies

cookie_security_session_cookies_encrypted

str

Cookie Security - encrypted session cookies

cookie_security_session_cookies_signed

str

Cookie Security - signed session cookies

cookie_security_allowed_session_cookies

str

Cookie Security - allowed session cookies

cookie_security_allowed_persistent_cookies

str

Cookie Security - allowed persistent cookies

cookie_security_disallowed_session_cookies

str

Cookie Security - disallowed session cookies

cookie_security_disallowed_persistent_cookies

str

Cookie Security - disallowed persistent cookies

cookie_security_allowed_session_set_cookies

str

Cookie Security - disallowed session Set-Cookies

cookie_security_allowed_persistent_set_cookies

str

Cookie Security - disallowed persistent Set-Cookies

cookie_security_disallowed_session_set_cookies

str

Cookie Security - disallowed session Set-Cookies

cookie_security_disallowed_persistent_set_cookies

str

Cookie Security - disallowed persistent Set-Cookies

csp_header_violation

str

CSP header missing

csp_header_success

str

CSP header found

csp_header_inserted

str

CSP header Inserted

form_csrf_tag_success

str

Form CSRF tag passed

form_csrf_tag_violation

str

Form CSRF tag violation

form_consistency_success

str

Form Consistency passed

form_consistency_violation

str

Form Consistency violation

form_tag_inserted

str

Form A10 Tag Inserted

form_non_ssl_success

str

Form Non SSL check passed

form_non_ssl_violation

str

Form Non SSL violation

form_request_non_post_success

str

Form Method being Non Post in Request passed

form_request_non_post_violation

str

Form Method being Non Post in Request violation

form_check_success

str

Post Form Check passed

form_check_violation

str

Post Form Check violation

form_check_sanitize

str

Post Form Check Sanitized

form_non_masked_password_success

str

Form Non Masked Password check passed

form_non_masked_password_violation

str

Form Non Masked Password violation

form_non_ssl_password_success

str

Form Non SSL Password check passed

form_non_ssl_password_violation

str

Form Non SSL Password violation

form_password_autocomplete_success

str

Form Password Autocomplete check passed

form_password_autocomplete_violation

str

Form Password Autocomplete violation

form_set_no_cache_success

str

Form Set No Cache check passed

form_set_no_cache

str

Form Set No Cache violation

dlp_ccn_success

str

Credit Card Number check passed

dlp_ccn_amex_violation

str

Amex Credit Card Number Detected

dlp_ccn_amex_masked

str

Amex Credit Card Number Masked

dlp_ccn_diners_violation

str

Diners Club Credit Card Number Detected

dlp_ccn_diners_masked

str

Diners Club Credit Card Number Masked

dlp_ccn_visa_violation

str

Visa Credit Card Number Detected

dlp_ccn_visa_masked

str

Visa Credit Card Number Masked

dlp_ccn_mastercard_violation

str

MasterCard Credit Card Number Detected

dlp_ccn_mastercard_masked

str

MasterCard Credit Card Number Masked

dlp_ccn_discover_violation

str

Discover Credit Card Number Detected

dlp_ccn_discover_masked

str

Discover Credit Card Number Masked

dlp_ccn_jcb_violation

str

JCB Credit Card Number Detected

dlp_ccn_jcb_masked

str

JCB Credit Card Number Masked

dlp_ssn_success

str

Social Security Number Mask check passed

dlp_ssn_violation

str

Social Security Number Mask violation

dlp_pcre_success

str

PCRE Mask check passed

dlp_pcre_violation

str

PCRE Mask violation

dlp_pcre_masked

str

PCRE Mask violation

evasion_check_apache_whitespace_success

str

Apache Whitespace check passed

evasion_check_apache_whitespace_violation

str

Apache Whitespace check violation

evasion_check_decode_entities_success

str

Decode Entities check passed

evasion_check_decode_entities_violation

str

Decode Entities check violation

evasion_check_decode_escaped_chars_success

str

Decode Escaped Chars check passed

evasion_check_decode_escaped_chars_violation

str

Decode Escaped Chars check violation

evasion_check_decode_unicode_chars_success

str

Decode Unicode Chars check passed

evasion_check_decode_unicode_chars_violation

str

Decode Unicode Chars check violation

evasion_check_dir_traversal_success

str

Dir traversal check passed

evasion_check_dir_traversal_violation

str

Dir traversal check violation

evasion_check_high_ascii_bytes_success

str

High Ascii Bytes check passed

evasion_check_high_ascii_bytes_violation

str

High Ascii Bytes check violation

evasion_check_invalid_hex_encoding_success

str

Invalid Hex Encoding check passed

evasion_check_invalid_hex_encoding_violation

str

Invalid Hex Encoding check violation

evasion_check_multiple_encoding_levels_success

str

Multiple Encoding Levels check passed

evasion_check_multiple_encoding_levels_violation

str

Multiple Encoding Levels check violation

evasion_check_multiple_slashes_success

str

Multiple Slashes check passed

evasion_check_multiple_slashes_violation

str

Multiple Slashes check violation

evasion_check_max_levels_success

str

Max Levels check passed

evasion_check_max_levels_violation

str

Max Levels check violation

evasion_check_remove_comments_success

str

Remove Comments check passed

evasion_check_remove_comments_violation

str

Remove Comments check violation

evasion_check_remove_spaces_success

str

Remove Spaces check passed

evasion_check_remove_spaces_violation

str

Remove Spaces check violation

http_limit_max_content_length_success

str

MAX content-length check passed

http_limit_max_content_length_violation

str

MAX content-length check violation

http_limit_max_cookie_header_length_success

str

MAX cookie header length check passed

http_limit_max_cookie_header_length_violation

str

MAX cookie header length violation

http_limit_max_cookie_name_length_success

str

MAX cookie name length check passed

http_limit_max_cookie_name_length_violation

str

MAX cookie name length violation

http_limit_max_cookie_value_length_success

str

MAX cookie value length check passed

http_limit_max_cookie_value_length_violation

str

MAX cookie value length violation

http_limit_max_cookies_success

str

Max Cookies check passed

http_limit_max_cookies_violation

str

Max Cookies violation

http_limit_max_cookies_length_success

str

MAX cookies length check passed

http_limit_max_cookies_length_violation

str

MAX cookies length violation

http_limit_max_data_parse_success

str

Buffer Overflow - Max Data Parse check passed

http_limit_max_data_parse_violation

str

Buffer Overflow - Max Data Parse violation

http_limit_max_entities_success

str

Max Entities check passed

http_limit_max_entities_violation

str

Max Entities violation

http_limit_max_header_length_success

str

MAX header length check passed

http_limit_max_header_length_violation

str

MAX header length check violation

http_limit_max_header_name_length_success

str

MAX header name length check passed

http_limit_max_header_name_length_violation

str

MAX header name length check violation

http_limit_max_header_value_length_success

str

MAX header value length check passed

http_limit_max_header_value_length_violation

str

MAX header value length check violation

http_limit_max_headers_success

str

MAX headers count check passed

http_limit_max_headers_violation

str

Max Headers violation

http_limit_max_headers_length_success

str

MAX headers length check passed

http_limit_max_headers_length_violation

str

MAX headers length check violation

http_limit_max_param_name_length_success

str

Limit check - MAX parameter name length check passed

http_limit_max_param_name_length_violation

str

Limit check - MAX parameter name length violation

http_limit_max_param_value_length_success

str

Limit check - MAX parameter value length check passed

http_limit_max_param_value_length_violation

str

Limit check - MAX parameter value length violation

http_limit_max_params_success

str

Limit check - MAX parameters check passed

http_limit_max_params_violation

str

Limit check - MAX parameters violation

http_limit_max_params_length_success

str

Limit check - MAX parameters total length check passed

http_limit_max_params_length_violation

str

Limit check - MAX parameters total length violation

http_limit_max_post_length_success

str

MAX POST length check passed

http_limit_max_post_length_violation

str

MAX POST length violation

http_limit_max_query_length_success

str

Limit check - MAX query length check passed

http_limit_max_query_length_violation

str

Limit check - MAX query length violation

http_limit_max_request_length_success

str

Limit check - MAX request length check passed

http_limit_max_request_length_violation

str

Limit check - MAX request length violation

http_limit_max_request_line_length_success

str

Limit check - MAX request line length check passed

http_limit_max_request_line_length_violation

str

Limit check - MAX request line length violation

max_url_length_success

str

Limit check - MAX URL length check passed

max_url_length_violation

str

Limit check - MAX URL length violation

http_protocol_allowed_headers_success

str

HTTP headers check passed

http_protocol_allowed_headers_violation

str

HTTP headers check violation

http_protocol_allowed_versions_success

str

HTTP versions check passed

http_protocol_allowed_versions_violation

str

HTTP versions check violation

http_protocol_allowed_method_check_success

str

HTTP Method Check passed

http_protocol_allowed_method_check_violation

str

HTTP Method Check violation

http_protocol_bad_multipart_request_success

str

Bad multi-part request check passed

http_protocol_bad_multipart_request_violation

str

Bad multi-part request check violation

http_protocol_get_with_content_success

str

GET with content check passed

http_protocol_get_with_content_violation

str

GET with content check violation

http_protocol_head_with_content_success

str

HEAD with content check passed

http_protocol_head_with_content_violation

str

HEAD with content check violation

http_protocol_host_header_with_ip_success

str

Host header with IP check passed

http_protocol_host_header_with_ip_violation

str

Host header with IP check violation

http_protocol_invalid_url_encoding_success

str

Invalid url encoding check passed

http_protocol_invalid_url_encoding_violation

str

Invalid url encoding check violation

http_protocol_malformed_content_length_success

str

Malformed content-length check passed

http_protocol_malformed_content_length_violation

str

Malformed content-length check violation

http_protocol_malformed_header_success

str

Malformed header check passed

http_protocol_malformed_header_violation

str

Malformed header check passed

http_protocol_malformed_parameter_success

str

Malformed parameter check passed

http_protocol_malformed_parameter_violation

str

Malformed parameter check violation

http_protocol_malformed_request_success

str

Malformed request check passed

http_protocol_malformed_request_violation

str

Malformed request check violation

http_protocol_malformed_request_line_success

str

Malformed request line check passed

http_protocol_malformed_request_line_violation

str

Malformed request line check violation

http_protocol_missing_header_value_success

str

Missing header value check violation

http_protocol_missing_header_value_violation

str

Missing header value check violation

http_protocol_missing_host_header_success

str

Missing host header check passed

http_protocol_missing_host_header_violation

str

Missing host header check violation

http_protocol_multiple_content_length_success

str

Multiple content-length headers check passed

http_protocol_multiple_content_length_violation

str

Multiple content-length headers check violation

http_protocol_post_with_0_content_success

str

POST with 0 content check passed

http_protocol_post_with_0_content_violation

str

POST with 0 content check violation

http_protocol_post_without_content_success

str

POST without content check passed

http_protocol_post_without_content_violation

str

POST without content check violation

http_protocol_success

str

HTTP Check passed

http_protocol_violation

str

HTTP Check violation

json_check_format_success

str

JSON Check passed

json_check_format_violation

str

JSON Check violation

json_check_max_array_value_count_success

str

JSON Limit Array Value Count check passed

json_check_max_array_value_count_violation

str

JSON Limit Array Value Count violation

json_check_max_depth_success

str

JSON Limit Depth check passed

json_check_max_depth_violation

str

JSON Limit Depth violation

json_check_max_object_member_count_success

str

JSON Limit Object Number Count check passed

json_check_max_object_member_count_violation

str

JSON Limit Object Number Count violation

json_check_max_string_success

str

JSON Limit String check passed

json_check_max_string_violation

str

JSON Limit String violation

request_check_bot_success

str

Bot check passed

request_check_bot_violation

str

Bot check violation

request_check_redirect_wlist_success

str

Redirect Whitelist passed

request_check_redirect_wlist_violation

str

Redirect Whitelist violation

request_check_redirect_wlist_learn

str

Redirect Whitelist Learn

request_check_referer_success

str

Referer Check passed

request_check_referer_violation

str

Referer Check violation

request_check_referer_redirect

str

Referer Check Redirect

request_check_session_check_none

str

Session Created

request_check_session_check_success

str

Session Check passed

request_check_session_check_violation

str

Session Check violation

request_check_sqlia_url_success

str

SQLIA Check URL passed

request_check_sqlia_url_violation

str

SQLIA Check URL violation

request_check_sqlia_url_sanitize

str

SQLIA Check URL Sanitized

request_check_sqlia_post_body_success

str

SQLIA Check Post passed

request_check_sqlia_post_body_violation

str

SQLIA Check Post violation

request_check_sqlia_post_body_sanitize

str

SQLIA Check Post Sanitized

request_check_url_list_success

str

URL Check passed

request_check_url_list_violation

str

URL Check violation

request_check_url_list_learn

str

URL Check Learn

request_check_url_whitelist_success

str

URI White List passed

request_check_url_whitelist_violation

str

URI White List violation

request_check_url_blacklist_success

str

URI Black List passed

request_check_url_blacklist_violation

str

URI Black List violation

request_check_xss_cookie_success

str

XSS Check Cookie passed

request_check_xss_cookie_violation

str

XSS Check Cookie violation

request_check_xss_cookie_sanitize

str

XSS Check Cookie Sanitized

request_check_xss_url_success

str

XSS Check URL passed

request_check_xss_url_violation

str

XSS Check URL violation

request_check_xss_url_sanitize

str

XSS Check URL Sanitized

request_check_xss_post_body_success

str

XSS Check Post passed

request_check_xss_post_body_violation

str

XSS Check Post violation

request_check_xss_post_body_sanitize

str

XSS Check Post Sanitized

response_cloaking_hide_status_code_success

str

Response Hide Code check passed

response_cloaking_hide_status_code_violation

str

Response Hide Code violation

response_cloaking_filter_headers_success

str

Response Headers Filter check passed

response_cloaking_filter_headers_violation

str

Response Headers Filter violation

soap_check_success

str

Soap Check passed

soap_check_violation

str

Soap Check violation

xml_check_format_success

str

XML Check passed

xml_check_format_violation

str

XML Check violation

xml_check_max_attr_success

str

XML Limit Attribute check passed

xml_check_max_attr_violation

str

XML Limit Attribute violation

xml_check_max_attr_name_len_success

str

XML Limit Name Length check passed

xml_check_max_attr_name_len_violation

str

XML Limit Name Length violation

xml_check_max_attr_value_len_success

str

XML Limit Value Length check passed

xml_check_max_attr_value_len_violation

str

XML Limit Value Length violation

xml_check_max_cdata_len_success

str

XML Limit CData Length check passed

xml_check_max_cdata_len_violation

str

XML Limit CData Length violation

xml_check_max_elem_success

str

XML Limit Element check passed

xml_check_max_elem_violation

str

XML Limit Element violation

xml_check_max_elem_child_success

str

XML Limit Element Child check passed

xml_check_max_elem_child_violation

str

XML Limit Element Child violation

xml_check_max_elem_depth_success

str

XML Limit Element Depth check passed

xml_check_max_elem_depth_violation

str

XML Limit Element Depth violation

xml_check_max_elem_name_len_success

str

XML Limit Element Name Length check passed

xml_check_max_elem_name_len_violation

str

XML Limit Element Name Length violation

xml_check_max_entity_exp_success

str

XML Limit Entity Decl check passed

xml_check_max_entity_exp_violation

str

XML Limit Entity Decl violation

xml_check_max_entity_exp_depth_success

str

XML Limit Entities Depth check passed

xml_check_max_entity_exp_depth_violation

str

XML Limit Entities Depth violation

xml_check_max_namespace_success

str

XML Limit Namespace check passed

xml_check_max_namespace_violation

str

XML Limit Namespace violation

xml_check_namespace_uri_len_success

str

XML Limit Namespace URI Length check passed

xml_check_namespace_uri_len_violation

str

XML Limit Namespace URI Length violation

xml_check_sqlia_success

str

XML Sqlia Check passed

xml_check_sqlia_violation

str

XML Sqlia Check violation

xml_check_xss_success

str

XML XSS Check passed

xml_check_xss_violation

str

XML XSS Check violation

xml_content_check_schema_success

str

XML Schema passed

xml_content_check_schema_violation

str

XML Schema violation

xml_content_check_wsdl_success

str

WSDL passed

xml_content_check_wsdl_violation

str

WSDL violation

learning_list_full

str

Learning list is full

action_allow

str

Request Action allowed

action_deny_200

str

Request Deny with 200

action_deny_403

str

Request Deny with 403

action_deny_redirect

str

Request Deny with Redirect

action_deny_reset

str

Request Deny with Resets

action_drop

str

Number of Dropped Requests

action_deny_custom_response

str

Request Deny with custom response

action_learn

str

Request Learning Updates

action_log

str

Log request violation

policy_limit_exceeded

str

Policy limit exceeded

sessions_alloc

str

Sessions allocated

sessions_freed

str

Sessions freed

out_of_sessions

str

Out of sessions

too_many_sessions

str

Too many sessions consumed

regex_violation

str

Regular expression failure

request_check_command_injection_cookies_success

str

Command Injection Check cookies passed

request_check_command_injection_cookies_violation

str

Command Injection Check cookies violation

request_check_command_injection_headers_success

str

Command Injection Check headers passed

request_check_command_injection_headers_violation

str

Command Injection Check headers violation

request_check_command_injection_uri_query_success

str

Command Injection Check url query arguments passed

request_check_command_injection_uri_query_violation

str

Command Injection Check url query arguments violation

request_check_command_injection_form_body_success

str

Command Injection Check form body arguments passed

request_check_command_injection_form_body_violation

str

Command Injection Check form body arguments violation

cookie_security_decrypt_in_grace_period_violation

str

Cookie Decrypt violation but in grace period

form_response_non_post_success

str

Response form method was POST

form_response_non_post_violation

str

Response form method was not POST

form_response_non_post_sanitize

str

Changed response form method to POST

xml_check_max_entity_decl_success

str

XML Limit Entity Decl check passed

xml_check_max_entity_decl_violation

str

XML Limit Entity Decl violation

xml_check_max_entity_depth_success

str

XML Limit Entity Depth check passed

xml_check_max_entity_depth_violation

str

XML Limit Entity Depth violation

response_action_allow

str

Response Action allowed

response_action_deny_200

str

Response Deny with 200

response_action_deny_403

str

Response Deny with 403

response_action_deny_redirect

str

Response Deny with Redirect

response_action_deny_reset

str

Response Deny with Resets

response_action_drop

str

Number of Dropped Responses

response_action_deny_custom_response

str

Response Deny with custom response

response_action_learn

str

Response Learning Updates

response_action_log

str

Log response violation

http_protocol_post_without_content_type_success

str

POST without content type check passed

http_protocol_post_without_content_type_violation

str

POST without content type check violation

http_protocol_body_without_content_type_success

str

Body without content type check passed

http_protocol_body_without_content_type_violation

str

Body without content type check violation

http_protocol_non_ssl_cookie_prefix_success

str

Cookie Name Prefix check passed

http_protocol_non_ssl_cookie_prefix_violation

str

Cookie Name Prefix check violation

cookie_security_add_samesite_success

str

Cookie Security - samesite attribute added successfully

cookie_security_add_samesite_violation

str

Cookie Security - samesite attribute violation

name

str

WAF Template Name

Examples


Return Values

modified_values (changed, dict, )

Values modified (or potential changes if using check_mode) as a result of task operation

axapi_calls (always, list, )

Sequential list of AXAPI calls made by the task

endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])

The AXAPI endpoint being accessed.

http_method (, str, [‘POST’, ‘GET’])

HTTP method being used by the primary task to interact with the AXAPI endpoint.

request_body (, complex, )

Params used to query the AXAPI

response_body (, complex, )

Response from the AXAPI

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks