waf¶
WAF related commands
waf Specification¶
Type Intermediate Resource Element Name waf Element URI /axapi/v3/waf Element Attributes waf_attributes Schema waf schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/waf | waf_attributes |
waf attributes¶
global
Description: global is a JSON Block. Please see below for global
Type: Object
Refernce Object: /axapi/v3/waf/global
policy
Description: policy is a JSON Block. Please see below for policy
Type: Object
Refernce Object: /axapi/v3/waf/policy
template-list
Type: List
Refernce Object: /axapi/v3/waf/template/{name}
wsdl
Description: wsdl is a JSON Block. Please see below for wsdl
Type: Object
Refernce Object: /axapi/v3/waf/wsdl
xml-schema
Description: xml-schema is a JSON Block. Please see below for xml-schema
Type: Object
Refernce Object: /axapi/v3/waf/xml-schema
policy¶
Specification Type object max-filesize
Description Set maximum WAF policy file size (Maximum file size in KBytes, default is 32K)
Type: number
Range: 16-10240
Default: 32
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
wsdl¶
Specification Type object max-filesize
Description Set maximum WSDL file size (Maximum file size in KBytes, default is 32K)
Type: number
Range: 16-256
Default: 32
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
global¶
Specification Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
global_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘total_req’: Total Requests; ‘req_allowed’: Requests Allowed; ‘req_denied’: Requests Denied; ‘resp_denied’: Responses Denied; ‘brute_force_success’: Brute-Force checks passed; ‘brute_force_violation’: Brute-Force checks violation; ‘brute_force_challenge_cookie_sent’: Cookie Challenge Sent; ‘brute_force_challenge_cookie_success’: Cookie Vhallenge check passed; ‘brute_force_challenge_cookie_violation’: Cookie challenge violation; ‘brute_force_challenge_javascript_sent’: JavaScript challenge sent; ‘brute_force_challenge_javascript_success’: JavaScript challenge check passed; ‘brute_force_challenge_javascript_violation’: JavaScript challenge violation; ‘brute_force_challenge_captcha_sent’: Captcha challenge sent; ‘brute_force_challenge_captcha_success’: Captcha challenge check passed; ‘brute_force_challenge_captcha_violation’: Captcha challenge violation; ‘brute_force_lockout_limit_success’: Lockout limit check passed; ‘brute_force_lockout_limit_violation’: Lockout limit violation; ‘brute_force_challenge_limit_success’: Lockout limit check passed; ‘brute_force_challenge_limit_violation’: Lockout limit violation; ‘brute_force_response_codes_triggered’: Response Codes Triggered; ‘brute_force_response_headers_triggered’: Brute Force Response Headers Triggered; ‘brute_force_response_string_triggered’: Brute Force Response string Triggered; ‘cookie_security_encrypt_success’: Cookie Security - encrypt successful; ‘cookie_security_encrypt_violation’: Cookie Security - encrypt violation; ‘cookie_security_encrypt_limit_exceeded’: Cookie Security - encrypt limit exceeded; ‘cookie_security_encrypt_skip_rcache’: Cookie Security - encrypt skipped - RAM cache; ‘cookie_security_decrypt_success’: Cookie Security - decrypt successful; ‘cookie_security_decrypt_violation’: Cookie Security - decrypt violation; ‘cookie_security_sign_success’: Cookie Security - signing successful; ‘cookie_security_sign_violation’: Cookie Security - signing violation; ‘cookie_security_sign_limit_exceeded’: Cookie Security - signing limit exceeded; ‘cookie_security_sign_skip_rcache’: Cookie Security - signing skipped - RAM cache; ‘cookie_security_signature_check_success’: Cookie Security - signature check successful; ‘cookie_security_signature_check_violation’: Cookie Security - signature check failed; ‘cookie_security_add_http_only_success’: Cookie Security - http-only flag added successfully; ‘cookie_security_add_http_only_violation’: Cookie Security - http-only flag violation; ‘cookie_security_add_secure_success’: Cookie Security - secure flag added successfully; ‘cookie_security_add_secure_violation’: Cookie Security - secure flag violation; ‘cookie_security_missing_cookie_success’: Cookie Security - request with missing cookie; ‘cookie_security_missing_cookie_violation’: Cookie Security - missing cookie violation; ‘cookie_security_unrecognized_cookie_success’: Cookie Security - request with unrecognised cookie; ‘cookie_security_unrecognized_cookie_violation’: Cookie Security - unrecognized cookie violation; ‘cookie_security_cookie_policy_success’: Cookie Security - cookie policy passed; ‘cookie_security_cookie_policy_violation’: Cookie Security - cookie policy violation; ‘cookie_security_persistent_cookies’: Cookie Security - persistent cookies; ‘cookie_security_persistent_cookies_encrypted’: Cookie Security - encrypted persistent cookies; ‘cookie_security_persistent_cookies_signed’: Cookie Security - signed persistent cookies; ‘cookie_security_session_cookies’: Cookie Security - session cookies; ‘cookie_security_session_cookies_encrypted’: Cookie Security - encrypted session cookies; ‘cookie_security_session_cookies_signed’: Cookie Security - signed session cookies; ‘cookie_security_allowed_session_cookies’: Cookie Security - allowed session cookies; ‘cookie_security_allowed_persistent_cookies’: Cookie Security - allowed persistent cookies; ‘cookie_security_disallowed_session_cookies’: Cookie Security - disallowed session cookies; ‘cookie_security_disallowed_persistent_cookies’: Cookie Security - disallowed persistent cookies; ‘cookie_security_allowed_session_set_cookies’: Cookie Security - allowed session Set-Cookies; ‘cookie_security_allowed_persistent_set_cookies’: Cookie Security - allowed persistent Set-Cookies; ‘cookie_security_disallowed_session_set_cookies’: Cookie Security - disallowed session Set-Cookies; ‘cookie_security_disallowed_persistent_set_cookies’: Cookie Security - disallowed persistent Set-Cookies; ‘csp_header_violation’: CSP header_missing; ‘csp_header_success’: CSP header found; ‘csp_header_inserted’: CSP header Inserted; ‘form_csrf_tag_success’: Form CSRF tag passed; ‘form_csrf_tag_violation’: Form CSRF tag violation; ‘form_consistency_success’: Form Consistency passed; ‘form_consistency_violation’: Form Consistency violation; ‘form_tag_inserted’: Form A10 Tag Inserted; ‘form_non_ssl_success’: Form Non SSL check passed; ‘form_non_ssl_violation’: Form Non SSL violation; ‘form_request_non_post_success’: Form Method being Non Post in Request passed; ‘form_request_non_post_violation’: Form Method being Non Post in Request violation; ‘form_check_success’: Post Form Check passed; ‘form_check_violation’: Post Form Check violation; ‘form_check_sanitize’: Post Form Check Sanitized; ‘form_non_masked_password_success’: Form Non Masked Password check passed; ‘form_non_masked_password_violation’: Form Non Masked Password violation; ‘form_non_ssl_password_success’: Form Non SSL Password check passed; ‘form_non_ssl_password_violation’: Form Non SSL Password violation; ‘form_password_autocomplete_success’: Form Password Autocomplete check passed; ‘form_password_autocomplete_violation’: Form Password Autocomplete violation; ‘form_set_no_cache_success’: Form Set No Cache check passed; ‘form_set_no_cache’: Form Set No Cache violation; ‘dlp_ccn_success’: Credit Card Number check passed; ‘dlp_ccn_amex_violation’: Amex Credit Card Number Detected; ‘dlp_ccn_amex_masked’: Amex Credit Card Number Masked; ‘dlp_ccn_diners_violation’: Diners Club Credit Card Number Detected; ‘dlp_ccn_diners_masked’: Diners Club Credit Card Number Masked; ‘dlp_ccn_visa_violation’: Visa Credit Card Number Detected; ‘dlp_ccn_visa_masked’: Visa Credit Card Number Masked; ‘dlp_ccn_mastercard_violation’: MasterCard Credit Card Number Detected; ‘dlp_ccn_mastercard_masked’: MasterCard Credit Card Number Masked; ‘dlp_ccn_discover_violation’: Discover Credit Card Number Detected; ‘dlp_ccn_discover_masked’: Discover Credit Card Number Masked; ‘dlp_ccn_jcb_violation’: JCB Credit Card Number Detected; ‘dlp_ccn_jcb_masked’: JCB Credit Card Number Masked; ‘dlp_ssn_success’: Social Security Number Mask check passed; ‘dlp_ssn_violation’: Social Security Number Mask violation; ‘dlp_pcre_success’: PCRE Mask check passed; ‘dlp_pcre_violation’: PCRE Mask violation; ‘dlp_pcre_masked’: PCRE Mask violation; ‘evasion_check_apache_whitespace_success’: Apache Whitespace check passed; ‘evasion_check_apache_whitespace_violation’: Apache Whitespace check violation; ‘evasion_check_decode_entities_success’: Decode Entities check passed; ‘evasion_check_decode_entities_violation’: Decode Entities check violation; ‘evasion_check_decode_escaped_chars_success’: Decode Escaped Chars check passed; ‘evasion_check_decode_escaped_chars_violation’: Decode Escaped Chars check Failre; ‘evasion_check_decode_unicode_chars_success’: Decode Unicode Chars check passed; ‘evasion_check_decode_unicode_chars_violation’: Decode Unicode Chars check violation; ‘evasion_check_dir_traversal_success’: Dir traversal check passed; ‘evasion_check_dir_traversal_violation’: Dir traversal check violation;
Type: string
Supported Values: all, total_req, req_allowed, req_denied, bot_check_succ, bot_check_fail, form_consistency_succ, form_consistency_fail, form_csrf_tag_succ, form_csrf_tag_fail, url_check_succ, url_check_fail, url_check_learn, buf_ovf_url_len_fail, buf_ovf_cookie_len_fail, buf_ovf_hdrs_len_fail, buf_ovf_post_size_fail, max_cookies_fail, max_hdrs_fail, http_method_check_succ, http_method_check_fail, http_check_succ, http_check_fail, referer_check_succ, referer_check_fail, referer_check_redirect, uri_wlist_succ, uri_wlist_fail, uri_blist_succ, uri_blist_fail, post_form_check_succ, post_form_check_sanitize, post_form_check_reject, ccn_mask_amex, ccn_mask_diners, ccn_mask_visa, ccn_mask_mastercard, ccn_mask_discover, ccn_mask_jcb, ssn_mask, pcre_mask, cookie_encrypt_succ, cookie_encrypt_fail, cookie_encrypt_limit_exceeded, cookie_encrypt_skip_rcache, cookie_decrypt_succ, cookie_decrypt_fail, sqlia_chk_url_succ, sqlia_chk_url_sanitize, sqlia_chk_url_reject, sqlia_chk_post_succ, sqlia_chk_post_sanitize, sqlia_chk_post_reject, xss_chk_cookie_succ, xss_chk_cookie_sanitize, xss_chk_cookie_reject, xss_chk_url_succ, xss_chk_url_sanitize, xss_chk_url_reject, xss_chk_post_succ, xss_chk_post_sanitize, xss_chk_post_reject, resp_code_hidden, resp_hdrs_filtered, learn_updates, num_drops, num_resets, form_non_ssl_reject, form_non_post_reject, sess_check_none, sess_check_succ, sess_check_fail, soap_check_succ, soap_check_failure, wsdl_fail, wsdl_succ, xml_schema_fail, xml_schema_succ, xml_sqlia_chk_fail, xml_sqlia_chk_succ, xml_xss_chk_fail, xml_xss_chk_succ, json_check_failure, json_check_succ, xml_check_failure, xml_check_succ, buf_ovf_cookie_value_len_fail, buf_ovf_cookies_len_fail, buf_ovf_hdr_name_len_fail, buf_ovf_hdr_value_len_fail, buf_ovf_max_data_parse_fail, buf_ovf_line_len_fail, buf_ovf_parameter_name_len_fail, buf_ovf_parameter_value_len_fail, buf_ovf_parameter_total_len_fail, buf_ovf_query_len_fail, max_entities_fail, max_parameters_fail, buf_ovf_cookie_name_len_fail, xml_limit_attr, xml_limit_attr_name_len, xml_limit_attr_value_len, xml_limit_cdata_len, xml_limit_elem, xml_limit_elem_child, xml_limit_elem_depth, xml_limit_elem_name_len, xml_limit_entity_exp, xml_limit_entity_exp_depth, xml_limit_namespace, xml_limit_namespace_uri_len, json_limit_array_value_count, json_limit_depth, json_limit_object_member_count, json_limit_string, form_non_masked_password, form_non_ssl_password, form_password_autocomplete, redirect_wlist_succ, redirect_wlist_fail, redirect_wlist_learn, form_set_no_cache, resp_denied, sessions_alloc, sessions_freed, out_of_sessions, too_many_sessions, called, permitted, brute_force_success, brute_force_fail, challenge_cookie_sent, challenge_javascript_sent, challenge_captcha_sent
template-list¶
Specification Type list Block object keys allowed-http-methods
Description List of allowed HTTP methods. Default is “GET POST”. (List of HTTP methods allowed (default “GET POST”))
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Default: GET POST
bot-check
Description Check User-Agent for known bots
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bot-check-policy-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-challenge-limit
Description Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2))
Type: number
Range: 0-65535
Default: 2
brute-force-check
Description Enable brute-force attack mitigation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-global
Description Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-lockout-limit
Description Maximum brute-force events before locking out client (default 5)
Type: number
Range: 0-65535
Default: 5
brute-force-lockout-period
Description Number of seconds client should be locked out (default 600)
Type: number
Range: 0-1800
Default: 600
brute-force-resp-codes
Description Trigger brute-force check on HTTP response code
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-resp-codes-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-resp-headers
Description Trigger brute-force check on HTTP response header names
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-resp-headers-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-resp-string
Description Trigger brute-force check on HTTP response line
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-resp-string-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-test-period
Description Number of seconds for brute-force event counting (default 60)
Type: number
Range: 0-600
Default: 60
ccn-mask
Description Mask credit card numbers in response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-action-cookie
Description Use Set-Cookie to determine if client allows cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-action-javascript
Description Add JavaScript to response to test if client allows JavaScript
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cookie-encryption-secret
Description Cookie encryption secret
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
cookie-name
Description Cookie name (simple string or PCRE pattern)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
csrf-check
Description Tag the form to protect against Cross-site Request Forgery
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
decode-entities
Description Decode entities in internal url
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
decode-escaped-chars
Description Decode escaped characters such as r n ” xXX u00YY in internal url
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
decode-hex-chars
Description Decode hex chars such as %xx and %u00yy in internal url
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny-non-masked-passwords
Description Denies forms that have a password field with a textual type, resulting in this field not being masked
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny-non-ssl-passwords
Description Denies any form that has a password field if the form is not sent over an SSL connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny-password-autocomplete
Description Check to protect against server-generated form which contain password fields that allow autocomplete
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deploy-mode
Description ‘active’: Deploy WAF in active (blocking) mode; ‘passive’: Deploy WAF in passive (log-only) mode; ‘learning’: Deploy WAF in learning mode;
Type: string
Supported Values: active, passive, learning
Default: active
disable
Description Disable buffer overflow protection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-resp-hdrs
Description Removes web server’s identifying headers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-consistency-check
Description Form input consistency check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-deny-non-post
Description Deny request with forms if the method is not POST
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-deny-non-ssl
Description Deny request with forms if the protocol is not SSL
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-set-no-cache
Description Disable caching of form-containing responses
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hide-resp-codes
Description Hides response codes that are not allowed (default 4xx, 5xx)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hide-resp-codes-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
http-check
Description Check request for HTTP protocol compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-redirect
Description Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: http-redirecthttp-resp-200, reset-conn and http-resp-403 are mutually exclusive
http-resp-200
Description Send HTTP response with status code 200 OK
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: http-resp-200http-redirect, reset-conn and http-resp-403 are mutually exclusive
http-resp-403
Description Send HTTP response with status code 403 Forbidden (default)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: http-resp-403http-redirect, http-resp-200 and reset-conn are mutually exclusive
json-format-check
Description Check HTTP body for JSON format compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
keep-end
Description Number of unmasked characters at the end (default: 0)
Type: number
Range: 0-65535
keep-start
Description Number of unmasked characters at the beginning (default: 0)
Type: number
Range: 0-65535
lifetime
Description Session lifetime in minutes (default 10)
Type: number
Range: 1-1440
log-succ-reqs
Description Log successful waf requests
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
logging
Description Logging template (Logging Config name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/slb/template/logging
mask
Description Character to mask the matched pattern (default: X)
Type: string
Format: string-rlx
Maximum Length: 1 characters
Maximum Length: 1 characters
max-array-value-count
Description Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))
Type: number
Range: 0-4096
Default: 256
max-attr
Description Maximum number of attributes of an XML element (default 256)
Type: number
Range: 0-256
Default: 256
max-attr-name-len
Description Maximum length of an attribute name (default 128)
Type: number
Range: 0-2048
Default: 128
max-attr-value-len
Description Maximum length of an attribute text value (default 128)
Type: number
Range: 0-4096
Default: 128
max-cdata-len
Description Maximum length of an CDATA section of an element (default 65535)
Type: number
Range: 0-65535
Default: 65535
max-cookie-len
Description Max Cookie length allowed in request (default 4096) (Maximum length of cookie allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-cookie-name-len
Description Max Cookie Name length allowed in request (default 64) ( Maximum length of cookie name allowed (default 64))
Type: number
Range: 0-65535
Default: 64
max-cookie-value-len
Description Max Cookie Value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-cookies
Description Maximum number of cookies allowed in request (default 20)
Type: number
Range: 0-1023
Default: 20
max-cookies-len
Description Max Total Cookies length allowed in request (default 4096) (Maximum total length of cookies allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-data-parse
Description Max data parsed for Web Application Firewall (default 65536) (Maximum data parsed for Web Application Firewall (default 65536))
Type: number
Range: 0-262144
Default: 65536
max-depth
Description Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))
Type: number
Range: 0-4096
Default: 16
max-elem
Description Maximum number of XML elements (default 1024)
Type: number
Range: 0-8192
Default: 1024
max-elem-child
Description Maximum number of children of an XML element (default 1024)
Type: number
Range: 0-4096
Default: 1024
max-elem-depth
Description Maximum recursion level for element definition (default 256)
Type: number
Range: 0-4096
Default: 256
max-elem-name-len
Description Maximum length for an element name (default 128)
Type: number
Range: 0-65535
Default: 128
max-entities
Description Maximum number of MIME entities allowed in request (default 10)
Type: number
Range: 0-512
Default: 10
max-entity-exp
Description Maximum number of entity expansions (default 1024)
Type: number
Range: 0-1024
Default: 1024
max-entity-exp-depth
Description Maximum nested depth of entity expansion (default 32)
Type: number
Range: 0-32
Default: 32
max-hdr-name-len
Description Max header name length allowed in request (default 63) (Maximum length of header name allowed (default 63))
Type: number
Range: 0-63
Default: 63
max-hdr-value-len
Description Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-hdrs
Description Maximum number of headers allowed in request (default 20)
Type: number
Range: 0-255
Default: 20
max-hdrs-len
Description Max headers length allowed in request (default 4096) (Maximum length of headers allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-line-len
Description Max Line length allowed in request (default 1024) (Maximum length of Request line allowed (default 1024))
Type: number
Range: 0-16127
Default: 1024
max-namespace
Description Maximum number of namespace declarations (default 16)
Type: number
Range: 0-256
Default: 16
max-namespace-uri-len
Description Maximum length of a namespace URI (default 256)
Type: number
Range: 0-1024
Default: 256
max-object-member-count
Description Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))
Type: number
Range: 0-4096
Default: 256
max-parameter-name-len
Description Max HTML parameter name length in an HTTP request (default 256) (Maximum HTML parameter name length in an HTTP request (default 256))
Type: number
Range: 0-1024
Default: 256
max-parameter-total-len
Description Max HTML parameter total length in an HTTP request (default 4096) (Maximum HTML parameter total length in an HTTP request (default 4096))
Type: number
Range: 0-102400000
Default: 4096
max-parameter-value-len
Description Max HTML parameter value length in an HTTP request (default 4096) (Maximum HTML parameter value in an HTTP request (default 4096))
Type: number
Range: 0-102400000
Default: 4096
max-parameters
Description Maximum number of HTML parameters allowed in request (default 64)
Type: number
Range: 0-1024
Default: 64
max-post-size
Description Max content length allowed in POST request (default 20480) (Maximum size allowed content in an HTTP POST request (default 20480))
Type: number
Range: 0-2147483647
Default: 20480
max-query-len
Description Max Query length allowed in request (default 1024) (Maximum length of Request query allowed (default 1024))
Type: number
Range: 0-16127
Default: 1024
max-string
Description Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))
Type: number
Range: 0-4096
Default: 64
max-url-len
Description Max URL length allowed in request (default 1024) (Maximum length of URL allowed (default 1024))
Type: number
Range: 0-16127
Default: 1024
name
Description WAF Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
pcre-mask
Description Mask matched PCRE pattern in response
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
redirect-wlist
Description Check Redirect URL against list of previously learned redirects
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
referer-check
Description Check referer to protect against CSRF attacks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
referer-domain-list
Description List of referer domains allowed
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: referer-domain-list and referer-domain-list-only are mutually exclusive
referer-domain-list-only
Description List of referer domains allowed
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: referer-domain-list-only and referer-domain-list are mutually exclusive
referer-safe-url
Description Safe URL to redirect to if referer is missing
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
remove-comments
Description Remove comments from internal url
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
remove-selfref
Description Remove self-references such as /./ and /path/../ from internal url
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
remove-spaces
Description Remove spaces from internal url
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reset-conn
Description Reset the client connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: reset-connhttp-redirect, http-resp-200 and http-resp-403 are mutually exclusive
resp-url-200
Description Response content to send client when denying request
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
resp-url-403
Description Response content to send client when denying request
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
secret-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)session-check
Description Enable session checking via session cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
soap-format-check
Description Check XML document for SOAP format compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sqlia-check
Description ‘reject’: Reject requests with SQLIA patterns; ‘sanitize’: Remove bad SQL from request;
Type: string
Supported Values: reject, sanitize
sqlia-check-policy-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
ssn-mask
Description Mask US Social Security numbers in response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uri-blist-check
Description specify name of WAF policy list file to blacklist
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uri-wlist-check
Description specify name of WAF policy list file to whitelist
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
url-check
Description Check URL against list of previously learned URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
waf-blist-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
waf-wlist-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
wsdl-file
Description Specify name of WSDL file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: wsdl-file and wsdl-resp-val-file are mutually exclusive
wsdl-resp-val-file
Description Specify name of WSDL file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: wsdl-resp-val-file and wsdl-file are mutually exclusive
xml-format-check
Description Check HTTP body for XML format compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
xml-schema-file
Description Specify name of XML-Schema file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: xml-schema-file and xml-schema-resp-val-file are mutually exclusive
xml-schema-resp-val-file
Description Specify name of XML-Schema file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: xml-schema-resp-val-file and xml-schema-file are mutually exclusive
xml-sqlia-check
Description Check XML data against SQLIA policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
xml-xss-check
Description Check XML data against XSS policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
xss-check
Description ‘reject’: Reject requests with bad cookies; ‘sanitize’: Remove bad cookies from request;
Type: string
Supported Values: reject, sanitize
xss-check-policy-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
xml-schema¶
Specification Type object max-filesize
Description Set maximum XML-Schema file size (Maximum file size in KBytes, default is 32K)
Type: number
Range: 16-256
Default: 32
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters