{ "id":"/axapi/v3/waf/template/{name}", "type":"object", "node-type":"list", "title":"template", "partition-visibility":"shared", "description":"Manage WAF template configuration", "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"WAF Template Name", "optional":false }, "allowed-http-methods":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "default":"GET POST", "partition-visibility":"shared", "description":"List of allowed HTTP methods. Default is \"GET POST\". (List of HTTP methods allowed (default \"GET POST\"))", "optional":true }, "bot-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check User-Agent for known bots", "optional":true }, "bot-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "brute-force-challenge-limit":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":2, "partition-visibility":"shared", "description":"Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2))", "optional":true }, "brute-force-global":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally)", "optional":true }, "brute-force-lockout-limit":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":5, "partition-visibility":"shared", "description":"Maximum brute-force events before locking out client (default 5)", "optional":true }, "brute-force-lockout-period":{ "type":"number", "format":"number", "minimum":0, "maximum":1800, "default":600, "partition-visibility":"shared", "description":"Number of seconds client should be locked out (default 600)", "optional":true }, "brute-force-test-period":{ "type":"number", "format":"number", "minimum":0, "maximum":600, "default":60, "partition-visibility":"shared", "description":"Number of seconds for brute-force event counting (default 60)", "optional":true }, "brute-force-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable brute-force attack mitigation", "optional":true }, "brute-force-resp-codes":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Trigger brute-force check on HTTP response code", "optional":true }, "brute-force-resp-codes-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "brute-force-resp-string":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Trigger brute-force check on HTTP response line", "optional":true }, "brute-force-resp-string-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "brute-force-resp-headers":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Trigger brute-force check on HTTP response header names", "optional":true }, "brute-force-resp-headers-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable buffer overflow protection", "optional":true }, "max-cookie-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max Cookie length allowed in request (default 4096) (Maximum length of cookie allowed (default 4096))", "optional":true }, "max-cookie-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":64, "partition-visibility":"shared", "description":"Max Cookie Name length allowed in request (default 64) ( Maximum length of cookie name allowed (default 64))", "optional":true }, "max-cookie-value-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max Cookie Value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))", "optional":true }, "max-cookies-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max Total Cookies length allowed in request (default 4096) (Maximum total length of cookies allowed (default 4096))", "optional":true }, "max-data-parse":{ "type":"number", "format":"number", "minimum":0, "maximum":262144, "default":65536, "partition-visibility":"shared", "description":"Max data parsed for Web Application Firewall (default 65536) (Maximum data parsed for Web Application Firewall (default 65536))", "optional":true }, "max-hdr-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":63, "default":63, "partition-visibility":"shared", "description":"Max header name length allowed in request (default 63) (Maximum length of header name allowed (default 63))", "optional":true }, "max-hdr-value-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))", "optional":true }, "max-hdrs-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max headers length allowed in request (default 4096) (Maximum length of headers allowed (default 4096))", "optional":true }, "max-line-len":{ "type":"number", "format":"number", "minimum":0, "maximum":16127, "default":1024, "partition-visibility":"shared", "description":"Max Line length allowed in request (default 1024) (Maximum length of Request line allowed (default 1024))", "optional":true }, "max-parameter-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":256, "partition-visibility":"shared", "description":"Max HTML parameter name length in an HTTP request (default 256) (Maximum HTML parameter name length in an HTTP request (default 256))", "optional":true }, "max-parameter-total-len":{ "type":"number", "format":"number", "minimum":0, "maximum":102400000, "default":4096, "partition-visibility":"shared", "description":"Max HTML parameter total length in an HTTP request (default 4096) (Maximum HTML parameter total length in an HTTP request (default 4096))", "optional":true }, "max-parameter-value-len":{ "type":"number", "format":"number", "minimum":0, "maximum":102400000, "default":4096, "partition-visibility":"shared", "description":"Max HTML parameter value length in an HTTP request (default 4096) (Maximum HTML parameter value in an HTTP request (default 4096))", "optional":true }, "max-post-size":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "default":20480, "partition-visibility":"shared", "description":"Max content length allowed in POST request (default 20480) (Maximum size allowed content in an HTTP POST request (default 20480))", "optional":true }, "max-query-len":{ "type":"number", "format":"number", "minimum":0, "maximum":16127, "default":1024, "partition-visibility":"shared", "description":"Max Query length allowed in request (default 1024) (Maximum length of Request query allowed (default 1024))", "optional":true }, "max-url-len":{ "type":"number", "format":"number", "minimum":0, "maximum":16127, "default":1024, "partition-visibility":"shared", "description":"Max URL length allowed in request (default 1024) (Maximum length of URL allowed (default 1024))", "optional":true }, "ccn-mask":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mask credit card numbers in response", "optional":true }, "cookie-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Cookie name (simple string or PCRE pattern)", "optional":true }, "cookie-encryption-secret":{ "type":"string", "format":"password", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Cookie encryption secret", "optional":true }, "secret-encrypted":{ "type":"encrypted", "format":"encrypted", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)", "optional":true }, "challenge-action-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use Set-Cookie to determine if client allows cookies", "optional":true }, "challenge-action-javascript":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Add JavaScript to response to test if client allows JavaScript", "optional":true }, "csrf-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Tag the form to protect against Cross-site Request Forgery", "optional":true }, "http-redirect":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not-list":[ "http-resp-200", "reset-conn", "http-resp-403" ], "description":"Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)", "optional":true }, "http-resp-200":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "http-redirect", "reset-conn", "http-resp-403" ], "description":"Send HTTP response with status code 200 OK", "optional":true }, "resp-url-200":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Response content to send client when denying request", "optional":true }, "reset-conn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "http-redirect", "http-resp-200", "http-resp-403" ], "description":"Reset the client connection", "optional":true }, "http-resp-403":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "http-redirect", "http-resp-200", "reset-conn" ], "description":"Send HTTP response with status code 403 Forbidden (default)", "optional":true }, "resp-url-403":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Response content to send client when denying request", "optional":true }, "deny-non-masked-passwords":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Denies forms that have a password field with a textual type, resulting in this field not being masked", "optional":true }, "deny-non-ssl-passwords":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Denies any form that has a password field if the form is not sent over an SSL connection", "optional":true }, "deny-password-autocomplete":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check to protect against server-generated form which contain password fields that allow autocomplete", "optional":true }, "deploy-mode":{ "type":"string", "format":"enum", "default":"active", "partition-visibility":"shared", "description":"'active': Deploy WAF in active (blocking) mode; 'passive': Deploy WAF in passive (log-only) mode; 'learning': Deploy WAF in learning mode; ", "enum":[ "active", "passive", "learning" ], "optional":true }, "filter-resp-hdrs":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Removes web server's identifying headers", "optional":true }, "form-consistency-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Form input consistency check", "optional":true }, "form-deny-non-post":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Deny request with forms if the method is not POST", "optional":true }, "form-deny-non-ssl":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Deny request with forms if the protocol is not SSL", "optional":true }, "form-set-no-cache":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable caching of form-containing responses", "optional":true }, "hide-resp-codes":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Hides response codes that are not allowed (default 4xx, 5xx)", "optional":true }, "hide-resp-codes-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "http-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check request for HTTP protocol compliance", "optional":true }, "json-format-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check HTTP body for JSON format compliance", "optional":true }, "max-array-value-count":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":256, "partition-visibility":"shared", "description":"Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))", "optional":true }, "max-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":16, "partition-visibility":"shared", "description":"Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))", "optional":true }, "max-object-member-count":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":256, "partition-visibility":"shared", "description":"Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))", "optional":true }, "max-string":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":64, "partition-visibility":"shared", "description":"Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))", "optional":true }, "log-succ-reqs":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log successful waf requests", "optional":true }, "max-cookies":{ "type":"number", "format":"number", "minimum":0, "maximum":1023, "default":20, "partition-visibility":"shared", "description":"Maximum number of cookies allowed in request (default 20)", "optional":true }, "max-entities":{ "type":"number", "format":"number", "minimum":0, "maximum":512, "default":10, "partition-visibility":"shared", "description":"Maximum number of MIME entities allowed in request (default 10)", "optional":true }, "max-hdrs":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "default":20, "partition-visibility":"shared", "description":"Maximum number of headers allowed in request (default 20)", "optional":true }, "max-parameters":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":64, "partition-visibility":"shared", "description":"Maximum number of HTML parameters allowed in request (default 64)", "optional":true }, "pcre-mask":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Mask matched PCRE pattern in response", "optional":true }, "keep-start":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Number of unmasked characters at the beginning (default: 0)", "optional":true }, "keep-end":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Number of unmasked characters at the end (default: 0)", "optional":true }, "mask":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1, "partition-visibility":"shared", "description":"Character to mask the matched pattern (default: X)", "optional":true }, "redirect-wlist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check Redirect URL against list of previously learned redirects", "optional":true }, "referer-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check referer to protect against CSRF attacks", "optional":true }, "referer-domain-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not":"referer-domain-list-only", "description":"List of referer domains allowed", "optional":true }, "referer-safe-url":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":" Safe URL to redirect to if referer is missing", "optional":true }, "referer-domain-list-only":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not":"referer-domain-list", "description":"List of referer domains allowed", "optional":true }, "pcre-match-limit":{ "type":"number", "format":"number", "minimum":1000, "maximum":1500000, "default":30000, "partition-visibility":"shared", "description":"Maximum number of matches allowed (default 30000)", "optional":true }, "pcre-match-recursion-limit":{ "type":"number", "format":"number", "minimum":100, "maximum":150000, "default":5000, "partition-visibility":"shared", "description":"Maximum levels of recursive allowed (default 5000)", "optional":true }, "session-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable session checking via session cookie", "optional":true }, "lifetime":{ "type":"number", "format":"number", "minimum":1, "maximum":1440, "partition-visibility":"shared", "description":"Session lifetime in minutes (default 10)", "optional":true }, "soap-format-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check XML document for SOAP format compliance", "optional":true }, "sqlia-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'reject': Reject requests with SQLIA patterns; 'sanitize': Remove bad SQL from request; ", "enum":[ "reject", "sanitize" ], "optional":true }, "sqlia-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "ssn-mask":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mask US Social Security numbers in response", "optional":true }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/slb/template/logging", "description":"Logging template (Logging Config name)", "optional":true }, "uri-blist-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"specify name of WAF policy list file to blacklist", "optional":true }, "waf-blist-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "uri-wlist-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"specify name of WAF policy list file to whitelist", "optional":true }, "waf-wlist-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "url-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check URL against list of previously learned URLs", "optional":true }, "decode-entities":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Decode entities in internal url", "optional":true }, "decode-escaped-chars":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Decode escaped characters such as \\r \\n \\\" \\xXX \\u00YY in internal url", "optional":true }, "decode-hex-chars":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Decode hex chars such as \\%xx and \\%u00yy in internal url", "optional":true }, "remove-comments":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Remove comments from internal url", "optional":true }, "remove-selfref":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Remove self-references such as /./ and /path/../ from internal url", "optional":true }, "remove-spaces":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Remove spaces from internal url", "optional":true }, "xml-format-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check HTTP body for XML format compliance", "optional":true }, "max-attr":{ "type":"number", "format":"number", "minimum":0, "maximum":256, "default":256, "partition-visibility":"shared", "description":"Maximum number of attributes of an XML element (default 256)", "optional":true }, "max-attr-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":2048, "default":128, "partition-visibility":"shared", "description":"Maximum length of an attribute name (default 128)", "optional":true }, "max-attr-value-len":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":128, "partition-visibility":"shared", "description":"Maximum length of an attribute text value (default 128)", "optional":true }, "max-cdata-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":65535, "partition-visibility":"shared", "description":"Maximum length of an CDATA section of an element (default 65535)", "optional":true }, "max-elem":{ "type":"number", "format":"number", "minimum":0, "maximum":8192, "default":1024, "partition-visibility":"shared", "description":"Maximum number of XML elements (default 1024)", "optional":true }, "max-elem-child":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":1024, "partition-visibility":"shared", "description":"Maximum number of children of an XML element (default 1024)", "optional":true }, "max-elem-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":256, "partition-visibility":"shared", "description":"Maximum recursion level for element definition (default 256)", "optional":true }, "max-elem-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":128, "partition-visibility":"shared", "description":"Maximum length for an element name (default 128)", "optional":true }, "max-entity-exp":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":1024, "partition-visibility":"shared", "description":"Maximum number of entity expansions (default 1024)", "optional":true }, "max-entity-exp-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":32, "default":32, "partition-visibility":"shared", "description":"Maximum nested depth of entity expansion (default 32)", "optional":true }, "max-namespace":{ "type":"number", "format":"number", "minimum":0, "maximum":256, "default":16, "partition-visibility":"shared", "description":"Maximum number of namespace declarations (default 16)", "optional":true }, "max-namespace-uri-len":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":256, "partition-visibility":"shared", "description":"Maximum length of a namespace URI (default 256)", "optional":true }, "xml-sqlia-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check XML data against SQLIA policy", "optional":true }, "wsdl-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"wsdl-resp-val-file", "description":"Specify name of WSDL file for verifying XML body contents", "optional":true }, "wsdl-resp-val-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"wsdl-file", "description":"Specify name of WSDL file for verifying XML body contents", "optional":true }, "xml-schema-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"xml-schema-resp-val-file", "description":"Specify name of XML-Schema file for verifying XML body contents", "optional":true }, "xml-schema-resp-val-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"xml-schema-file", "description":"Specify name of XML-Schema file for verifying XML body contents", "optional":true }, "xml-xss-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check XML data against XSS policy", "optional":true }, "xss-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'reject': Reject requests with bad cookies; 'sanitize': Remove bad cookies from request; ", "enum":[ "reject", "sanitize" ], "optional":true }, "xss-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "object-keys":[ "name" ], "required":[ "name" ] }