{ "id":"/axapi/v3/waf", "type":"object", "node-type":"intermediate", "title":"waf", "operation-not-allowed": ["PUT", "POST", "DELETE"], "partition-visibility":"shared", "auto-created-object":1, "description":"WAF related commands", "properties":{ "global":{ "type":"object", "$ref":"/axapi/v3/waf/global", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'total_req': Total Requests; 'req_allowed': Requests Allowed; 'req_denied': Requests Denied; 'bot_check_succ': Botnet Check Success; 'bot_check_fail': Botnet Check Failure; 'form_consistency_succ': Form Consistency Success; 'form_consistency_fail': Form Consistency Failure; 'form_csrf_tag_succ': Form CSRF tag Success; 'form_csrf_tag_fail': Form CSRF tag Failure; 'url_check_succ': URL Check Success; 'url_check_fail': URL Check Failure; 'url_check_learn': URL Check Learn; 'buf_ovf_url_len_fail': Buffer Overflow - URL Length Failure; 'buf_ovf_cookie_len_fail': Buffer Overflow - Cookie Length Failure; 'buf_ovf_hdrs_len_fail': Buffer Overflow - Headers length Failure; 'buf_ovf_post_size_fail': Buffer Overflow - Post size Failure; 'max_cookies_fail': Max Cookies Failure; 'max_hdrs_fail': Max Headers Failure; 'http_method_check_succ': Http Method Check Success; 'http_method_check_fail': Http Method Check Failure; 'http_check_succ': Http Check Success; 'http_check_fail': Http Check Failure; 'referer_check_succ': Referer Check Success; 'referer_check_fail': Referer Check Failure; 'referer_check_redirect': Referer Check Redirect; 'uri_wlist_succ': URI White List Success; 'uri_wlist_fail': URI White List Failure; 'uri_blist_succ': URI Black List Success; 'uri_blist_fail': URI Black List Failure; 'post_form_check_succ': Post Form Check Success; 'post_form_check_sanitize': Post Form Check Sanitized; 'post_form_check_reject': Post Form Check Rejected; 'ccn_mask_amex': Credit Card Number Mask Amex; 'ccn_mask_diners': Credit Card Number Mask Diners; 'ccn_mask_visa': Credit Card Number Mask Visa; 'ccn_mask_mastercard': Credit Card Number Mask Mastercard; 'ccn_mask_discover': Credit Card Number Mask Discover; 'ccn_mask_jcb': Credit Card Number Mask Jcb; 'ssn_mask': Social Security Number Mask; 'pcre_mask': PCRE Mask; 'cookie_encrypt_succ': Cookie Encrypt Success; 'cookie_encrypt_fail': Cookie Encrypt Failure; 'cookie_encrypt_limit_exceeded': Cookie Encrypt Limit Exceeded; 'cookie_encrypt_skip_rcache': Cookie Encrypt Skip RCache; 'cookie_decrypt_succ': Cookie Decrypt Success; 'cookie_decrypt_fail': Cookie Decrypt Failure; 'sqlia_chk_url_succ': SQLIA Check URL Success; 'sqlia_chk_url_sanitize': SQLIA Check URL Sanitized; 'sqlia_chk_url_reject': SQLIA Check URL Rejected; 'sqlia_chk_post_succ': SQLIA Check Post Success; 'sqlia_chk_post_sanitize': SQLIA Check Post Sanitized; 'sqlia_chk_post_reject': SQLIA Check Post Rejected; 'xss_chk_cookie_succ': XSS Check Cookie Success; 'xss_chk_cookie_sanitize': XSS Check Cookie Sanitized; 'xss_chk_cookie_reject': XSS Check Cookie Rejected; 'xss_chk_url_succ': XSS Check URL Success; 'xss_chk_url_sanitize': XSS Check URL Sanitized; 'xss_chk_url_reject': XSS Check URL Rejected; 'xss_chk_post_succ': XSS Check Post Success; 'xss_chk_post_sanitize': XSS Check Post Sanitized; 'xss_chk_post_reject': XSS Check Post Rejected; 'resp_code_hidden': Response Code Hidden; 'resp_hdrs_filtered': Response Headers Filtered; 'learn_updates': Learning Updates; 'num_drops': Number Drops; 'num_resets': Number Resets; 'form_non_ssl_reject': Form Non SSL Rejected; 'form_non_post_reject': Form Non Post Rejected; 'sess_check_none': Session Check None; 'sess_check_succ': Session Check Success; 'sess_check_fail': Session Check Failure; 'soap_check_succ': Soap Check Success; 'soap_check_failure': Soap Check Failure; 'wsdl_fail': WSDL Failure; 'wsdl_succ': WSDL Success; 'xml_schema_fail': XML Schema Failure; 'xml_schema_succ': XML Schema Success; 'xml_sqlia_chk_fail': XML Sqlia Check Failure; 'xml_sqlia_chk_succ': XML Sqlia Check Success; 'xml_xss_chk_fail': XML XSS Check Failure; 'xml_xss_chk_succ': XML XSS Check Success; 'json_check_failure': JSON Check Failure; 'json_check_succ': JSON Check Success; 'xml_check_failure': XML Check Failure; 'xml_check_succ': XML Check Success; 'buf_ovf_cookie_value_len_fail': Buffer Overflow - Cookie Value Length Failure; 'buf_ovf_cookies_len_fail': Buffer Overflow - Cookies Length Failure; 'buf_ovf_hdr_name_len_fail': Buffer Overflow - Header Name Length Failure; 'buf_ovf_hdr_value_len_fail': Buffer Overflow - Header Value Length Failure; 'buf_ovf_max_data_parse_fail': Buffer Overflow - Max Data Parse Failure; 'buf_ovf_line_len_fail': Buffer Overflow - Line Length Failure; 'buf_ovf_parameter_name_len_fail': Buffer Overflow - HTML Parameter Name Length Failure; 'buf_ovf_parameter_value_len_fail': Buffer Overflow - HTML Parameter Value Length Failure; 'buf_ovf_parameter_total_len_fail': Buffer Overflow - HTML Parameter Total Length Failure; 'buf_ovf_query_len_fail': Buffer Overflow - Query Length Failure; 'max_entities_fail': Max Entities Failure; 'max_parameters_fail': Max Parameters Failure; 'buf_ovf_cookie_name_len_fail': Buffer Overflow - Cookie Name Length Failure; 'xml_limit_attr': XML Limit Attribue; 'xml_limit_attr_name_len': XML Limit Name Length; 'xml_limit_attr_value_len': XML Limit Value Length; 'xml_limit_cdata_len': XML Limit CData Length; 'xml_limit_elem': XML Limit Element; 'xml_limit_elem_child': XML Limit Element Child; 'xml_limit_elem_depth': XML Limit Element Depth; 'xml_limit_elem_name_len': XML Limit Element Name Length; 'xml_limit_entity_exp': XML Limit Entity Exp; 'xml_limit_entity_exp_depth': XML Limit Entity Exp Depth; 'xml_limit_namespace': XML Limit Namespace; 'xml_limit_namespace_uri_len': XML Limit Namespace URI Length; 'json_limit_array_value_count': JSON Limit Array Value Count; 'json_limit_depth': JSON Limit Depth; 'json_limit_object_member_count': JSON Limit Object Number Count; 'json_limit_string': JSON Limit String; 'form_non_masked_password': Form Non Masked Password; 'form_non_ssl_password': Form Non SSL Password; 'form_password_autocomplete': Form Password Autocomplete; 'redirect_wlist_succ': Redirect Whitelist Success; 'redirect_wlist_fail': Redirect Whitelist Failure; 'redirect_wlist_learn': Redirect Whitelist Learn; 'form_set_no_cache': Form Set No Cache; 'resp_denied': Responses Denied; 'sessions_alloc': Sessions allocated; 'sessions_freed': Sessions freed; 'out_of_sessions': Out of sessions; 'too_many_sessions': Too many sessions consumed; 'called': Threshold check count; 'permitted': Honor threshold count; 'brute_force_success': Brute-force checks passed; 'brute_force_fail': Brute-force checks failed; 'challenge_cookie_sent': Cookie challenge sent; 'challenge_javascript_sent': JavaScript challenge sent; 'challenge_captcha_sent': Captcha challenge sent; ", "enum":[ "all", "total_req", "req_allowed", "req_denied", "bot_check_succ", "bot_check_fail", "form_consistency_succ", "form_consistency_fail", "form_csrf_tag_succ", "form_csrf_tag_fail", "url_check_succ", "url_check_fail", "url_check_learn", "buf_ovf_url_len_fail", "buf_ovf_cookie_len_fail", "buf_ovf_hdrs_len_fail", "buf_ovf_post_size_fail", "max_cookies_fail", "max_hdrs_fail", "http_method_check_succ", "http_method_check_fail", "http_check_succ", "http_check_fail", "referer_check_succ", "referer_check_fail", "referer_check_redirect", "uri_wlist_succ", "uri_wlist_fail", "uri_blist_succ", "uri_blist_fail", "post_form_check_succ", "post_form_check_sanitize", "post_form_check_reject", "ccn_mask_amex", "ccn_mask_diners", "ccn_mask_visa", "ccn_mask_mastercard", "ccn_mask_discover", "ccn_mask_jcb", "ssn_mask", "pcre_mask", "cookie_encrypt_succ", "cookie_encrypt_fail", "cookie_encrypt_limit_exceeded", "cookie_encrypt_skip_rcache", "cookie_decrypt_succ", "cookie_decrypt_fail", "sqlia_chk_url_succ", "sqlia_chk_url_sanitize", "sqlia_chk_url_reject", "sqlia_chk_post_succ", "sqlia_chk_post_sanitize", "sqlia_chk_post_reject", "xss_chk_cookie_succ", "xss_chk_cookie_sanitize", "xss_chk_cookie_reject", "xss_chk_url_succ", "xss_chk_url_sanitize", "xss_chk_url_reject", "xss_chk_post_succ", "xss_chk_post_sanitize", "xss_chk_post_reject", "resp_code_hidden", "resp_hdrs_filtered", "learn_updates", "num_drops", "num_resets", "form_non_ssl_reject", "form_non_post_reject", "sess_check_none", "sess_check_succ", "sess_check_fail", "soap_check_succ", "soap_check_failure", "wsdl_fail", "wsdl_succ", "xml_schema_fail", "xml_schema_succ", "xml_sqlia_chk_fail", "xml_sqlia_chk_succ", "xml_xss_chk_fail", "xml_xss_chk_succ", "json_check_failure", "json_check_succ", "xml_check_failure", "xml_check_succ", "buf_ovf_cookie_value_len_fail", "buf_ovf_cookies_len_fail", "buf_ovf_hdr_name_len_fail", "buf_ovf_hdr_value_len_fail", "buf_ovf_max_data_parse_fail", "buf_ovf_line_len_fail", "buf_ovf_parameter_name_len_fail", "buf_ovf_parameter_value_len_fail", "buf_ovf_parameter_total_len_fail", "buf_ovf_query_len_fail", "max_entities_fail", "max_parameters_fail", "buf_ovf_cookie_name_len_fail", "xml_limit_attr", "xml_limit_attr_name_len", "xml_limit_attr_value_len", "xml_limit_cdata_len", "xml_limit_elem", "xml_limit_elem_child", "xml_limit_elem_depth", "xml_limit_elem_name_len", "xml_limit_entity_exp", "xml_limit_entity_exp_depth", "xml_limit_namespace", "xml_limit_namespace_uri_len", "json_limit_array_value_count", "json_limit_depth", "json_limit_object_member_count", "json_limit_string", "form_non_masked_password", "form_non_ssl_password", "form_password_autocomplete", "redirect_wlist_succ", "redirect_wlist_fail", "redirect_wlist_learn", "form_set_no_cache", "resp_denied", "sessions_alloc", "sessions_freed", "out_of_sessions", "too_many_sessions", "called", "permitted", "brute_force_success", "brute_force_fail", "challenge_cookie_sent", "challenge_javascript_sent", "challenge_captcha_sent" ] }, "optional":true } } ] } } }, "policy":{ "type":"object", "$ref":"/axapi/v3/waf/policy", "properties":{ "max-filesize":{ "type":"number", "format":"number", "minimum":16, "maximum":10240, "default":32, "partition-visibility":"shared", "description":"Set maximum WAF policy file size (Maximum file size in KBytes, default is 32K)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "xml-schema":{ "type":"object", "$ref":"/axapi/v3/waf/xml-schema", "properties":{ "max-filesize":{ "type":"number", "format":"number", "minimum":16, "maximum":256, "default":32, "partition-visibility":"shared", "description":"Set maximum XML-Schema file size (Maximum file size in KBytes, default is 32K)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "wsdl":{ "type":"object", "$ref":"/axapi/v3/waf/wsdl", "properties":{ "max-filesize":{ "type":"number", "format":"number", "minimum":16, "maximum":256, "default":32, "partition-visibility":"shared", "description":"Set maximum WSDL file size (Maximum file size in KBytes, default is 32K)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "template-list":{ "type":"array", "minItems":1, "items":{ "type":"template" }, "uniqueItems":true, "$ref":"/axapi/v3/waf/template/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"WAF Template Name", "optional":false }, "allowed-http-methods":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "default":"GET POST", "partition-visibility":"shared", "description":"List of allowed HTTP methods. Default is \"GET POST\". (List of HTTP methods allowed (default \"GET POST\"))", "optional":true }, "bot-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check User-Agent for known bots", "optional":true }, "bot-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "brute-force-challenge-limit":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":2, "partition-visibility":"shared", "description":"Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2))", "optional":true }, "brute-force-global":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally)", "optional":true }, "brute-force-lockout-limit":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":5, "partition-visibility":"shared", "description":"Maximum brute-force events before locking out client (default 5)", "optional":true }, "brute-force-lockout-period":{ "type":"number", "format":"number", "minimum":0, "maximum":1800, "default":600, "partition-visibility":"shared", "description":"Number of seconds client should be locked out (default 600)", "optional":true }, "brute-force-test-period":{ "type":"number", "format":"number", "minimum":0, "maximum":600, "default":60, "partition-visibility":"shared", "description":"Number of seconds for brute-force event counting (default 60)", "optional":true }, "brute-force-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable brute-force attack mitigation", "optional":true }, "brute-force-resp-codes":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Trigger brute-force check on HTTP response code", "optional":true }, "brute-force-resp-codes-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "brute-force-resp-string":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Trigger brute-force check on HTTP response line", "optional":true }, "brute-force-resp-string-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "brute-force-resp-headers":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Trigger brute-force check on HTTP response header names", "optional":true }, "brute-force-resp-headers-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable buffer overflow protection", "optional":true }, "max-cookie-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max Cookie length allowed in request (default 4096) (Maximum length of cookie allowed (default 4096))", "optional":true }, "max-cookie-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":64, "partition-visibility":"shared", "description":"Max Cookie Name length allowed in request (default 64) ( Maximum length of cookie name allowed (default 64))", "optional":true }, "max-cookie-value-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max Cookie Value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))", "optional":true }, "max-cookies-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max Total Cookies length allowed in request (default 4096) (Maximum total length of cookies allowed (default 4096))", "optional":true }, "max-data-parse":{ "type":"number", "format":"number", "minimum":0, "maximum":262144, "default":65536, "partition-visibility":"shared", "description":"Max data parsed for Web Application Firewall (default 65536) (Maximum data parsed for Web Application Firewall (default 65536))", "optional":true }, "max-hdr-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":63, "default":63, "partition-visibility":"shared", "description":"Max header name length allowed in request (default 63) (Maximum length of header name allowed (default 63))", "optional":true }, "max-hdr-value-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))", "optional":true }, "max-hdrs-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max headers length allowed in request (default 4096) (Maximum length of headers allowed (default 4096))", "optional":true }, "max-line-len":{ "type":"number", "format":"number", "minimum":0, "maximum":16127, "default":1024, "partition-visibility":"shared", "description":"Max Line length allowed in request (default 1024) (Maximum length of Request line allowed (default 1024))", "optional":true }, "max-parameter-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":256, "partition-visibility":"shared", "description":"Max HTML parameter name length in an HTTP request (default 256) (Maximum HTML parameter name length in an HTTP request (default 256))", "optional":true }, "max-parameter-total-len":{ "type":"number", "format":"number", "minimum":0, "maximum":102400000, "default":4096, "partition-visibility":"shared", "description":"Max HTML parameter total length in an HTTP request (default 4096) (Maximum HTML parameter total length in an HTTP request (default 4096))", "optional":true }, "max-parameter-value-len":{ "type":"number", "format":"number", "minimum":0, "maximum":102400000, "default":4096, "partition-visibility":"shared", "description":"Max HTML parameter value length in an HTTP request (default 4096) (Maximum HTML parameter value in an HTTP request (default 4096))", "optional":true }, "max-post-size":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "default":20480, "partition-visibility":"shared", "description":"Max content length allowed in POST request (default 20480) (Maximum size allowed content in an HTTP POST request (default 20480))", "optional":true }, "max-query-len":{ "type":"number", "format":"number", "minimum":0, "maximum":16127, "default":1024, "partition-visibility":"shared", "description":"Max Query length allowed in request (default 1024) (Maximum length of Request query allowed (default 1024))", "optional":true }, "max-url-len":{ "type":"number", "format":"number", "minimum":0, "maximum":16127, "default":1024, "partition-visibility":"shared", "description":"Max URL length allowed in request (default 1024) (Maximum length of URL allowed (default 1024))", "optional":true }, "ccn-mask":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mask credit card numbers in response", "optional":true }, "cookie-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Cookie name (simple string or PCRE pattern)", "optional":true }, "cookie-encryption-secret":{ "type":"string", "format":"password", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Cookie encryption secret", "optional":true }, "secret-encrypted":{ "type":"encrypted", "format":"encrypted", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)", "optional":true }, "challenge-action-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use Set-Cookie to determine if client allows cookies", "optional":true }, "challenge-action-javascript":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Add JavaScript to response to test if client allows JavaScript", "optional":true }, "csrf-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Tag the form to protect against Cross-site Request Forgery", "optional":true }, "http-redirect":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not-list":[ "http-resp-200", "reset-conn", "http-resp-403" ], "description":"Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)", "optional":true }, "http-resp-200":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "http-redirect", "reset-conn", "http-resp-403" ], "description":"Send HTTP response with status code 200 OK", "optional":true }, "resp-url-200":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Response content to send client when denying request", "optional":true }, "reset-conn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "http-redirect", "http-resp-200", "http-resp-403" ], "description":"Reset the client connection", "optional":true }, "http-resp-403":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "http-redirect", "http-resp-200", "reset-conn" ], "description":"Send HTTP response with status code 403 Forbidden (default)", "optional":true }, "resp-url-403":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Response content to send client when denying request", "optional":true }, "deny-non-masked-passwords":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Denies forms that have a password field with a textual type, resulting in this field not being masked", "optional":true }, "deny-non-ssl-passwords":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Denies any form that has a password field if the form is not sent over an SSL connection", "optional":true }, "deny-password-autocomplete":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check to protect against server-generated form which contain password fields that allow autocomplete", "optional":true }, "deploy-mode":{ "type":"string", "format":"enum", "default":"active", "partition-visibility":"shared", "description":"'active': Deploy WAF in active (blocking) mode; 'passive': Deploy WAF in passive (log-only) mode; 'learning': Deploy WAF in learning mode; ", "enum":[ "active", "passive", "learning" ], "optional":true }, "filter-resp-hdrs":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Removes web server's identifying headers", "optional":true }, "form-consistency-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Form input consistency check", "optional":true }, "form-deny-non-post":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Deny request with forms if the method is not POST", "optional":true }, "form-deny-non-ssl":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Deny request with forms if the protocol is not SSL", "optional":true }, "form-set-no-cache":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable caching of form-containing responses", "optional":true }, "hide-resp-codes":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Hides response codes that are not allowed (default 4xx, 5xx)", "optional":true }, "hide-resp-codes-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "http-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check request for HTTP protocol compliance", "optional":true }, "json-format-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check HTTP body for JSON format compliance", "optional":true }, "max-array-value-count":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":256, "partition-visibility":"shared", "description":"Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))", "optional":true }, "max-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":16, "partition-visibility":"shared", "description":"Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))", "optional":true }, "max-object-member-count":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":256, "partition-visibility":"shared", "description":"Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))", "optional":true }, "max-string":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":64, "partition-visibility":"shared", "description":"Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))", "optional":true }, "log-succ-reqs":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log successful waf requests", "optional":true }, "max-cookies":{ "type":"number", "format":"number", "minimum":0, "maximum":1023, "default":20, "partition-visibility":"shared", "description":"Maximum number of cookies allowed in request (default 20)", "optional":true }, "max-entities":{ "type":"number", "format":"number", "minimum":0, "maximum":512, "default":10, "partition-visibility":"shared", "description":"Maximum number of MIME entities allowed in request (default 10)", "optional":true }, "max-hdrs":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "default":20, "partition-visibility":"shared", "description":"Maximum number of headers allowed in request (default 20)", "optional":true }, "max-parameters":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":64, "partition-visibility":"shared", "description":"Maximum number of HTML parameters allowed in request (default 64)", "optional":true }, "pcre-mask":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Mask matched PCRE pattern in response", "optional":true }, "keep-start":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Number of unmasked characters at the beginning (default: 0)", "optional":true }, "keep-end":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Number of unmasked characters at the end (default: 0)", "optional":true }, "mask":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1, "partition-visibility":"shared", "description":"Character to mask the matched pattern (default: X)", "optional":true }, "redirect-wlist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check Redirect URL against list of previously learned redirects", "optional":true }, "referer-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check referer to protect against CSRF attacks", "optional":true }, "referer-domain-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not":"referer-domain-list-only", "description":"List of referer domains allowed", "optional":true }, "referer-safe-url":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":" Safe URL to redirect to if referer is missing", "optional":true }, "referer-domain-list-only":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not":"referer-domain-list", "description":"List of referer domains allowed", "optional":true }, "pcre-match-limit":{ "type":"number", "format":"number", "minimum":1000, "maximum":1500000, "default":30000, "partition-visibility":"shared", "description":"Maximum number of matches allowed (default 30000)", "optional":true }, "pcre-match-recursion-limit":{ "type":"number", "format":"number", "minimum":100, "maximum":150000, "default":5000, "partition-visibility":"shared", "description":"Maximum levels of recursive allowed (default 5000)", "optional":true }, "session-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable session checking via session cookie", "optional":true }, "lifetime":{ "type":"number", "format":"number", "minimum":1, "maximum":1440, "partition-visibility":"shared", "description":"Session lifetime in minutes (default 10)", "optional":true }, "soap-format-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check XML document for SOAP format compliance", "optional":true }, "sqlia-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'reject': Reject requests with SQLIA patterns; 'sanitize': Remove bad SQL from request; ", "enum":[ "reject", "sanitize" ], "optional":true }, "sqlia-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "ssn-mask":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mask US Social Security numbers in response", "optional":true }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/slb/template/logging", "description":"Logging template (Logging Config name)", "optional":true }, "uri-blist-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"specify name of WAF policy list file to blacklist", "optional":true }, "waf-blist-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "uri-wlist-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"specify name of WAF policy list file to whitelist", "optional":true }, "waf-wlist-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "url-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check URL against list of previously learned URLs", "optional":true }, "decode-entities":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Decode entities in internal url", "optional":true }, "decode-escaped-chars":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Decode escaped characters such as \\r \\n \\\" \\xXX \\u00YY in internal url", "optional":true }, "decode-hex-chars":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Decode hex chars such as \\%xx and \\%u00yy in internal url", "optional":true }, "remove-comments":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Remove comments from internal url", "optional":true }, "remove-selfref":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Remove self-references such as /./ and /path/../ from internal url", "optional":true }, "remove-spaces":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Remove spaces from internal url", "optional":true }, "xml-format-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check HTTP body for XML format compliance", "optional":true }, "max-attr":{ "type":"number", "format":"number", "minimum":0, "maximum":256, "default":256, "partition-visibility":"shared", "description":"Maximum number of attributes of an XML element (default 256)", "optional":true }, "max-attr-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":2048, "default":128, "partition-visibility":"shared", "description":"Maximum length of an attribute name (default 128)", "optional":true }, "max-attr-value-len":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":128, "partition-visibility":"shared", "description":"Maximum length of an attribute text value (default 128)", "optional":true }, "max-cdata-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":65535, "partition-visibility":"shared", "description":"Maximum length of an CDATA section of an element (default 65535)", "optional":true }, "max-elem":{ "type":"number", "format":"number", "minimum":0, "maximum":8192, "default":1024, "partition-visibility":"shared", "description":"Maximum number of XML elements (default 1024)", "optional":true }, "max-elem-child":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":1024, "partition-visibility":"shared", "description":"Maximum number of children of an XML element (default 1024)", "optional":true }, "max-elem-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":256, "partition-visibility":"shared", "description":"Maximum recursion level for element definition (default 256)", "optional":true }, "max-elem-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":128, "partition-visibility":"shared", "description":"Maximum length for an element name (default 128)", "optional":true }, "max-entity-exp":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":1024, "partition-visibility":"shared", "description":"Maximum number of entity expansions (default 1024)", "optional":true }, "max-entity-exp-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":32, "default":32, "partition-visibility":"shared", "description":"Maximum nested depth of entity expansion (default 32)", "optional":true }, "max-namespace":{ "type":"number", "format":"number", "minimum":0, "maximum":256, "default":16, "partition-visibility":"shared", "description":"Maximum number of namespace declarations (default 16)", "optional":true }, "max-namespace-uri-len":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":256, "partition-visibility":"shared", "description":"Maximum length of a namespace URI (default 256)", "optional":true }, "xml-sqlia-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check XML data against SQLIA policy", "optional":true }, "wsdl-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"wsdl-resp-val-file", "description":"Specify name of WSDL file for verifying XML body contents", "optional":true }, "wsdl-resp-val-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"wsdl-file", "description":"Specify name of WSDL file for verifying XML body contents", "optional":true }, "xml-schema-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"xml-schema-resp-val-file", "description":"Specify name of XML-Schema file for verifying XML body contents", "optional":true }, "xml-schema-resp-val-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"xml-schema-file", "description":"Specify name of XML-Schema file for verifying XML body contents", "optional":true }, "xml-xss-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check XML data against XSS policy", "optional":true }, "xss-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'reject': Reject requests with bad cookies; 'sanitize': Remove bad cookies from request; ", "enum":[ "reject", "sanitize" ], "optional":true }, "xss-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "name" ] } ] } } }