a10_waf_template
Synopsis
Manage WAF template configuration
Parameters
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
WAF Template Name |
||
csp bool |
Insert HTTP header Content-Security-Policy if necessary |
||
csp_value str |
CSP header value, e.g., ‘script-src ‘none’’ |
||
csp_insert_type str |
‘insert-if-not-exist’= Only insert the header when it does not exist; ‘insert- always’= Always insert the header even when there is a header with the same name; |
||
http_redirect str |
Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request) |
||
http_resp_200 bool |
Send HTTP response with status code 200 OK |
||
resp_url_200 str |
Response content to send client when denying request |
||
reset_conn bool |
Reset the client connection |
||
http_resp_403 bool |
Send HTTP response with status code 403 Forbidden (default) |
||
resp_url_403 str |
Response content to send client when denying request |
||
deploy_mode str |
‘active’= Deploy WAF in active (blocking) mode; ‘passive’= Deploy WAF in passive (log-only) mode; ‘learning’= Deploy WAF in learning mode; |
||
log_succ_reqs bool |
Log successful waf requests |
||
learn_pr bool |
Enable per-request logs for WAF learning |
||
parent bool |
inherit from parent template |
||
parent_template_waf str |
WAF template (WAF Config name) |
||
pcre_match_limit int |
Maximum number of matches allowed (default 30000) |
||
pcre_match_recursion_limit int |
Maximum levels of recursive allowed (default 5000) |
||
soap_format_check bool |
Check XML document for SOAP format compliance |
||
logging str |
Logging template (Logging Config name) |
||
wsdl_file str |
Specify name of WSDL file for verifying XML body contents |
||
wsdl_resp_val_file str |
Specify name of WSDL file for verifying XML body contents |
||
xml_schema_file str |
Specify name of XML-Schema file for verifying XML body contents |
||
xml_schema_resp_val_file str |
Specify name of XML-Schema file for verifying XML body contents |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
brute_force_protection dict |
Field brute_force_protection |
||
challenge_action_cookie bool |
Use Set-Cookie to determine if client allows cookies |
||
challenge_action_javascript bool |
Add JavaScript to response to test if client allows JavaScript |
||
challenge_action_captcha bool |
Initiate a Captcha to verify client can respond |
||
brute_force_challenge_limit int |
Maximum brute-force events before sending challenge (default 2) (Maximum brute- force events before locking out client (default 2)) |
||
enable_disable_action str |
‘enable’= Enable brute force protections; ‘disable’= Disable brute force protections (default); |
||
brute_force_global bool |
Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally) |
||
brute_force_lockout_limit int |
Maximum brute-force events before locking out client (default 5) |
||
brute_force_lockout_period int |
Number of seconds client should be locked out (default 600) |
||
brute_force_resp_codes bool |
Trigger brute-force check on HTTP response code |
||
brute_force_resp_codes_file str |
Name of WAF policy list file |
||
brute_force_resp_headers bool |
Trigger brute-force check on HTTP response header names |
||
brute_force_resp_headers_file str |
Name of WAF policy list file |
||
brute_force_resp_string bool |
Trigger brute-force check on HTTP response reason phrase |
||
brute_force_resp_string_file str |
Name of WAF policy list file |
||
brute_force_test_period int |
Number of seconds for brute-force event counting (default 60) |
||
uuid str |
uuid of the object |
||
http_limit_check dict |
Field http_limit_check |
||
disable bool |
Disable all checks for HTTP limit |
||
max_content_length bool |
Max length of content (Maximum length of content allowed) |
||
max_content_length_value int |
Max length of content (default 4096) (Maximum length of content allowed (default 4096)) |
||
max_cookie_header_length bool |
Max Cookie header length allowed in request (Maximum length of cookie header allowed) |
||
max_cookie_header_length_value int |
Max Cookie header length allowed in request (default 4096) (Maximum length of cookie header allowed (default 4096)) |
||
max_cookie_name_length bool |
Max Cookie name length allowed in request (Maximum length of cookie name allowed) |
||
max_cookie_name_length_value int |
Max Cookie name length allowed in request (default 64) (Maximum length of cookie name allowed (default 64)) |
||
max_cookie_value_length bool |
Max Cookie value length allowed in request (Maximum length of cookie value allowed) |
||
max_cookie_value_length_value int |
Max Cookie value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096)) |
||
max_cookies bool |
Max Cookies allowed in request (Maximum number of cookie allowed) |
||
max_cookies_value int |
Max Cookies allowed in request (default 20) (Maximum number of cookie allowed (default 20)) |
||
max_cookies_length bool |
Total Cookies length allowed in request (Maximum length of all cookies in request) |
||
max_cookies_length_value int |
Total Cookies length allowed in request (default 4096) (Maximum length of all cookies in request (default 4096)) |
||
max_data_parse bool |
Max data to be parsed for Web Application Firewall |
||
max_data_parse_value int |
Max data to be parsed for Web Application Firewall (default 262144) |
||
max_entities bool |
Maximum number of MIME entities allowed in request |
||
max_entities_value int |
Maximum number of MIME entities allowed in request (default 10) |
||
max_header_length bool |
Max header length allowed in request (Maximum length of header allowed) |
||
max_header_length_value int |
Max header length allowed in request (default 4096) (Maximum length of header allowed (default 4096)) |
||
max_header_name_length bool |
Max header name length allowed in request (Maximum length of header name allowed) |
||
max_header_name_length_value int |
Max header name length allowed in request (default 64) (Maximum length of header name allowed (default 64)) |
||
max_header_value_length bool |
Max header value length allowed in request (Maximum length of header value allowed) |
||
max_header_value_length_value int |
Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096)) |
||
max_headers bool |
Total number of headers allowed in request (Maximum number of headers in request) |
||
max_headers_value int |
Total number of headers allowed in request (default 64) (Maximum number of headers in request (default 64)) |
||
max_headers_length bool |
Total headers length allowed in request (Maximum length of all headers in request) |
||
max_headers_length_value int |
Total headers length allowed in request (default 4096) (Maximum length of all headers in request (default 4096)) |
||
max_param_name_length bool |
Max query/POST parameter name length allowed in request (Maximum length of query/POST parameter names allowed) |
||
max_param_name_length_value int |
Max query/POST parameter name length allowed in request (default 256) (Maximum length of query/POST parameter names allowed (default 256)) |
||
max_param_value_length bool |
Max query/POST parameter value length allowed in request (Maximum length of query/POST parameter value allowed) |
||
max_param_value_length_value int |
Max query/POST parameter value length allowed in request (default 4096) (Maximum length of query/POST parameter value allowed (default 4096)) |
||
max_params bool |
Total query/POST parameters allowed in request (Maximum number of query/POST parameters in request) |
||
max_params_value int |
Total query/POST parameters allowed in request (default 64) (Maximum number of query/POST parameters in request (default 64)) |
||
max_params_length bool |
Total query/POST parameters length allowed in request (Maximum length of all params in request) |
||
max_params_length_value int |
Total query/POST parameters length allowed in request (default 4096) (Maximum length of all params in request (default 4096)) |
||
max_post_length bool |
Maximum content length allowed in POST request |
||
max_post_length_value int |
Maximum content length allowed in POST request (default 20480) |
||
max_query_length bool |
Max length of query string (Maximum length of query string allowed) |
||
max_query_length_value int |
Max length of query string (default 4096) (Maximum length of query string allowed (default 4096)) |
||
max_request_length bool |
Max length of request (Maximum length of request allowed) |
||
max_request_length_value int |
Max length of request (default 20480) (Maximum length of request allowed (default 20480)) |
||
max_request_line_length bool |
Max length of request line (Maximum length of request line) |
||
max_request_line_length_value int |
Max length of request line (default 4096) (Maximum length of request line (default 4096)) |
||
max_url_length bool |
Max length of url (Maximum length of url allowed) |
||
max_url_length_value int |
Max length of url (default 4096) (Maximum length of url allowed (default 4096)) |
||
uuid str |
uuid of the object |
||
http_protocol_check dict |
Field http_protocol_check |
||
disable bool |
Disable all checks for HTTP protocol compliance |
||
allowed_headers bool |
Enable allowed-headers check (default disabled) |
||
allowed_headers_list str |
Allowed HTTP headers. Default ‘Host Referer User-Agent Accept Accept-Encoding …’ (see docs for full list) (Allowed HTTP headers (default ‘Host Referer User-Agent Accept Accept-Encoding …’ (see docs for full list))) |
||
allowed_methods bool |
Enable allowed-methods check (default disabled) |
||
allowed_methods_list str |
List of allowed HTTP methods. Default is ‘GET POST’. (List of HTTP methods allowed (default ‘GET POST’)) |
||
allowed_versions bool |
Enable allowed-versions check (default disabled) |
||
allowed_versions_list str |
List of allowed HTTP versions (default ‘1.0 1.1 2’) |
||
bad_multipart_request bool |
Check for bad multipart/form-data request body |
||
body_without_content_type bool |
Check for Body request without Content-Type header in request |
||
get_with_content bool |
Check for GET request with Content-Length headers in request |
||
head_with_content bool |
Check for HEAD request with Content-Length headers in request |
||
host_header_with_ip bool |
Check for Host header with IP address |
||
invalid_url_encoding bool |
Check for invalid URL encoding in request |
||
malformed_content_length bool |
Check for malformed content-length in request |
||
malformed_header bool |
Check for malformed HTTP header |
||
malformed_parameter bool |
Check for malformed HTTP query/POST parameter |
||
malformed_request bool |
Check for malformed HTTP request |
||
malformed_request_line bool |
Check for malformed HTTP request line |
||
missing_header_value bool |
Check for missing header value in request |
||
missing_host_header bool |
Check for missing Host header in HTTP/1.1 request |
||
multiple_content_length bool |
Check for multiple Content-Length headers in request |
||
post_with_0_content bool |
Check for POST request with Content-Length 0 |
||
post_without_content bool |
Check for POST request without Content-Length/Chunked Encoding headers in request |
||
post_without_content_type bool |
Check for POST request without Content-Type header in request |
||
non_ssl_cookie_prefix bool |
Check for Bad __Secure- or __Host- Cookie Name prefixes in non-ssl request |
||
uuid str |
uuid of the object |
||
cookie_security dict |
Field cookie_security |
||
enable_disable_action str |
‘enable’= Enable cookie security (default); ‘disable’= Disable cookie security; |
||
allow_missing_cookie bool |
Allow requests with missing cookies |
||
allow_unrecognized_cookie bool |
Allow requests with unrecognized cookies |
||
cookie_policy list |
Field cookie_policy |
||
set_cookie_policy list |
Field set_cookie_policy |
||
tamper_protection_http_only bool |
Add HttpOnly flag to cookies not in set-cookie-policy list (default on) |
||
tamper_protection_secure bool |
Add Secure flag to cookies not in set-cookie-policy list (default on) |
||
tamper_protection_samesite str |
‘none’= none; ‘lax’= lax; ‘strict’= strict; |
||
tamper_protection_secret str |
Cookie encryption secret |
||
tamper_protection_secret_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) |
||
tamper_protection_grace_period int |
Allow unrecognized cookies for a period of time after cookie encryption being applied (default 120 minutes) |
||
tamper_protection_session_cookie_only bool |
Only encrypt session cookies |
||
tamper_protection_sign bool |
Sign cookies |
||
uuid str |
uuid of the object |
||
evasion_check dict |
Field evasion_check |
||
apache_whitespace bool |
Check for whitespace characters in URL |
||
decode_entities bool |
Decode entities in internal url (default on) |
||
decode_escaped_chars bool |
Decode escaped characters such as r n ' xXX u00YY in internal url (default on) |
||
decode_plus_chars bool |
Decode ‘+’ as space in URL (default on) |
||
decode_unicode_chars bool |
Check for evasion attempt using %u encoding of Unicode chars to bypass (default on) |
||
dir_traversal bool |
Check for directory traversal attempt (default on) |
||
high_ascii_bytes bool |
Check for evasion attempt using ASCII bytes with values |
||
invalid_hex_encoding bool |
Check for evasion attempt using invalid hex characters (not in 0-9,a-f) |
||
multiple_encoding_levels bool |
Check for evasion attempt using multiple levels of encoding |
||
multiple_slashes bool |
Check for evasion attempt using multiple slashes/backslashes |
||
max_levels int |
Max levels of encoding allowed in request (default 2) |
||
remove_comments bool |
Remove comments from internal url |
||
remove_spaces bool |
Remove spaces from internal url (default on) |
||
uuid str |
uuid of the object |
||
data_leak_prevention dict |
Field data_leak_prevention |
||
ccn_mask bool |
Mask credit card numbers in response |
||
ssn_mask bool |
Mask US Social Security numbers in response |
||
pcre_mask str |
Mask matched PCRE pattern in response |
||
keep_start int |
Number of unmasked characters at the beginning (default= 0) |
||
keep_end int |
Number of unmasked characters at the end (default= 0) |
||
mask str |
Character to mask the matched pattern (default= X) |
||
uuid str |
uuid of the object |
||
form_protection dict |
Field form_protection |
||
enable_disable_action str |
‘enable’= Enable web form protections (default); ‘disable’= Disable web form protections; |
||
csrf_check bool |
Tag the form to protect against Cross-site Request Forgery |
||
field_consistency_check bool |
Form input consistency check |
||
password_check_non_masked bool |
Check forms that have a password field with a textual type, resulting in this field not being masked |
||
password_check_non_ssl bool |
Check forms that has a password field if the form is not sent over an SSL connection |
||
password_check_autocomplete bool |
Check to protect against server-generated form which contain password fields that allow autocomplete |
||
form_check_non_ssl bool |
Check whether SSL is used for request with forms |
||
form_check_caching bool |
Disable caching for response with forms |
||
form_check_non_post bool |
Check whether POST is used for request with forms |
||
form_check_request_non_post bool |
Check whether POST is used for request with forms |
||
form_check_response_non_post bool |
Check whether form method POST is used for response with forms |
||
form_check_response_non_post_sanitize bool |
Change form method GET to POST (Use with caution= make sure server application still work) |
||
uuid str |
uuid of the object |
||
response_cloaking dict |
Field response_cloaking |
||
filter_headers bool |
Removes web server’s identifying headers |
||
hide_status_codes bool |
Hides response status codes that are not allowed (default 4xx, 5xx) |
||
hide_status_codes_file str |
Name of WAF policy list file |
||
uuid str |
uuid of the object |
||
request_check dict |
Field request_check |
||
bot_check bool |
Check User-Agent for known bots |
||
bot_check_policy_file str |
Name of WAF policy list file |
||
command_injection_check str |
Check to protect against command injection attacks |
||
command_injection_check_policy_file str |
Name of WAF policy command injection list file |
||
redirect_whitelist bool |
Check Redirect URL against list of previously learned redirects |
||
referer_check bool |
Check referer to protect against CSRF attacks |
||
referer_domain_list str |
List of referer domains allowed |
||
referer_safe_url str |
Safe URL to redirect to if referer is missing |
||
referer_domain_list_only str |
List of referer domains allowed |
||
session_check bool |
Enable session checking via session cookie |
||
lifetime int |
Session lifetime in minutes (default 10) |
||
sqlia_check str |
‘reject’= Reject requests with SQLIA patterns; |
||
sqlia_check_policy_file str |
Name of WAF policy list file |
||
url_blacklist bool |
specify name of WAF policy list file to blacklist |
||
waf_blacklist_file str |
Name of WAF policy list file |
||
url_whitelist bool |
specify name of WAF policy list file to whitelist |
||
waf_whitelist_file str |
Name of WAF policy list file |
||
url_learned_list bool |
Check URL against list of previously learned URLs |
||
xss_check str |
‘reject’= Reject requests with bad cookies; |
||
xss_check_policy_file str |
Name of WAF policy list file |
||
uuid str |
uuid of the object |
||
violation_log_mask dict |
Field violation_log_mask |
||
query_param_name_equal_type str |
‘equals’= Mask the query value if the query name equals to the string; |
||
query_param_name_value str |
The list of Query parameter names |
||
uuid str |
uuid of the object |
||
json_check dict |
Field json_check |
||
format_check bool |
Check HTTP body for JSON format compliance |
||
max_array_values int |
Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256)) |
||
max_depth int |
Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16)) |
||
max_object_members int |
Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256)) |
||
max_string_length int |
Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64)) |
||
uuid str |
uuid of the object |
||
xml_check dict |
Field xml_check |
||
disable bool |
Disable all checks for XML limit |
||
max_attr int |
Maximum number of attributes of an XML element (default 256) |
||
max_attr_name_len int |
Maximum length of an attribute name (default 128) |
||
max_attr_value_len int |
Maximum length of an attribute text value (default 128) |
||
max_cdata_len int |
Maximum length of an CDATA section of an element (default 65535) |
||
max_elem int |
Maximum number of XML elements (default 1024) |
||
max_elem_child int |
Maximum number of children of an XML element (default 1024) |
||
max_elem_depth int |
Maximum recursion level for element definition (default 256) |
||
max_elem_name_len int |
Maximum length for an element name (default 128) |
||
max_entity_decl int |
Maximum number of entity declarations (default 1024) |
||
max_entity_depth int |
Maximum depth of entities (default 32) |
||
max_entity_exp int |
Maximum number of entity expansions (default 1024) |
||
max_entity_exp_depth int |
Maximum nested depth of entity expansions (default 32) |
||
max_namespace int |
Maximum number of namespace declarations (default 16) |
||
max_namespace_uri_len int |
Maximum length of a namespace URI (default 256) |
||
format bool |
Check HTTP body for XML format compliance |
||
sqlia bool |
Check XML data against SQLIA policy |
||
xss bool |
Check XML data against XSS policy |
||
uuid str |
uuid of the object |
||
stats dict |
Field stats |
||
total_req str |
Total Requests |
||
req_allowed str |
Requests Allowed |
||
req_denied str |
Requests Denied |
||
resp_denied str |
Responses Denied |
||
brute_force_success str |
Brute-Force checks passed |
||
brute_force_violation str |
Brute-Force checks violation |
||
brute_force_challenge_cookie_sent str |
Cookie Challenge Sent |
||
brute_force_challenge_cookie_success str |
Cookie Challenge check passed |
||
brute_force_challenge_cookie_violation str |
Cookie challenge violation |
||
brute_force_challenge_javascript_sent str |
JavaScript challenge sent |
||
brute_force_challenge_javascript_success str |
JavaScript challenge check passed |
||
brute_force_challenge_javascript_violation str |
JavaScript challenge violation |
||
brute_force_challenge_captcha_sent str |
Captcha challenge sent |
||
brute_force_challenge_captcha_success str |
Captcha challenge check passed |
||
brute_force_challenge_captcha_violation str |
Captcha challenge violation |
||
brute_force_lockout_limit_success str |
Lockout limit check passed |
||
brute_force_lockout_limit_violation str |
Lockout limit violation |
||
brute_force_challenge_limit_success str |
Lockout limit check passed |
||
brute_force_challenge_limit_violation str |
Lockout limit violation |
||
brute_force_response_codes_triggered str |
Response Codes Triggered |
||
brute_force_response_headers_triggered str |
Brute Force Response Headers Triggered |
||
brute_force_response_string_triggered str |
Brute Force Response string Triggered |
||
cookie_security_encrypt_success str |
Cookie Security - encrypt successful |
||
cookie_security_encrypt_violation str |
Cookie Security - encrypt violation |
||
cookie_security_encrypt_limit_exceeded str |
Cookie Security - encrypt limit exceeded |
||
cookie_security_encrypt_skip_rcache str |
Cookie Security - encrypt skipped - RAM cache |
||
cookie_security_decrypt_success str |
Cookie Security - decrypt successful |
||
cookie_security_decrypt_violation str |
Cookie Security - decrypt violation |
||
cookie_security_sign_success str |
Cookie Security - signing successful |
||
cookie_security_sign_violation str |
Cookie Security - signing violation |
||
cookie_security_sign_limit_exceeded str |
Cookie Security - signing limit exceeded |
||
cookie_security_sign_skip_rcache str |
Cookie Security - signing skipped - RAM Cache |
||
cookie_security_signature_check_success str |
Cookie Security - signature check successful |
||
cookie_security_signature_check_violation str |
Cookie Security - signature check violation |
||
cookie_security_add_http_only_success str |
Cookie Security - http-only flag added |
||
cookie_security_add_http_only_violation str |
Cookie Security - http-only flag violation |
||
cookie_security_add_secure_success str |
Cookie Security - secure flag added |
||
cookie_security_add_secure_violation str |
Cookie Security - secure flag violation |
||
cookie_security_missing_cookie_success str |
Cookie Security - request with missing cookie |
||
cookie_security_missing_cookie_violation str |
Cookie Security - missing cookie violation |
||
cookie_security_unrecognized_cookie_success str |
Cookie Security - request with unrecognized cookie |
||
cookie_security_unrecognized_cookie_violation str |
Cookie Security - unrecognized cookie violation |
||
cookie_security_cookie_policy_success str |
Cookie Security - cookie policy passed |
||
cookie_security_cookie_policy_violation str |
Cookie Security - cookie policy violation |
||
cookie_security_persistent_cookies str |
Cookie Security - persistent cookies |
||
cookie_security_persistent_cookies_encrypted str |
Cookie Security - encrypted persistent cookies |
||
cookie_security_persistent_cookies_signed str |
Cookie Security - signed persistent cookies |
||
cookie_security_session_cookies str |
Cookie Security - session cookies |
||
cookie_security_session_cookies_encrypted str |
Cookie Security - encrypted session cookies |
||
cookie_security_session_cookies_signed str |
Cookie Security - signed session cookies |
||
cookie_security_allowed_session_cookies str |
Cookie Security - allowed session cookies |
||
cookie_security_allowed_persistent_cookies str |
Cookie Security - allowed persistent cookies |
||
cookie_security_disallowed_session_cookies str |
Cookie Security - disallowed session cookies |
||
cookie_security_disallowed_persistent_cookies str |
Cookie Security - disallowed persistent cookies |
||
cookie_security_allowed_session_set_cookies str |
Cookie Security - disallowed session Set-Cookies |
||
cookie_security_allowed_persistent_set_cookies str |
Cookie Security - disallowed persistent Set-Cookies |
||
cookie_security_disallowed_session_set_cookies str |
Cookie Security - disallowed session Set-Cookies |
||
cookie_security_disallowed_persistent_set_cookies str |
Cookie Security - disallowed persistent Set-Cookies |
||
csp_header_violation str |
CSP header missing |
||
csp_header_success str |
CSP header found |
||
csp_header_inserted str |
CSP header Inserted |
||
form_csrf_tag_success str |
Form CSRF tag passed |
||
form_csrf_tag_violation str |
Form CSRF tag violation |
||
form_consistency_success str |
Form Consistency passed |
||
form_consistency_violation str |
Form Consistency violation |
||
form_tag_inserted str |
Form A10 Tag Inserted |
||
form_non_ssl_success str |
Form Non SSL check passed |
||
form_non_ssl_violation str |
Form Non SSL violation |
||
form_request_non_post_success str |
Form Method being Non Post in Request passed |
||
form_request_non_post_violation str |
Form Method being Non Post in Request violation |
||
form_check_success str |
Post Form Check passed |
||
form_check_violation str |
Post Form Check violation |
||
form_check_sanitize str |
Post Form Check Sanitized |
||
form_non_masked_password_success str |
Form Non Masked Password check passed |
||
form_non_masked_password_violation str |
Form Non Masked Password violation |
||
form_non_ssl_password_success str |
Form Non SSL Password check passed |
||
form_non_ssl_password_violation str |
Form Non SSL Password violation |
||
form_password_autocomplete_success str |
Form Password Autocomplete check passed |
||
form_password_autocomplete_violation str |
Form Password Autocomplete violation |
||
form_set_no_cache_success str |
Form Set No Cache check passed |
||
form_set_no_cache str |
Form Set No Cache violation |
||
dlp_ccn_success str |
Credit Card Number check passed |
||
dlp_ccn_amex_violation str |
Amex Credit Card Number Detected |
||
dlp_ccn_amex_masked str |
Amex Credit Card Number Masked |
||
dlp_ccn_diners_violation str |
Diners Club Credit Card Number Detected |
||
dlp_ccn_diners_masked str |
Diners Club Credit Card Number Masked |
||
dlp_ccn_visa_violation str |
Visa Credit Card Number Detected |
||
dlp_ccn_visa_masked str |
Visa Credit Card Number Masked |
||
dlp_ccn_mastercard_violation str |
MasterCard Credit Card Number Detected |
||
dlp_ccn_mastercard_masked str |
MasterCard Credit Card Number Masked |
||
dlp_ccn_discover_violation str |
Discover Credit Card Number Detected |
||
dlp_ccn_discover_masked str |
Discover Credit Card Number Masked |
||
dlp_ccn_jcb_violation str |
JCB Credit Card Number Detected |
||
dlp_ccn_jcb_masked str |
JCB Credit Card Number Masked |
||
dlp_ssn_success str |
Social Security Number Mask check passed |
||
dlp_ssn_violation str |
Social Security Number Mask violation |
||
dlp_pcre_success str |
PCRE Mask check passed |
||
dlp_pcre_violation str |
PCRE Mask violation |
||
dlp_pcre_masked str |
PCRE Mask violation |
||
evasion_check_apache_whitespace_success str |
Apache Whitespace check passed |
||
evasion_check_apache_whitespace_violation str |
Apache Whitespace check violation |
||
evasion_check_decode_entities_success str |
Decode Entities check passed |
||
evasion_check_decode_entities_violation str |
Decode Entities check violation |
||
evasion_check_decode_escaped_chars_success str |
Decode Escaped Chars check passed |
||
evasion_check_decode_escaped_chars_violation str |
Decode Escaped Chars check violation |
||
evasion_check_decode_unicode_chars_success str |
Decode Unicode Chars check passed |
||
evasion_check_decode_unicode_chars_violation str |
Decode Unicode Chars check violation |
||
evasion_check_dir_traversal_success str |
Dir traversal check passed |
||
evasion_check_dir_traversal_violation str |
Dir traversal check violation |
||
evasion_check_high_ascii_bytes_success str |
High Ascii Bytes check passed |
||
evasion_check_high_ascii_bytes_violation str |
High Ascii Bytes check violation |
||
evasion_check_invalid_hex_encoding_success str |
Invalid Hex Encoding check passed |
||
evasion_check_invalid_hex_encoding_violation str |
Invalid Hex Encoding check violation |
||
evasion_check_multiple_encoding_levels_success str |
Multiple Encoding Levels check passed |
||
evasion_check_multiple_encoding_levels_violation str |
Multiple Encoding Levels check violation |
||
evasion_check_multiple_slashes_success str |
Multiple Slashes check passed |
||
evasion_check_multiple_slashes_violation str |
Multiple Slashes check violation |
||
evasion_check_max_levels_success str |
Max Levels check passed |
||
evasion_check_max_levels_violation str |
Max Levels check violation |
||
evasion_check_remove_comments_success str |
Remove Comments check passed |
||
evasion_check_remove_comments_violation str |
Remove Comments check violation |
||
evasion_check_remove_spaces_success str |
Remove Spaces check passed |
||
evasion_check_remove_spaces_violation str |
Remove Spaces check violation |
||
http_limit_max_content_length_success str |
MAX content-length check passed |
||
http_limit_max_content_length_violation str |
MAX content-length check violation |
||
http_limit_max_cookie_header_length_success str |
MAX cookie header length check passed |
||
http_limit_max_cookie_header_length_violation str |
MAX cookie header length violation |
||
http_limit_max_cookie_name_length_success str |
MAX cookie name length check passed |
||
http_limit_max_cookie_name_length_violation str |
MAX cookie name length violation |
||
http_limit_max_cookie_value_length_success str |
MAX cookie value length check passed |
||
http_limit_max_cookie_value_length_violation str |
MAX cookie value length violation |
||
http_limit_max_cookies_success str |
Max Cookies check passed |
||
http_limit_max_cookies_violation str |
Max Cookies violation |
||
http_limit_max_cookies_length_success str |
MAX cookies length check passed |
||
http_limit_max_cookies_length_violation str |
MAX cookies length violation |
||
http_limit_max_data_parse_success str |
Buffer Overflow - Max Data Parse check passed |
||
http_limit_max_data_parse_violation str |
Buffer Overflow - Max Data Parse violation |
||
http_limit_max_entities_success str |
Max Entities check passed |
||
http_limit_max_entities_violation str |
Max Entities violation |
||
http_limit_max_header_length_success str |
MAX header length check passed |
||
http_limit_max_header_length_violation str |
MAX header length check violation |
||
http_limit_max_header_name_length_success str |
MAX header name length check passed |
||
http_limit_max_header_name_length_violation str |
MAX header name length check violation |
||
http_limit_max_header_value_length_success str |
MAX header value length check passed |
||
http_limit_max_header_value_length_violation str |
MAX header value length check violation |
||
http_limit_max_headers_success str |
MAX headers count check passed |
||
http_limit_max_headers_violation str |
Max Headers violation |
||
http_limit_max_headers_length_success str |
MAX headers length check passed |
||
http_limit_max_headers_length_violation str |
MAX headers length check violation |
||
http_limit_max_param_name_length_success str |
Limit check - MAX parameter name length check passed |
||
http_limit_max_param_name_length_violation str |
Limit check - MAX parameter name length violation |
||
http_limit_max_param_value_length_success str |
Limit check - MAX parameter value length check passed |
||
http_limit_max_param_value_length_violation str |
Limit check - MAX parameter value length violation |
||
http_limit_max_params_success str |
Limit check - MAX parameters check passed |
||
http_limit_max_params_violation str |
Limit check - MAX parameters violation |
||
http_limit_max_params_length_success str |
Limit check - MAX parameters total length check passed |
||
http_limit_max_params_length_violation str |
Limit check - MAX parameters total length violation |
||
http_limit_max_post_length_success str |
MAX POST length check passed |
||
http_limit_max_post_length_violation str |
MAX POST length violation |
||
http_limit_max_query_length_success str |
Limit check - MAX query length check passed |
||
http_limit_max_query_length_violation str |
Limit check - MAX query length violation |
||
http_limit_max_request_length_success str |
Limit check - MAX request length check passed |
||
http_limit_max_request_length_violation str |
Limit check - MAX request length violation |
||
http_limit_max_request_line_length_success str |
Limit check - MAX request line length check passed |
||
http_limit_max_request_line_length_violation str |
Limit check - MAX request line length violation |
||
max_url_length_success str |
Limit check - MAX URL length check passed |
||
max_url_length_violation str |
Limit check - MAX URL length violation |
||
http_protocol_allowed_headers_success str |
HTTP headers check passed |
||
http_protocol_allowed_headers_violation str |
HTTP headers check violation |
||
http_protocol_allowed_versions_success str |
HTTP versions check passed |
||
http_protocol_allowed_versions_violation str |
HTTP versions check violation |
||
http_protocol_allowed_method_check_success str |
HTTP Method Check passed |
||
http_protocol_allowed_method_check_violation str |
HTTP Method Check violation |
||
http_protocol_bad_multipart_request_success str |
Bad multi-part request check passed |
||
http_protocol_bad_multipart_request_violation str |
Bad multi-part request check violation |
||
http_protocol_get_with_content_success str |
GET with content check passed |
||
http_protocol_get_with_content_violation str |
GET with content check violation |
||
http_protocol_head_with_content_success str |
HEAD with content check passed |
||
http_protocol_head_with_content_violation str |
HEAD with content check violation |
||
http_protocol_host_header_with_ip_success str |
Host header with IP check passed |
||
http_protocol_host_header_with_ip_violation str |
Host header with IP check violation |
||
http_protocol_invalid_url_encoding_success str |
Invalid url encoding check passed |
||
http_protocol_invalid_url_encoding_violation str |
Invalid url encoding check violation |
||
http_protocol_malformed_content_length_success str |
Malformed content-length check passed |
||
http_protocol_malformed_content_length_violation str |
Malformed content-length check violation |
||
http_protocol_malformed_header_success str |
Malformed header check passed |
||
http_protocol_malformed_header_violation str |
Malformed header check passed |
||
http_protocol_malformed_parameter_success str |
Malformed parameter check passed |
||
http_protocol_malformed_parameter_violation str |
Malformed parameter check violation |
||
http_protocol_malformed_request_success str |
Malformed request check passed |
||
http_protocol_malformed_request_violation str |
Malformed request check violation |
||
http_protocol_malformed_request_line_success str |
Malformed request line check passed |
||
http_protocol_malformed_request_line_violation str |
Malformed request line check violation |
||
http_protocol_missing_header_value_success str |
Missing header value check violation |
||
http_protocol_missing_header_value_violation str |
Missing header value check violation |
||
http_protocol_missing_host_header_success str |
Missing host header check passed |
||
http_protocol_missing_host_header_violation str |
Missing host header check violation |
||
http_protocol_multiple_content_length_success str |
Multiple content-length headers check passed |
||
http_protocol_multiple_content_length_violation str |
Multiple content-length headers check violation |
||
http_protocol_post_with_0_content_success str |
POST with 0 content check passed |
||
http_protocol_post_with_0_content_violation str |
POST with 0 content check violation |
||
http_protocol_post_without_content_success str |
POST without content check passed |
||
http_protocol_post_without_content_violation str |
POST without content check violation |
||
http_protocol_success str |
HTTP Check passed |
||
http_protocol_violation str |
HTTP Check violation |
||
json_check_format_success str |
JSON Check passed |
||
json_check_format_violation str |
JSON Check violation |
||
json_check_max_array_value_count_success str |
JSON Limit Array Value Count check passed |
||
json_check_max_array_value_count_violation str |
JSON Limit Array Value Count violation |
||
json_check_max_depth_success str |
JSON Limit Depth check passed |
||
json_check_max_depth_violation str |
JSON Limit Depth violation |
||
json_check_max_object_member_count_success str |
JSON Limit Object Number Count check passed |
||
json_check_max_object_member_count_violation str |
JSON Limit Object Number Count violation |
||
json_check_max_string_success str |
JSON Limit String check passed |
||
json_check_max_string_violation str |
JSON Limit String violation |
||
request_check_bot_success str |
Bot check passed |
||
request_check_bot_violation str |
Bot check violation |
||
request_check_redirect_wlist_success str |
Redirect Whitelist passed |
||
request_check_redirect_wlist_violation str |
Redirect Whitelist violation |
||
request_check_redirect_wlist_learn str |
Redirect Whitelist Learn |
||
request_check_referer_success str |
Referer Check passed |
||
request_check_referer_violation str |
Referer Check violation |
||
request_check_referer_redirect str |
Referer Check Redirect |
||
request_check_session_check_none str |
Session Created |
||
request_check_session_check_success str |
Session Check passed |
||
request_check_session_check_violation str |
Session Check violation |
||
request_check_sqlia_url_success str |
SQLIA Check URL passed |
||
request_check_sqlia_url_violation str |
SQLIA Check URL violation |
||
request_check_sqlia_url_sanitize str |
SQLIA Check URL Sanitized |
||
request_check_sqlia_post_body_success str |
SQLIA Check Post passed |
||
request_check_sqlia_post_body_violation str |
SQLIA Check Post violation |
||
request_check_sqlia_post_body_sanitize str |
SQLIA Check Post Sanitized |
||
request_check_url_list_success str |
URL Check passed |
||
request_check_url_list_violation str |
URL Check violation |
||
request_check_url_list_learn str |
URL Check Learn |
||
request_check_url_whitelist_success str |
URI White List passed |
||
request_check_url_whitelist_violation str |
URI White List violation |
||
request_check_url_blacklist_success str |
URI Black List passed |
||
request_check_url_blacklist_violation str |
URI Black List violation |
||
request_check_xss_cookie_success str |
XSS Check Cookie passed |
||
request_check_xss_cookie_violation str |
XSS Check Cookie violation |
||
request_check_xss_cookie_sanitize str |
XSS Check Cookie Sanitized |
||
request_check_xss_url_success str |
XSS Check URL passed |
||
request_check_xss_url_violation str |
XSS Check URL violation |
||
request_check_xss_url_sanitize str |
XSS Check URL Sanitized |
||
request_check_xss_post_body_success str |
XSS Check Post passed |
||
request_check_xss_post_body_violation str |
XSS Check Post violation |
||
request_check_xss_post_body_sanitize str |
XSS Check Post Sanitized |
||
response_cloaking_hide_status_code_success str |
Response Hide Code check passed |
||
response_cloaking_hide_status_code_violation str |
Response Hide Code violation |
||
response_cloaking_filter_headers_success str |
Response Headers Filter check passed |
||
response_cloaking_filter_headers_violation str |
Response Headers Filter violation |
||
soap_check_success str |
Soap Check passed |
||
soap_check_violation str |
Soap Check violation |
||
xml_check_format_success str |
XML Check passed |
||
xml_check_format_violation str |
XML Check violation |
||
xml_check_max_attr_success str |
XML Limit Attribute check passed |
||
xml_check_max_attr_violation str |
XML Limit Attribute violation |
||
xml_check_max_attr_name_len_success str |
XML Limit Name Length check passed |
||
xml_check_max_attr_name_len_violation str |
XML Limit Name Length violation |
||
xml_check_max_attr_value_len_success str |
XML Limit Value Length check passed |
||
xml_check_max_attr_value_len_violation str |
XML Limit Value Length violation |
||
xml_check_max_cdata_len_success str |
XML Limit CData Length check passed |
||
xml_check_max_cdata_len_violation str |
XML Limit CData Length violation |
||
xml_check_max_elem_success str |
XML Limit Element check passed |
||
xml_check_max_elem_violation str |
XML Limit Element violation |
||
xml_check_max_elem_child_success str |
XML Limit Element Child check passed |
||
xml_check_max_elem_child_violation str |
XML Limit Element Child violation |
||
xml_check_max_elem_depth_success str |
XML Limit Element Depth check passed |
||
xml_check_max_elem_depth_violation str |
XML Limit Element Depth violation |
||
xml_check_max_elem_name_len_success str |
XML Limit Element Name Length check passed |
||
xml_check_max_elem_name_len_violation str |
XML Limit Element Name Length violation |
||
xml_check_max_entity_exp_success str |
XML Limit Entity Decl check passed |
||
xml_check_max_entity_exp_violation str |
XML Limit Entity Decl violation |
||
xml_check_max_entity_exp_depth_success str |
XML Limit Entities Depth check passed |
||
xml_check_max_entity_exp_depth_violation str |
XML Limit Entities Depth violation |
||
xml_check_max_namespace_success str |
XML Limit Namespace check passed |
||
xml_check_max_namespace_violation str |
XML Limit Namespace violation |
||
xml_check_namespace_uri_len_success str |
XML Limit Namespace URI Length check passed |
||
xml_check_namespace_uri_len_violation str |
XML Limit Namespace URI Length violation |
||
xml_check_sqlia_success str |
XML Sqlia Check passed |
||
xml_check_sqlia_violation str |
XML Sqlia Check violation |
||
xml_check_xss_success str |
XML XSS Check passed |
||
xml_check_xss_violation str |
XML XSS Check violation |
||
xml_content_check_schema_success str |
XML Schema passed |
||
xml_content_check_schema_violation str |
XML Schema violation |
||
xml_content_check_wsdl_success str |
WSDL passed |
||
xml_content_check_wsdl_violation str |
WSDL violation |
||
learning_list_full str |
Learning list is full |
||
action_allow str |
Request Action allowed |
||
action_deny_200 str |
Request Deny with 200 |
||
action_deny_403 str |
Request Deny with 403 |
||
action_deny_redirect str |
Request Deny with Redirect |
||
action_deny_reset str |
Request Deny with Resets |
||
action_drop str |
Number of Dropped Requests |
||
action_deny_custom_response str |
Request Deny with custom response |
||
action_learn str |
Request Learning Updates |
||
action_log str |
Log request violation |
||
policy_limit_exceeded str |
Policy limit exceeded |
||
sessions_alloc str |
Sessions allocated |
||
sessions_freed str |
Sessions freed |
||
out_of_sessions str |
Out of sessions |
||
too_many_sessions str |
Too many sessions consumed |
||
regex_violation str |
Regular expression failure |
||
request_check_command_injection_cookies_success str |
Command Injection Check cookies passed |
||
request_check_command_injection_cookies_violation str |
Command Injection Check cookies violation |
||
request_check_command_injection_headers_success str |
Command Injection Check headers passed |
||
request_check_command_injection_headers_violation str |
Command Injection Check headers violation |
||
request_check_command_injection_uri_query_success str |
Command Injection Check url query arguments passed |
||
request_check_command_injection_uri_query_violation str |
Command Injection Check url query arguments violation |
||
request_check_command_injection_form_body_success str |
Command Injection Check form body arguments passed |
||
request_check_command_injection_form_body_violation str |
Command Injection Check form body arguments violation |
||
cookie_security_decrypt_in_grace_period_violation str |
Cookie Decrypt violation but in grace period |
||
form_response_non_post_success str |
Response form method was POST |
||
form_response_non_post_violation str |
Response form method was not POST |
||
form_response_non_post_sanitize str |
Changed response form method to POST |
||
xml_check_max_entity_decl_success str |
XML Limit Entity Decl check passed |
||
xml_check_max_entity_decl_violation str |
XML Limit Entity Decl violation |
||
xml_check_max_entity_depth_success str |
XML Limit Entity Depth check passed |
||
xml_check_max_entity_depth_violation str |
XML Limit Entity Depth violation |
||
response_action_allow str |
Response Action allowed |
||
response_action_deny_200 str |
Response Deny with 200 |
||
response_action_deny_403 str |
Response Deny with 403 |
||
response_action_deny_redirect str |
Response Deny with Redirect |
||
response_action_deny_reset str |
Response Deny with Resets |
||
response_action_drop str |
Number of Dropped Responses |
||
response_action_deny_custom_response str |
Response Deny with custom response |
||
response_action_learn str |
Response Learning Updates |
||
response_action_log str |
Log response violation |
||
http_protocol_post_without_content_type_success str |
POST without content type check passed |
||
http_protocol_post_without_content_type_violation str |
POST without content type check violation |
||
http_protocol_body_without_content_type_success str |
Body without content type check passed |
||
http_protocol_body_without_content_type_violation str |
Body without content type check violation |
||
http_protocol_non_ssl_cookie_prefix_success str |
Cookie Name Prefix check passed |
||
http_protocol_non_ssl_cookie_prefix_violation str |
Cookie Name Prefix check violation |
||
cookie_security_add_samesite_success str |
Cookie Security - samesite attribute added successfully |
||
cookie_security_add_samesite_violation str |
Cookie Security - samesite attribute violation |
||
name str |
WAF Template Name |
||
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.