waf

WAF related commands

waf Specification

   
Type Intermediate Resource
Element Name waf
Element URI /axapi/v3/waf
Element Attributes waf_attributes
Schema waf schema

Operations Allowed:

OperationMethodURIPayload

Get Object

GET

/axapi/v3/waf

waf_attributes

waf attributes

global

Description: global is a JSON Block. Please see below for global

Type: Object

Reference Object: /axapi/v3/waf/global

policy

Description: policy is a JSON Block. Please see below for policy

Type: Object

Reference Object: /axapi/v3/waf/policy

template-list

Type: List

Reference Object: /axapi/v3/waf/template/{name}

wsdl

Description: wsdl is a JSON Block. Please see below for wsdl

Type: Object

Reference Object: /axapi/v3/waf/wsdl

xml-schema

Description: xml-schema is a JSON Block. Please see below for xml-schema

Type: Object

Reference Object: /axapi/v3/waf/xml-schema

policy

Specification  
Type object

max-filesize

Description Set maximum WAF policy file size (Maximum file size in KBytes, default is 32K)

Type: number

Range: 16-10240

Default: 32

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

wsdl

Specification  
Type object

max-filesize

Description Set maximum WSDL file size (Maximum file size in KBytes, default is 32K)

Type: number

Range: 16-256

Default: 32

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

global

Specification  
Type object

sampling-enable

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

global_sampling-enable

Specification  
Type list
Block object keys  

counters1

Description ‘all’: all; ‘total_req’: Total Requests; ‘req_allowed’: Requests Allowed; ‘req_denied’: Requests Denied; ‘bot_check_succ’: Botnet Check Success; ‘bot_check_fail’: Botnet Check Failure; ‘form_consistency_succ’: Form Consistency Success; ‘form_consistency_fail’: Form Consistency Failure; ‘form_csrf_tag_succ’: Form CSRF tag Success; ‘form_csrf_tag_fail’: Form CSRF tag Failure; ‘url_check_succ’: URL Check Success; ‘url_check_fail’: URL Check Failure; ‘url_check_learn’: URL Check Learn; ‘buf_ovf_url_len_fail’: Buffer Overflow - URL Length Failure; ‘buf_ovf_cookie_len_fail’: Buffer Overflow - Cookie Length Failure; ‘buf_ovf_hdrs_len_fail’: Buffer Overflow - Headers length Failure; ‘buf_ovf_post_size_fail’: Buffer Overflow - Post size Failure; ‘max_cookies_fail’: Max Cookies Failure; ‘max_hdrs_fail’: Max Headers Failure; ‘http_method_check_succ’: Http Method Check Success; ‘http_method_check_fail’: Http Method Check Failure; ‘http_check_succ’: Http Check Success; ‘http_check_fail’: Http Check Failure; ‘referer_check_succ’: Referer Check Success; ‘referer_check_fail’: Referer Check Failure; ‘referer_check_redirect’: Referer Check Redirect; ‘uri_wlist_succ’: URI White List Success; ‘uri_wlist_fail’: URI White List Failure; ‘uri_blist_succ’: URI Black List Success; ‘uri_blist_fail’: URI Black List Failure; ‘post_form_check_succ’: Post Form Check Success; ‘post_form_check_sanitize’: Post Form Check Sanitized; ‘post_form_check_reject’: Post Form Check Rejected; ‘ccn_mask_amex’: Credit Card Number Mask Amex; ‘ccn_mask_diners’: Credit Card Number Mask Diners; ‘ccn_mask_visa’: Credit Card Number Mask Visa; ‘ccn_mask_mastercard’: Credit Card Number Mask Mastercard; ‘ccn_mask_discover’: Credit Card Number Mask Discover; ‘ccn_mask_jcb’: Credit Card Number Mask Jcb; ‘ssn_mask’: Social Security Number Mask; ‘pcre_mask’: PCRE Mask; ‘cookie_encrypt_succ’: Cookie Encrypt Success; ‘cookie_encrypt_fail’: Cookie Encrypt Failure; ‘cookie_encrypt_limit_exceeded’: Cookie Encrypt Limit Exceeded; ‘cookie_encrypt_skip_rcache’: Cookie Encrypt Skip RCache; ‘cookie_decrypt_succ’: Cookie Decrypt Success; ‘cookie_decrypt_fail’: Cookie Decrypt Failure; ‘sqlia_chk_url_succ’: SQLIA Check URL Success; ‘sqlia_chk_url_sanitize’: SQLIA Check URL Sanitized; ‘sqlia_chk_url_reject’: SQLIA Check URL Rejected; ‘sqlia_chk_post_succ’: SQLIA Check Post Success; ‘sqlia_chk_post_sanitize’: SQLIA Check Post Sanitized; ‘sqlia_chk_post_reject’: SQLIA Check Post Rejected; ‘xss_chk_cookie_succ’: XSS Check Cookie Success; ‘xss_chk_cookie_sanitize’: XSS Check Cookie Sanitized; ‘xss_chk_cookie_reject’: XSS Check Cookie Rejected; ‘xss_chk_url_succ’: XSS Check URL Success; ‘xss_chk_url_sanitize’: XSS Check URL Sanitized; ‘xss_chk_url_reject’: XSS Check URL Rejected; ‘xss_chk_post_succ’: XSS Check Post Success; ‘xss_chk_post_sanitize’: XSS Check Post Sanitized; ‘xss_chk_post_reject’: XSS Check Post Rejected; ‘resp_code_hidden’: Response Code Hidden; ‘resp_hdrs_filtered’: Response Headers Filtered; ‘learn_updates’: Learning Updates; ‘num_drops’: Number Drops; ‘num_resets’: Number Resets; ‘form_non_ssl_reject’: Form Non SSL Rejected; ‘form_non_post_reject’: Form Non Post Rejected; ‘sess_check_none’: Session Check None; ‘sess_check_succ’: Session Check Success; ‘sess_check_fail’: Session Check Failure; ‘soap_check_succ’: Soap Check Success; ‘soap_check_failure’: Soap Check Failure; ‘wsdl_fail’: WSDL Failure; ‘wsdl_succ’: WSDL Success; ‘xml_schema_fail’: XML Schema Failure; ‘xml_schema_succ’: XML Schema Success; ‘xml_sqlia_chk_fail’: XML Sqlia Check Failure; ‘xml_sqlia_chk_succ’: XML Sqlia Check Success; ‘xml_xss_chk_fail’: XML XSS Check Failure; ‘xml_xss_chk_succ’: XML XSS Check Success; ‘json_check_failure’: JSON Check Failure; ‘json_check_succ’: JSON Check Success; ‘xml_check_failure’: XML Check Failure; ‘xml_check_succ’: XML Check Success; ‘buf_ovf_cookie_value_len_fail’: Buffer Overflow - Cookie Value Length Failure; ‘buf_ovf_cookies_len_fail’: Buffer Overflow - Cookies Length Failure; ‘buf_ovf_hdr_name_len_fail’: Buffer Overflow - Header Name Length Failure; ‘buf_ovf_hdr_value_len_fail’: Buffer Overflow - Header Value Length Failure; ‘buf_ovf_max_data_parse_fail’: Buffer Overflow - Max Data Parse Failure; ‘buf_ovf_line_len_fail’: Buffer Overflow - Line Length Failure; ‘buf_ovf_parameter_name_len_fail’: Buffer Overflow - HTML Parameter Name Length Failure; ‘buf_ovf_parameter_value_len_fail’: Buffer Overflow - HTML Parameter Value Length Failure; ‘buf_ovf_parameter_total_len_fail’: Buffer Overflow - HTML Parameter Total Length Failure; ‘buf_ovf_query_len_fail’: Buffer Overflow - Query Length Failure; ‘max_entities_fail’: Max Entities Failure; ‘max_parameters_fail’: Max Parameters Failure; ‘buf_ovf_cookie_name_len_fail’: Buffer Overflow - Cookie Name Length Failure; ‘xml_limit_attr’: XML Limit Attribue; ‘xml_limit_attr_name_len’: XML Limit Name Length; ‘xml_limit_attr_value_len’: XML Limit Value Length; ‘xml_limit_cdata_len’: XML Limit CData Length; ‘xml_limit_elem’: XML Limit Element; ‘xml_limit_elem_child’: XML Limit Element Child; ‘xml_limit_elem_depth’: XML Limit Element Depth; ‘xml_limit_elem_name_len’: XML Limit Element Name Length; ‘xml_limit_entity_exp’: XML Limit Entity Exp; ‘xml_limit_entity_exp_depth’: XML Limit Entity Exp Depth; ‘xml_limit_namespace’: XML Limit Namespace; ‘xml_limit_namespace_uri_len’: XML Limit Namespace URI Length; ‘json_limit_array_value_count’: JSON Limit Array Value Count; ‘json_limit_depth’: JSON Limit Depth; ‘json_limit_object_member_count’: JSON Limit Object Number Count; ‘json_limit_string’: JSON Limit String; ‘form_non_masked_password’: Form Non Masked Password; ‘form_non_ssl_password’: Form Non SSL Password; ‘form_password_autocomplete’: Form Password Autocomplete; ‘redirect_wlist_succ’: Redirect Whitelist Success; ‘redirect_wlist_fail’: Redirect Whitelist Failure; ‘redirect_wlist_learn’: Redirect Whitelist Learn; ‘form_set_no_cache’: Form Set No Cache; ‘resp_denied’: Responses Denied;

Type: string

Supported Values: all, total_req, req_allowed, req_denied, bot_check_succ, bot_check_fail, form_consistency_succ, form_consistency_fail, form_csrf_tag_succ, form_csrf_tag_fail, url_check_succ, url_check_fail, url_check_learn, buf_ovf_url_len_fail, buf_ovf_cookie_len_fail, buf_ovf_hdrs_len_fail, buf_ovf_post_size_fail, max_cookies_fail, max_hdrs_fail, http_method_check_succ, http_method_check_fail, http_check_succ, http_check_fail, referer_check_succ, referer_check_fail, referer_check_redirect, uri_wlist_succ, uri_wlist_fail, uri_blist_succ, uri_blist_fail, post_form_check_succ, post_form_check_sanitize, post_form_check_reject, ccn_mask_amex, ccn_mask_diners, ccn_mask_visa, ccn_mask_mastercard, ccn_mask_discover, ccn_mask_jcb, ssn_mask, pcre_mask, cookie_encrypt_succ, cookie_encrypt_fail, cookie_encrypt_limit_exceeded, cookie_encrypt_skip_rcache, cookie_decrypt_succ, cookie_decrypt_fail, sqlia_chk_url_succ, sqlia_chk_url_sanitize, sqlia_chk_url_reject, sqlia_chk_post_succ, sqlia_chk_post_sanitize, sqlia_chk_post_reject, xss_chk_cookie_succ, xss_chk_cookie_sanitize, xss_chk_cookie_reject, xss_chk_url_succ, xss_chk_url_sanitize, xss_chk_url_reject, xss_chk_post_succ, xss_chk_post_sanitize, xss_chk_post_reject, resp_code_hidden, resp_hdrs_filtered, learn_updates, num_drops, num_resets, form_non_ssl_reject, form_non_post_reject, sess_check_none, sess_check_succ, sess_check_fail, soap_check_succ, soap_check_failure, wsdl_fail, wsdl_succ, xml_schema_fail, xml_schema_succ, xml_sqlia_chk_fail, xml_sqlia_chk_succ, xml_xss_chk_fail, xml_xss_chk_succ, json_check_failure, json_check_succ, xml_check_failure, xml_check_succ, buf_ovf_cookie_value_len_fail, buf_ovf_cookies_len_fail, buf_ovf_hdr_name_len_fail, buf_ovf_hdr_value_len_fail, buf_ovf_max_data_parse_fail, buf_ovf_line_len_fail, buf_ovf_parameter_name_len_fail, buf_ovf_parameter_value_len_fail, buf_ovf_parameter_total_len_fail, buf_ovf_query_len_fail, max_entities_fail, max_parameters_fail, buf_ovf_cookie_name_len_fail, xml_limit_attr, xml_limit_attr_name_len, xml_limit_attr_value_len, xml_limit_cdata_len, xml_limit_elem, xml_limit_elem_child, xml_limit_elem_depth, xml_limit_elem_name_len, xml_limit_entity_exp, xml_limit_entity_exp_depth, xml_limit_namespace, xml_limit_namespace_uri_len, json_limit_array_value_count, json_limit_depth, json_limit_object_member_count, json_limit_string, form_non_masked_password, form_non_ssl_password, form_password_autocomplete, redirect_wlist_succ, redirect_wlist_fail, redirect_wlist_learn, form_set_no_cache, resp_denied, sessions_alloc, sessions_freed, out_of_sessions, too_many_sessions, called, permitted, brute_force_success, brute_force_fail, challenge_cookie_sent, challenge_javascript_sent, challenge_captcha_sent

template-list

Specification  
Type list
Block object keys  

allowed-http-methods

Description List of allowed HTTP methods. Default is “GET POST”. (List of HTTP methods allowed (default “GET POST”))

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

Default: GET POST

bot-check

Description Check User-Agent for known bots

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

bot-check-policy-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

brute-force-challenge-limit

Description Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2))

Type: number

Range: 0-65535

Default: 2

brute-force-check

Description Enable brute-force attack mitigation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

brute-force-global

Description Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

brute-force-lockout-limit

Description Maximum brute-force events before locking out client (default 5)

Type: number

Range: 0-65535

Default: 5

brute-force-lockout-period

Description Number of seconds client should be locked out (default 600)

Type: number

Range: 0-1800

Default: 600

brute-force-resp-codes

Description Trigger brute-force check on HTTP response code

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

brute-force-resp-codes-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

brute-force-resp-headers

Description Trigger brute-force check on HTTP response header names

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

brute-force-resp-headers-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

brute-force-resp-string

Description Trigger brute-force check on HTTP response line

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

brute-force-resp-string-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

brute-force-test-period

Description Number of seconds for brute-force event counting (default 60)

Type: number

Range: 0-600

Default: 60

ccn-mask

Description Mask credit card numbers in response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

challenge-action-cookie

Description Use Set-Cookie to determine if client allows cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

challenge-action-javascript

Description Add JavaScript to response to test if client allows JavaScript

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cookie-encryption-secret

Description Cookie encryption secret

Type: string

Format: password

Maximum Length: 128 characters

Maximum Length: 1 characters

cookie-name

Description Cookie name (simple string or PCRE pattern)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

csrf-check

Description Tag the form to protect against Cross-site Request Forgery

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-entities

Description Decode entities in internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-escaped-chars

Description Decode escaped characters such as r n ” xXX u00YY in internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-hex-chars

Description Decode hex chars such as %xx and %u00yy in internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny-non-masked-passwords

Description Denies forms that have a password field with a textual type, resulting in this field not being masked

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny-non-ssl-passwords

Description Denies any form that has a password field if the form is not sent over an SSL connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny-password-autocomplete

Description Check to protect against server-generated form which contain password fields that allow autocomplete

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deploy-mode

Description ‘active’: Deploy WAF in active (blocking) mode; ‘passive’: Deploy WAF in passive (log-only) mode; ‘learning’: Deploy WAF in learning mode;

Type: string

Supported Values: active, passive, learning

Default: active

disable

Description Disable buffer overflow protection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-resp-hdrs

Description Removes web server’s identifying headers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-consistency-check

Description Form input consistency check

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-deny-non-post

Description Deny request with forms if the method is not POST

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-deny-non-ssl

Description Deny request with forms if the protocol is not SSL

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-set-no-cache

Description Disable caching of form-containing responses

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hide-resp-codes

Description Hides response codes that are not allowed (default 4xx, 5xx)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hide-resp-codes-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

http-check

Description Check request for HTTP protocol compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

http-redirect

Description Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

Mutual Exclusion: http-redirecthttp-resp-200, reset-conn and http-resp-403 are mutually exclusive

http-resp-200

Description Send HTTP response with status code 200 OK

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: http-resp-200http-redirect, reset-conn and http-resp-403 are mutually exclusive

http-resp-403

Description Send HTTP response with status code 403 Forbidden (default)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: http-resp-403http-redirect, http-resp-200 and reset-conn are mutually exclusive

json-format-check

Description Check HTTP body for JSON format compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

keep-end

Description Number of unmasked characters at the end (default: 0)

Type: number

Range: 0-65535

keep-start

Description Number of unmasked characters at the beginning (default: 0)

Type: number

Range: 0-65535

lifetime

Description Session lifetime in minutes (default 10)

Type: number

Range: 1-1440

log-succ-reqs

Description Log successful waf requests

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

logging

Description Logging template (Logging Config name)

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/slb/template/logging

mask

Description Character to mask the matched pattern (default: X)

Type: string

Format: string-rlx

Maximum Length: 1 characters

Maximum Length: 1 characters

max-array-value-count

Description Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))

Type: number

Range: 0-4096

Default: 256

max-attr

Description Maximum number of attributes of an XML element (default 256)

Type: number

Range: 0-256

Default: 256

max-attr-name-len

Description Maximum length of an attribute name (default 128)

Type: number

Range: 0-2048

Default: 128

max-attr-value-len

Description Maximum length of an attribute text value (default 128)

Type: number

Range: 0-4096

Default: 128

max-cdata-len

Description Maximum length of an CDATA section of an element (default 65535)

Type: number

Range: 0-65535

Default: 65535

max-cookie-len

Description Max Cookie length allowed in request (default 4096) (Maximum length of cookie allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-cookie-name-len

Description Max Cookie Name length allowed in request (default 64) ( Maximum length of cookie name allowed (default 64))

Type: number

Range: 0-65535

Default: 64

max-cookie-value-len

Description Max Cookie Value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-cookies

Description Maximum number of cookies allowed in request (default 20)

Type: number

Range: 0-1023

Default: 20

max-cookies-len

Description Max Total Cookies length allowed in request (default 4096) (Maximum total length of cookies allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-data-parse

Description Max data parsed for Web Application Firewall (default 65536) (Maximum data parsed for Web Application Firewall (default 65536))

Type: number

Range: 0-262144

Default: 65536

max-depth

Description Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))

Type: number

Range: 0-4096

Default: 16

max-elem

Description Maximum number of XML elements (default 1024)

Type: number

Range: 0-8192

Default: 1024

max-elem-child

Description Maximum number of children of an XML element (default 1024)

Type: number

Range: 0-4096

Default: 1024

max-elem-depth

Description Maximum recursion level for element definition (default 256)

Type: number

Range: 0-4096

Default: 256

max-elem-name-len

Description Maximum length for an element name (default 128)

Type: number

Range: 0-65535

Default: 128

max-entities

Description Maximum number of MIME entities allowed in request (default 10)

Type: number

Range: 0-512

Default: 10

max-entity-exp

Description Maximum number of entity expansions (default 1024)

Type: number

Range: 0-1024

Default: 1024

max-entity-exp-depth

Description Maximum nested depth of entity expansion (default 32)

Type: number

Range: 0-32

Default: 32

max-hdr-name-len

Description Max header name length allowed in request (default 63) (Maximum length of header name allowed (default 63))

Type: number

Range: 0-63

Default: 63

max-hdr-value-len

Description Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-hdrs

Description Maximum number of headers allowed in request (default 20)

Type: number

Range: 0-255

Default: 20

max-hdrs-len

Description Max headers length allowed in request (default 4096) (Maximum length of headers allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-line-len

Description Max Line length allowed in request (default 1024) (Maximum length of Request line allowed (default 1024))

Type: number

Range: 0-16127

Default: 1024

max-namespace

Description Maximum number of namespace declarations (default 16)

Type: number

Range: 0-256

Default: 16

max-namespace-uri-len

Description Maximum length of a namespace URI (default 256)

Type: number

Range: 0-1024

Default: 256

max-object-member-count

Description Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))

Type: number

Range: 0-4096

Default: 256

max-parameter-name-len

Description Max HTML parameter name length in an HTTP request (default 256) (Maximum HTML parameter name length in an HTTP request (default 256))

Type: number

Range: 0-1024

Default: 256

max-parameter-total-len

Description Max HTML parameter tatal length in an HTTP request (default 4096) (Maximum HTML parameter total length in an HTTP request (default 4096))

Type: number

Range: 0-102400000

Default: 4096

max-parameter-value-len

Description Max HTML parameter value length in an HTTP request (default 4096) (Maximum HTML parameter value in an HTTP request (default 4096))

Type: number

Range: 0-102400000

Default: 4096

max-parameters

Description Maximum number of HTML parameters allowed in request (default 64)

Type: number

Range: 0-1024

Default: 64

max-post-size

Description Max content length allowed in POST request (default 20480) (Maximum size allowed content in an HTTP POST request (default 20480))

Type: number

Range: 0-2147483647

Default: 20480

max-query-len

Description Max Query length allowed in request (default 1024) (Maximum length of Request query allowed (default 1024))

Type: number

Range: 0-16127

Default: 1024

max-string

Description Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))

Type: number

Range: 0-4096

Default: 64

max-url-len

Description Max URL length allowed in request (default 1024) (Maximum length of URL allowed (default 1024))

Type: number

Range: 0-16127

Default: 1024

name

Description WAF Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

pcre-mask

Description Mask matched PCRE pattern in response

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

pcre-match-limit

Description Maximum number of matches allowed (default 30000)

Type: number

Range: 1000-1500000

Default: 30000

pcre-match-recursion-limit

Description Maximum levels of recursive allowed (default 5000)

Type: number

Range: 100-150000

Default: 5000

redirect-wlist

Description Check Redirect URL against list of previously learned redirects

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

referer-check

Description Check referer to protect against CSRF attacks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

referer-domain-list

Description List of referer domains allowed

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

Mutual Exclusion: referer-domain-list and referer-domain-list-only are mutually exclusive

referer-domain-list-only

Description List of referer domains allowed

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

Mutual Exclusion: referer-domain-list-only and referer-domain-list are mutually exclusive

referer-safe-url

Description Safe URL to redirect to if referer is missing

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

remove-comments

Description Remove comments from internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

remove-selfref

Description Remove self-references such as /./ and /path/../ from internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

remove-spaces

Description Remove spaces from internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset-conn

Description Reset the client connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: reset-connhttp-redirect, http-resp-200 and http-resp-403 are mutually exclusive

resp-url-200

Description Response content to send client when denying request

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

resp-url-403

Description Response content to send client when denying request

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

secret-encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

session-check

Description Enable session checking via session cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

soap-format-check

Description Check XML document for SOAP format compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sqlia-check

Description ‘reject’: Reject requests with SQLIA patterns; ‘sanitize’: Remove bad SQL from request;

Type: string

Supported Values: reject, sanitize

sqlia-check-policy-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

ssn-mask

Description Mask US Social Security numbers in response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uri-blist-check

Description specify name of WAF policy list file to blacklist

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uri-wlist-check

Description specify name of WAF policy list file to whitelist

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

url-check

Description Check URL against list of previously learned URLs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

waf-blist-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

waf-wlist-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

wsdl-file

Description Specify name of WSDL file for verifying XML body contents

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: wsdl-file and wsdl-resp-val-file are mutually exclusive

wsdl-resp-val-file

Description Specify name of WSDL file for verifying XML body contents

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: wsdl-resp-val-file and wsdl-file are mutually exclusive

xml-format-check

Description Check HTTP body for XML format compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

xml-schema-file

Description Specify name of XML-Schema file for verifying XML body contents

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: xml-schema-file and xml-schema-resp-val-file are mutually exclusive

xml-schema-resp-val-file

Description Specify name of XML-Schema file for verifying XML body contents

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: xml-schema-resp-val-file and xml-schema-file are mutually exclusive

xml-sqlia-check

Description Check XML data against SQLIA policy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

xml-xss-check

Description Check XML data against XSS policy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

xss-check

Description ‘reject’: Reject requests with bad cookies; ‘sanitize’: Remove bad cookies from request;

Type: string

Supported Values: reject, sanitize

xss-check-policy-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

xml-schema

Specification  
Type object

max-filesize

Description Set maximum XML-Schema file size (Maximum file size in KBytes, default is 32K)

Type: number

Range: 16-256

Default: 32

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters