a10_waf_template¶
Parameters¶
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
WAF Template Name |
||
allowed_http_methods str |
List of allowed HTTP methods. Default is ‘GET POST’. (List of HTTP methods allowed (default ‘GET POST’)) |
||
bot_check bool |
Check User-Agent for known bots |
||
bot_check_policy_file str |
Name of WAF policy list file |
||
brute_force_challenge_limit int |
Maximum brute-force events before sending challenge (default 2) (Maximum brute- force events before locking out client (default 2)) |
||
brute_force_global bool |
Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally) |
||
brute_force_lockout_limit int |
Maximum brute-force events before locking out client (default 5) |
||
brute_force_lockout_period int |
Number of seconds client should be locked out (default 600) |
||
brute_force_test_period int |
Number of seconds for brute-force event counting (default 60) |
||
brute_force_check bool |
Enable brute-force attack mitigation |
||
brute_force_resp_codes bool |
Trigger brute-force check on HTTP response code |
||
brute_force_resp_codes_file str |
Name of WAF policy list file |
||
brute_force_resp_string bool |
Trigger brute-force check on HTTP response line |
||
brute_force_resp_string_file str |
Name of WAF policy list file |
||
brute_force_resp_headers bool |
Trigger brute-force check on HTTP response header names |
||
brute_force_resp_headers_file str |
Name of WAF policy list file |
||
disable bool |
Disable buffer overflow protection |
||
max_cookie_len int |
Max Cookie length allowed in request (default 4096) (Maximum length of cookie allowed (default 4096)) |
||
max_cookie_name_len int |
Max Cookie Name length allowed in request (default 64) ( Maximum length of cookie name allowed (default 64)) |
||
max_cookie_value_len int |
Max Cookie Value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096)) |
||
max_cookies_len int |
Max Total Cookies length allowed in request (default 4096) (Maximum total length of cookies allowed (default 4096)) |
||
max_data_parse int |
Max data parsed for Web Application Firewall (default 65536) (Maximum data parsed for Web Application Firewall (default 65536)) |
||
max_hdr_name_len int |
Max header name length allowed in request (default 63) (Maximum length of header name allowed (default 63)) |
||
max_hdr_value_len int |
Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096)) |
||
max_hdrs_len int |
Max headers length allowed in request (default 4096) (Maximum length of headers allowed (default 4096)) |
||
max_line_len int |
Max Line length allowed in request (default 1024) (Maximum length of Request line allowed (default 1024)) |
||
max_parameter_name_len int |
Max HTML parameter name length in an HTTP request (default 256) (Maximum HTML parameter name length in an HTTP request (default 256)) |
||
max_parameter_total_len int |
Max HTML parameter total length in an HTTP request (default 4096) (Maximum HTML parameter total length in an HTTP request (default 4096)) |
||
max_parameter_value_len int |
Max HTML parameter value length in an HTTP request (default 4096) (Maximum HTML parameter value in an HTTP request (default 4096)) |
||
max_post_size int |
Max content length allowed in POST request (default 20480) (Maximum size allowed content in an HTTP POST request (default 20480)) |
||
max_query_len int |
Max Query length allowed in request (default 1024) (Maximum length of Request query allowed (default 1024)) |
||
max_url_len int |
Max URL length allowed in request (default 1024) (Maximum length of URL allowed (default 1024)) |
||
ccn_mask bool |
Mask credit card numbers in response |
||
cookie_name str |
Cookie name (simple string or PCRE pattern) |
||
cookie_encryption_secret str |
Cookie encryption secret |
||
secret_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) |
||
challenge_action_cookie bool |
Use Set-Cookie to determine if client allows cookies |
||
challenge_action_javascript bool |
Add JavaScript to response to test if client allows JavaScript |
||
csrf_check bool |
Tag the form to protect against Cross-site Request Forgery |
||
http_redirect str |
Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request) |
||
http_resp_200 bool |
Send HTTP response with status code 200 OK |
||
resp_url_200 str |
Response content to send client when denying request |
||
reset_conn bool |
Reset the client connection |
||
http_resp_403 bool |
Send HTTP response with status code 403 Forbidden (default) |
||
resp_url_403 str |
Response content to send client when denying request |
||
deny_non_masked_passwords bool |
Denies forms that have a password field with a textual type, resulting in this field not being masked |
||
deny_non_ssl_passwords bool |
Denies any form that has a password field if the form is not sent over an SSL connection |
||
deny_password_autocomplete bool |
Check to protect against server-generated form which contain password fields that allow autocomplete |
||
deploy_mode str |
‘active’= Deploy WAF in active (blocking) mode; ‘passive’= Deploy WAF in passive (log-only) mode; ‘learning’= Deploy WAF in learning mode; |
||
filter_resp_hdrs bool |
Removes web server’s identifying headers |
||
form_consistency_check bool |
Form input consistency check |
||
form_deny_non_post bool |
Deny request with forms if the method is not POST |
||
form_deny_non_ssl bool |
Deny request with forms if the protocol is not SSL |
||
form_set_no_cache bool |
Disable caching of form-containing responses |
||
hide_resp_codes bool |
Hides response codes that are not allowed (default 4xx, 5xx) |
||
hide_resp_codes_file str |
Name of WAF policy list file |
||
http_check bool |
Check request for HTTP protocol compliance |
||
json_format_check bool |
Check HTTP body for JSON format compliance |
||
max_array_value_count int |
Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256)) |
||
max_depth int |
Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16)) |
||
max_object_member_count int |
Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256)) |
||
max_string int |
Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64)) |
||
log_succ_reqs bool |
Log successful waf requests |
||
max_cookies int |
Maximum number of cookies allowed in request (default 20) |
||
max_entities int |
Maximum number of MIME entities allowed in request (default 10) |
||
max_hdrs int |
Maximum number of headers allowed in request (default 20) |
||
max_parameters int |
Maximum number of HTML parameters allowed in request (default 64) |
||
pcre_mask str |
Mask matched PCRE pattern in response |
||
keep_start int |
Number of unmasked characters at the beginning (default= 0) |
||
keep_end int |
Number of unmasked characters at the end (default= 0) |
||
mask str |
Character to mask the matched pattern (default= X) |
||
redirect_wlist bool |
Check Redirect URL against list of previously learned redirects |
||
referer_check bool |
Check referer to protect against CSRF attacks |
||
referer_domain_list str |
List of referer domains allowed |
||
referer_safe_url str |
Safe URL to redirect to if referer is missing |
||
referer_domain_list_only str |
List of referer domains allowed |
||
session_check bool |
Enable session checking via session cookie |
||
lifetime int |
Session lifetime in minutes (default 10) |
||
soap_format_check bool |
Check XML document for SOAP format compliance |
||
sqlia_check str |
‘reject’= Reject requests with SQLIA patterns; ‘sanitize’= Remove bad SQL from request; |
||
sqlia_check_policy_file str |
Name of WAF policy list file |
||
ssn_mask bool |
Mask US Social Security numbers in response |
||
logging str |
Logging template (Logging Config name) |
||
uri_blist_check bool |
specify name of WAF policy list file to blacklist |
||
waf_blist_file str |
Name of WAF policy list file |
||
uri_wlist_check bool |
specify name of WAF policy list file to whitelist |
||
waf_wlist_file str |
Name of WAF policy list file |
||
url_check bool |
Check URL against list of previously learned URLs |
||
decode_entities bool |
Decode entities in internal url |
||
decode_escaped_chars bool |
Decode escaped characters such as r n ' xXX u00YY in internal url |
||
decode_hex_chars bool |
Decode hex chars such as %xx and %u00yy in internal url |
||
remove_comments bool |
Remove comments from internal url |
||
remove_selfref bool |
Remove self-references such as /./ and /path/../ from internal url |
||
remove_spaces bool |
Remove spaces from internal url |
||
xml_format_check bool |
Check HTTP body for XML format compliance |
||
max_attr int |
Maximum number of attributes of an XML element (default 256) |
||
max_attr_name_len int |
Maximum length of an attribute name (default 128) |
||
max_attr_value_len int |
Maximum length of an attribute text value (default 128) |
||
max_cdata_len int |
Maximum length of an CDATA section of an element (default 65535) |
||
max_elem int |
Maximum number of XML elements (default 1024) |
||
max_elem_child int |
Maximum number of children of an XML element (default 1024) |
||
max_elem_depth int |
Maximum recursion level for element definition (default 256) |
||
max_elem_name_len int |
Maximum length for an element name (default 128) |
||
max_entity_exp int |
Maximum number of entity expansions (default 1024) |
||
max_entity_exp_depth int |
Maximum nested depth of entity expansion (default 32) |
||
max_namespace int |
Maximum number of namespace declarations (default 16) |
||
max_namespace_uri_len int |
Maximum length of a namespace URI (default 256) |
||
xml_sqlia_check bool |
Check XML data against SQLIA policy |
||
wsdl_file str |
Specify name of WSDL file for verifying XML body contents |
||
wsdl_resp_val_file str |
Specify name of WSDL file for verifying XML body contents |
||
xml_schema_file str |
Specify name of XML-Schema file for verifying XML body contents |
||
xml_schema_resp_val_file str |
Specify name of XML-Schema file for verifying XML body contents |
||
xml_xss_check bool |
Check XML data against XSS policy |
||
xss_check str |
‘reject’= Reject requests with bad cookies; ‘sanitize’= Remove bad cookies from request; |
||
xss_check_policy_file str |
Name of WAF policy list file |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
stats dict |
Field stats |
||
total_req str |
Total Requests |
||
req_allowed str |
Requests Allowed |
||
req_denied str |
Requests Denied |
||
bot_check_succ str |
Botnet Check Success |
||
bot_check_fail str |
Botnet Check Failure |
||
form_consistency_succ str |
Form Consistency Success |
||
form_consistency_fail str |
Form Consistency Failure |
||
form_csrf_tag_succ str |
Form CSRF tag Success |
||
form_csrf_tag_fail str |
Form CSRF tag Failure |
||
url_check_succ str |
URL Check Success |
||
url_check_fail str |
URL Check Failure |
||
url_check_learn str |
URL Check Learn |
||
buf_ovf_url_len_fail str |
Buffer Overflow - URL Length Failure |
||
buf_ovf_cookie_len_fail str |
Buffer Overflow - Cookie Length Failure |
||
buf_ovf_hdrs_len_fail str |
Buffer Overflow - Headers length Failure |
||
buf_ovf_post_size_fail str |
Buffer Overflow - Post size Failure |
||
max_cookies_fail str |
Max Cookies Failure |
||
max_hdrs_fail str |
Max Headers Failure |
||
http_method_check_succ str |
Http Method Check Success |
||
http_method_check_fail str |
Http Method Check Failure |
||
http_check_succ str |
Http Check Success |
||
http_check_fail str |
Http Check Failure |
||
referer_check_succ str |
Referer Check Success |
||
referer_check_fail str |
Referer Check Failure |
||
referer_check_redirect str |
Referer Check Redirect |
||
uri_wlist_succ str |
URI White List Success |
||
uri_wlist_fail str |
URI White List Failure |
||
uri_blist_succ str |
URI Black List Success |
||
uri_blist_fail str |
URI Black List Failure |
||
post_form_check_succ str |
Post Form Check Success |
||
post_form_check_sanitize str |
Post Form Check Sanitized |
||
post_form_check_reject str |
Post Form Check Rejected |
||
ccn_mask_amex str |
Credit Card Number Mask Amex |
||
ccn_mask_diners str |
Credit Card Number Mask Diners |
||
ccn_mask_visa str |
Credit Card Number Mask Visa |
||
ccn_mask_mastercard str |
Credit Card Number Mask Mastercard |
||
ccn_mask_discover str |
Credit Card Number Mask Discover |
||
ccn_mask_jcb str |
Credit Card Number Mask Jcb |
||
ssn_mask str |
Social Security Number Mask |
||
pcre_mask str |
PCRE Mask |
||
cookie_encrypt_succ str |
Cookie Encrypt Success |
||
cookie_encrypt_fail str |
Cookie Encrypt Failure |
||
cookie_encrypt_limit_exceeded str |
Cookie Encrypt Limit Exceeded |
||
cookie_encrypt_skip_rcache str |
Cookie Encrypt Skip RCache |
||
cookie_decrypt_succ str |
Cookie Decrypt Success |
||
cookie_decrypt_fail str |
Cookie Decrypt Failure |
||
sqlia_chk_url_succ str |
SQLIA Check URL Success |
||
sqlia_chk_url_sanitize str |
SQLIA Check URL Sanitized |
||
sqlia_chk_url_reject str |
SQLIA Check URL Rejected |
||
sqlia_chk_post_succ str |
SQLIA Check Post Success |
||
sqlia_chk_post_sanitize str |
SQLIA Check Post Sanitized |
||
sqlia_chk_post_reject str |
SQLIA Check Post Rejected |
||
xss_chk_cookie_succ str |
XSS Check Cookie Success |
||
xss_chk_cookie_sanitize str |
XSS Check Cookie Sanitized |
||
xss_chk_cookie_reject str |
XSS Check Cookie Rejected |
||
xss_chk_url_succ str |
XSS Check URL Success |
||
xss_chk_url_sanitize str |
XSS Check URL Sanitized |
||
xss_chk_url_reject str |
XSS Check URL Rejected |
||
xss_chk_post_succ str |
XSS Check Post Success |
||
xss_chk_post_sanitize str |
XSS Check Post Sanitized |
||
xss_chk_post_reject str |
XSS Check Post Rejected |
||
resp_code_hidden str |
Response Code Hidden |
||
resp_hdrs_filtered str |
Response Headers Filtered |
||
learn_updates str |
Learning Updates |
||
num_drops str |
Number Drops |
||
num_resets str |
Number Resets |
||
form_non_ssl_reject str |
Form Non SSL Rejected |
||
form_non_post_reject str |
Form Non Post Rejected |
||
sess_check_none str |
Session Check None |
||
sess_check_succ str |
Session Check Success |
||
sess_check_fail str |
Session Check Failure |
||
soap_check_succ str |
Soap Check Success |
||
soap_check_failure str |
Soap Check Failure |
||
wsdl_fail str |
WSDL Failure |
||
wsdl_succ str |
WSDL Success |
||
xml_schema_fail str |
XML Schema Failure |
||
xml_schema_succ str |
XML Schema Success |
||
xml_sqlia_chk_fail str |
XML Sqlia Check Failure |
||
xml_sqlia_chk_succ str |
XML Sqlia Check Success |
||
xml_xss_chk_fail str |
XML XSS Check Failure |
||
xml_xss_chk_succ str |
XML XSS Check Success |
||
json_check_failure str |
JSON Check Failure |
||
json_check_succ str |
JSON Check Success |
||
xml_check_failure str |
XML Check Failure |
||
xml_check_succ str |
XML Check Success |
||
buf_ovf_cookie_value_len_fail str |
Buffer Overflow - Cookie Value Length Failure |
||
buf_ovf_cookies_len_fail str |
Buffer Overflow - Cookies Length Failure |
||
buf_ovf_hdr_name_len_fail str |
Buffer Overflow - Header Name Length Failure |
||
buf_ovf_hdr_value_len_fail str |
Buffer Overflow - Header Value Length Failure |
||
buf_ovf_max_data_parse_fail str |
Buffer Overflow - Max Data Parse Failure |
||
buf_ovf_line_len_fail str |
Buffer Overflow - Line Length Failure |
||
buf_ovf_parameter_name_len_fail str |
Buffer Overflow - HTML Parameter Name Length Failure |
||
buf_ovf_parameter_value_len_fail str |
Buffer Overflow - HTML Parameter Value Length Failure |
||
buf_ovf_parameter_total_len_fail str |
Buffer Overflow - HTML Parameter Total Length Failure |
||
buf_ovf_query_len_fail str |
Buffer Overflow - Query Length Failure |
||
max_entities_fail str |
Max Entities Failure |
||
max_parameters_fail str |
Max Parameters Failure |
||
buf_ovf_cookie_name_len_fail str |
Buffer Overflow - Cookie Name Length Failure |
||
xml_limit_attr str |
XML Limit Attribue |
||
xml_limit_attr_name_len str |
XML Limit Name Length |
||
xml_limit_attr_value_len str |
XML Limit Value Length |
||
xml_limit_cdata_len str |
XML Limit CData Length |
||
xml_limit_elem str |
XML Limit Element |
||
xml_limit_elem_child str |
XML Limit Element Child |
||
xml_limit_elem_depth str |
XML Limit Element Depth |
||
xml_limit_elem_name_len str |
XML Limit Element Name Length |
||
xml_limit_entity_exp str |
XML Limit Entity Exp |
||
xml_limit_entity_exp_depth str |
XML Limit Entity Exp Depth |
||
xml_limit_namespace str |
XML Limit Namespace |
||
xml_limit_namespace_uri_len str |
XML Limit Namespace URI Length |
||
json_limit_array_value_count str |
JSON Limit Array Value Count |
||
json_limit_depth str |
JSON Limit Depth |
||
json_limit_object_member_count str |
JSON Limit Object Number Count |
||
json_limit_string str |
JSON Limit String |
||
form_non_masked_password str |
Form Non Masked Password |
||
form_non_ssl_password str |
Form Non SSL Password |
||
form_password_autocomplete str |
Form Password Autocomplete |
||
redirect_wlist_succ str |
Redirect Whitelist Success |
||
redirect_wlist_fail str |
Redirect Whitelist Failure |
||
redirect_wlist_learn str |
Redirect Whitelist Learn |
||
form_set_no_cache str |
Form Set No Cache |
||
resp_denied str |
Responses Denied |
||
sessions_alloc str |
Sessions allocated |
||
sessions_freed str |
Sessions freed |
||
out_of_sessions str |
Out of sessions |
||
too_many_sessions str |
Too many sessions consumed |
||
called str |
Threshold check count |
||
permitted str |
Honor threshold count |
||
brute_force_success str |
Brute-force checks passed |
||
brute_force_fail str |
Brute-force checks failed |
||
challenge_cookie_sent str |
Cookie challenge sent |
||
challenge_javascript_sent str |
JavaScript challenge sent |
||
challenge_captcha_sent str |
Captcha challenge sent |
||
name str |
WAF Template Name |
||