{ "id":"/axapi/v3/waf", "type":"object", "node-type":"intermediate", "title":"waf", "operation-not-allowed": ["PUT", "POST", "DELETE"], "partition-visibility":"shared", "auto-created-object":1, "description":"WAF related commands", "properties":{ "global":{ "type":"object", "$ref":"/axapi/v3/waf/global", "properties":{ "immediate-action":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable the violation aggregation, take action on first violation" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'total_req': Total Requests; 'req_allowed': Requests Allowed; 'req_denied': Requests Denied; 'resp_denied': Responses Denied; 'brute_force_success': Brute-Force checks passed; 'brute_force_violation': Brute-Force checks violation; 'brute_force_challenge_cookie_sent': Cookie Challenge Sent; 'brute_force_challenge_cookie_success': Cookie Challenge check passed; 'brute_force_challenge_cookie_violation': Cookie challenge violation; 'brute_force_challenge_javascript_sent': JavaScript challenge sent; 'brute_force_challenge_javascript_success': JavaScript challenge check passed; 'brute_force_challenge_javascript_violation': JavaScript challenge violation; 'brute_force_challenge_captcha_sent': Captcha challenge sent; 'brute_force_challenge_captcha_success': Captcha challenge check passed; 'brute_force_challenge_captcha_violation': Captcha challenge violation; 'brute_force_lockout_limit_success': Lockout limit check passed; 'brute_force_lockout_limit_violation': Lockout limit violation; 'brute_force_challenge_limit_success': Lockout limit check passed; 'brute_force_challenge_limit_violation': Lockout limit violation; 'brute_force_response_codes_triggered': Response Codes Triggered; 'brute_force_response_headers_triggered': Brute Force Response Headers Triggered; 'brute_force_response_string_triggered': Brute Force Response string Triggered; 'cookie_security_encrypt_success': Cookie Security - encrypt successful; 'cookie_security_encrypt_violation': Cookie Security - encrypt violation; 'cookie_security_encrypt_limit_exceeded': Cookie Security - encrypt limit exceeded; 'cookie_security_encrypt_skip_rcache': Cookie Security - encrypt skipped - RAM cache; 'cookie_security_decrypt_success': Cookie Security - decrypt successful; 'cookie_security_decrypt_violation': Cookie Security - decrypt violation; 'cookie_security_sign_success': Cookie Security - signing successful; 'cookie_security_sign_violation': Cookie Security - signing violation; 'cookie_security_sign_limit_exceeded': Cookie Security - signing limit exceeded; 'cookie_security_sign_skip_rcache': Cookie Security - signing skipped - RAM cache; 'cookie_security_signature_check_success': Cookie Security - signature check successful; 'cookie_security_signature_check_violation': Cookie Security - signature check failed; 'cookie_security_add_http_only_success': Cookie Security - http-only flag added successfully; 'cookie_security_add_http_only_violation': Cookie Security - http-only flag violation; 'cookie_security_add_secure_success': Cookie Security - secure flag added successfully; 'cookie_security_add_secure_violation': Cookie Security - secure flag violation; 'cookie_security_missing_cookie_success': Cookie Security - request with missing cookie; 'cookie_security_missing_cookie_violation': Cookie Security - missing cookie violation; 'cookie_security_unrecognized_cookie_success': Cookie Security - request with unrecognized cookie; 'cookie_security_unrecognized_cookie_violation': Cookie Security - unrecognized cookie violation; 'cookie_security_cookie_policy_success': Cookie Security - cookie policy passed; 'cookie_security_cookie_policy_violation': Cookie Security - cookie policy violation; 'cookie_security_persistent_cookies': Cookie Security - persistent cookies; 'cookie_security_persistent_cookies_encrypted': Cookie Security - encrypted persistent cookies; 'cookie_security_persistent_cookies_signed': Cookie Security - signed persistent cookies; 'cookie_security_session_cookies': Cookie Security - session cookies; 'cookie_security_session_cookies_encrypted': Cookie Security - encrypted session cookies; 'cookie_security_session_cookies_signed': Cookie Security - signed session cookies; 'cookie_security_allowed_session_cookies': Cookie Security - allowed session cookies; 'cookie_security_allowed_persistent_cookies': Cookie Security - allowed persistent cookies; 'cookie_security_disallowed_session_cookies': Cookie Security - disallowed session cookies; 'cookie_security_disallowed_persistent_cookies': Cookie Security - disallowed persistent cookies; 'cookie_security_allowed_session_set_cookies': Cookie Security - allowed session Set-Cookies; 'cookie_security_allowed_persistent_set_cookies': Cookie Security - allowed persistent Set-Cookies; 'cookie_security_disallowed_session_set_cookies': Cookie Security - disallowed session Set-Cookies; 'cookie_security_disallowed_persistent_set_cookies': Cookie Security - disallowed persistent Set-Cookies; 'csp_header_violation': CSP header_missing; 'csp_header_success': CSP header found; 'csp_header_inserted': CSP header Inserted; 'form_csrf_tag_success': Form CSRF tag passed; 'form_csrf_tag_violation': Form CSRF tag violation; 'form_consistency_success': Form Consistency passed; 'form_consistency_violation': Form Consistency violation; 'form_tag_inserted': Form A10 Tag Inserted; 'form_non_ssl_success': Form Non SSL check passed; 'form_non_ssl_violation': Form Non SSL violation; 'form_request_non_post_success': Form Method being Non Post in Request passed; 'form_request_non_post_violation': Form Method being Non Post in Request violation; 'form_check_success': Post Form Check passed; 'form_check_violation': Post Form Check violation; 'form_check_sanitize': Post Form Check Sanitized; 'form_non_masked_password_success': Form Non Masked Password check passed; 'form_non_masked_password_violation': Form Non Masked Password violation; 'form_non_ssl_password_success': Form Non SSL Password check passed; 'form_non_ssl_password_violation': Form Non SSL Password violation; 'form_password_autocomplete_success': Form Password Autocomplete check passed; 'form_password_autocomplete_violation': Form Password Autocomplete violation; 'form_set_no_cache_success': Form Set No Cache check passed; 'form_set_no_cache': Form Set No Cache violation; 'dlp_ccn_success': Credit Card Number check passed; 'dlp_ccn_amex_violation': Amex Credit Card Number Detected; 'dlp_ccn_amex_masked': Amex Credit Card Number Masked; 'dlp_ccn_diners_violation': Diners Club Credit Card Number Detected; 'dlp_ccn_diners_masked': Diners Club Credit Card Number Masked; 'dlp_ccn_visa_violation': Visa Credit Card Number Detected; 'dlp_ccn_visa_masked': Visa Credit Card Number Masked; 'dlp_ccn_mastercard_violation': MasterCard Credit Card Number Detected; 'dlp_ccn_mastercard_masked': MasterCard Credit Card Number Masked; 'dlp_ccn_discover_violation': Discover Credit Card Number Detected; 'dlp_ccn_discover_masked': Discover Credit Card Number Masked; 'dlp_ccn_jcb_violation': JCB Credit Card Number Detected; 'dlp_ccn_jcb_masked': JCB Credit Card Number Masked; 'dlp_ssn_success': Social Security Number Mask check passed; 'dlp_ssn_violation': Social Security Number Mask violation; 'dlp_pcre_success': PCRE Mask check passed; 'dlp_pcre_violation': PCRE Mask violation; 'dlp_pcre_masked': PCRE Mask violation; 'evasion_check_apache_whitespace_success': Apache Whitespace check passed; 'evasion_check_apache_whitespace_violation': Apache Whitespace check violation; 'evasion_check_decode_entities_success': Decode Entities check passed; 'evasion_check_decode_entities_violation': Decode Entities check violation; 'evasion_check_decode_escaped_chars_success': Decode Escaped Chars check passed; 'evasion_check_decode_escaped_chars_violation': Decode Escaped Chars check violation; 'evasion_check_decode_unicode_chars_success': Decode Unicode Chars check passed; 'evasion_check_decode_unicode_chars_violation': Decode Unicode Chars check violation; 'evasion_check_dir_traversal_success': Dir traversal check passed; 'evasion_check_dir_traversal_violation': Dir traversal check violation; ", "enum":[ "all", "total_req", "req_allowed", "req_denied", "resp_denied", "brute_force_success", "brute_force_violation", "brute_force_challenge_cookie_sent", "brute_force_challenge_cookie_success", "brute_force_challenge_cookie_violation", "brute_force_challenge_javascript_sent", "brute_force_challenge_javascript_success", "brute_force_challenge_javascript_violation", "brute_force_challenge_captcha_sent", "brute_force_challenge_captcha_success", "brute_force_challenge_captcha_violation", "brute_force_lockout_limit_success", "brute_force_lockout_limit_violation", "brute_force_challenge_limit_success", "brute_force_challenge_limit_violation", "brute_force_response_codes_triggered", "brute_force_response_headers_triggered", "brute_force_response_string_triggered", "cookie_security_encrypt_success", "cookie_security_encrypt_violation", "cookie_security_encrypt_limit_exceeded", "cookie_security_encrypt_skip_rcache", "cookie_security_decrypt_success", "cookie_security_decrypt_violation", "cookie_security_sign_success", "cookie_security_sign_violation", "cookie_security_sign_limit_exceeded", "cookie_security_sign_skip_rcache", "cookie_security_signature_check_success", "cookie_security_signature_check_violation", "cookie_security_add_http_only_success", "cookie_security_add_http_only_violation", "cookie_security_add_secure_success", "cookie_security_add_secure_violation", "cookie_security_missing_cookie_success", "cookie_security_missing_cookie_violation", "cookie_security_unrecognized_cookie_success", "cookie_security_unrecognized_cookie_violation", "cookie_security_cookie_policy_success", "cookie_security_cookie_policy_violation", "cookie_security_persistent_cookies", "cookie_security_persistent_cookies_encrypted", "cookie_security_persistent_cookies_signed", "cookie_security_session_cookies", "cookie_security_session_cookies_encrypted", "cookie_security_session_cookies_signed", "cookie_security_allowed_session_cookies", "cookie_security_allowed_persistent_cookies", "cookie_security_disallowed_session_cookies", "cookie_security_disallowed_persistent_cookies", "cookie_security_allowed_session_set_cookies", "cookie_security_allowed_persistent_set_cookies", "cookie_security_disallowed_session_set_cookies", "cookie_security_disallowed_persistent_set_cookies", "csp_header_violation", "csp_header_success", "csp_header_inserted", "form_csrf_tag_success", "form_csrf_tag_violation", "form_consistency_success", "form_consistency_violation", "form_tag_inserted", "form_non_ssl_success", "form_non_ssl_violation", "form_request_non_post_success", "form_request_non_post_violation", "form_check_success", "form_check_violation", "form_check_sanitize", "form_non_masked_password_success", "form_non_masked_password_violation", "form_non_ssl_password_success", "form_non_ssl_password_violation", "form_password_autocomplete_success", "form_password_autocomplete_violation", "form_set_no_cache_success", "form_set_no_cache", "dlp_ccn_success", "dlp_ccn_amex_violation", "dlp_ccn_amex_masked", "dlp_ccn_diners_violation", "dlp_ccn_diners_masked", "dlp_ccn_visa_violation", "dlp_ccn_visa_masked", "dlp_ccn_mastercard_violation", "dlp_ccn_mastercard_masked", "dlp_ccn_discover_violation", "dlp_ccn_discover_masked", "dlp_ccn_jcb_violation", "dlp_ccn_jcb_masked", "dlp_ssn_success", "dlp_ssn_violation", "dlp_pcre_success", "dlp_pcre_violation", "dlp_pcre_masked", "evasion_check_apache_whitespace_success", "evasion_check_apache_whitespace_violation", "evasion_check_decode_entities_success", "evasion_check_decode_entities_violation", "evasion_check_decode_escaped_chars_success", "evasion_check_decode_escaped_chars_violation", "evasion_check_decode_unicode_chars_success", "evasion_check_decode_unicode_chars_violation", "evasion_check_dir_traversal_success", "evasion_check_dir_traversal_violation" ] }, "counters2":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'evasion_check_high_ascii_bytes_success': High Ascii Bytes check passed; 'evasion_check_high_ascii_bytes_violation': High Ascii Bytes check violation; 'evasion_check_invalid_hex_encoding_success': Invalid Hex Encoding check passed; 'evasion_check_invalid_hex_encoding_violation': Invalid Hex Encoding check violation; 'evasion_check_multiple_encoding_levels_success': Multiple Encoding Levels check passed; 'evasion_check_multiple_encoding_levels_violation': Multiple Encoding Levels check violation; 'evasion_check_multiple_slashes_success': Multiple Slashes check passed; 'evasion_check_multiple_slashes_violation': Multiple Slashes check violation; 'evasion_check_max_levels_success': Max Levels check passed; 'evasion_check_max_levels_violation': Max Levels check violation; 'evasion_check_remove_comments_success': Remove Comments check passed; 'evasion_check_remove_comments_violation': Remove Comments check violation; 'evasion_check_remove_spaces_success': Remove Spaces check passed; 'evasion_check_remove_spaces_violation': Remove Spaces check violation; 'http_limit_max_content_length_success': MAX content-length check passed; 'http_limit_max_content_length_violation': MAX content-length check violation; 'http_limit_max_cookie_header_length_success': MAX cookie header length check passed; 'http_limit_max_cookie_header_length_violation': MAX cookie header length violation; 'http_limit_max_cookie_name_length_success': MAX cookie name length check passed; 'http_limit_max_cookie_name_length_violation': MAX cookie name length violation; 'http_limit_max_cookie_value_length_success': MAX cookie value length check passed; 'http_limit_max_cookie_value_length_violation': MAX cookie value length violation; 'http_limit_max_cookies_success': Max Cookies check passed; 'http_limit_max_cookies_violation': Max Cookies violation; 'http_limit_max_cookies_length_success': MAX cookies length check passed; 'http_limit_max_cookies_length_violation': MAX cookies length violation; 'http_limit_max_data_parse_success': Buffer Overflow - Max Data Parse check passed; 'http_limit_max_data_parse_violation': Buffer Overflow - Max Data Parse violation; 'http_limit_max_entities_success': Max Entities check passed; 'http_limit_max_entities_violation': Max Entities violation; 'http_limit_max_header_length_success': MAX header length check passed; 'http_limit_max_header_length_violation': MAX header length check violation; 'http_limit_max_header_name_length_success': MAX header name length check passed; 'http_limit_max_header_name_length_violation': MAX header name length check violation; 'http_limit_max_header_value_length_success': MAX header value length check passed; 'http_limit_max_header_value_length_violation': MAX header value length check violation; 'http_limit_max_headers_success': MAX headers count check passed; 'http_limit_max_headers_violation': Max Headers violation; 'http_limit_max_headers_length_success': MAX headers length check passed; 'http_limit_max_headers_length_violation': MAX headers length check violation; 'http_limit_max_param_name_length_success': Limit check - MAX parameter name length check passed; 'http_limit_max_param_name_length_violation': Limit check - MAX parameter name length violation; 'http_limit_max_param_value_length_success': Limit check - MAX parameter value length check passed; 'http_limit_max_param_value_length_violation': Limit check - MAX parameter value length violation; 'http_limit_max_params_success': Limit check - MAX parameters check passed; 'http_limit_max_params_violation': Limit check - MAX parameters violation; 'http_limit_max_params_length_success': Limit check - MAX parameters total length check passed; 'http_limit_max_params_length_violation': Limit check - MAX parameters total length violation; 'http_limit_max_post_length_success': MAX POST length check passed; 'http_limit_max_post_length_violation': MAX POST length violation; 'http_limit_max_query_length_success': Limit check - MAX query length check passed; 'http_limit_max_query_length_violation': Limit check - MAX query length violation; 'http_limit_max_request_length_success': Limit check - MAX request length check passed; 'http_limit_max_request_length_violation': Limit check - MAX request length violation; 'http_limit_max_request_line_length_success': Limit check - MAX request line length check passed; 'http_limit_max_request_line_length_violation': Limit check - MAX request line length violation; 'max_url_length_success': Limit check - MAX URL length check passed; 'max_url_length_violation': Limit check - MAX URL length violation; 'http_protocol_allowed_headers_success': HTTP headers check passed; 'http_protocol_allowed_headers_violation': HTTP headers check violation; 'http_protocol_allowed_versions_success': HTTP versions check passed; 'http_protocol_allowed_versions_violation': HTTP versions check violation; 'http_protocol_allowed_method_check_success': HTTP Method Check passed; 'http_protocol_allowed_method_check_violation': HTTP Method Check violation; 'http_protocol_bad_multipart_request_success': Bad multi-part request check passed; 'http_protocol_bad_multipart_request_violation': Bad multi-part request check violation; 'http_protocol_get_with_content_success': GET with content check passed; 'http_protocol_get_with_content_violation': GET with content check violation; 'http_protocol_head_with_content_success': HEAD with content check passed; 'http_protocol_head_with_content_violation': HEAD with content check violation; 'http_protocol_host_header_with_ip_success': Host header with IP check passed; 'http_protocol_host_header_with_ip_violation': Host header with IP check violation; 'http_protocol_invalid_url_encoding_success': Invalid url encoding check passed; 'http_protocol_invalid_url_encoding_violation': Invalid url encoding check violation; 'http_protocol_malformed_content_length_success': Malformed content-length check passed; 'http_protocol_malformed_content_length_violation': Malformed content-length check violation; 'http_protocol_malformed_header_success': Malformed header check passed; 'http_protocol_malformed_header_violation': Malformed header check passed; 'http_protocol_malformed_parameter_success': Malformed parameter check passed; 'http_protocol_malformed_parameter_violation': Malformed parameter check violation; 'http_protocol_malformed_request_success': Malformed request check passed; 'http_protocol_malformed_request_violation': Malformed request check violation; 'http_protocol_malformed_request_line_success': Malformed request line check passed; 'http_protocol_malformed_request_line_violation': Malformed request line check violation; 'http_protocol_missing_header_value_success': Missing header value check violation; 'http_protocol_missing_header_value_violation': Missing header value check violation; 'http_protocol_missing_host_header_success': Missing host header check passed; 'http_protocol_missing_host_header_violation': Missing host header check violation; 'http_protocol_multiple_content_length_success': Multiple content-length headers check passed; 'http_protocol_multiple_content_length_violation': Multiple content-length headers check violation; 'http_protocol_post_with_0_content_success': POST with 0 content check passed; 'http_protocol_post_with_0_content_violation': POST with 0 content check violation; 'http_protocol_post_without_content_success': POST without content check passed; 'http_protocol_post_without_content_violation': POST without content check violation; 'http_protocol_success': HTTP Check passed; 'http_protocol_violation': HTTP Check violation; 'json_check_format_success': JSON Check passed; ", "enum":[ "evasion_check_high_ascii_bytes_success", "evasion_check_high_ascii_bytes_violation", "evasion_check_invalid_hex_encoding_success", "evasion_check_invalid_hex_encoding_violation", "evasion_check_multiple_encoding_levels_success", "evasion_check_multiple_encoding_levels_violation", "evasion_check_multiple_slashes_success", "evasion_check_multiple_slashes_violation", "evasion_check_max_levels_success", "evasion_check_max_levels_violation", "evasion_check_remove_comments_success", "evasion_check_remove_comments_violation", "evasion_check_remove_spaces_success", "evasion_check_remove_spaces_violation", "http_limit_max_content_length_success", "http_limit_max_content_length_violation", "http_limit_max_cookie_header_length_success", "http_limit_max_cookie_header_length_violation", "http_limit_max_cookie_name_length_success", "http_limit_max_cookie_name_length_violation", "http_limit_max_cookie_value_length_success", "http_limit_max_cookie_value_length_violation", "http_limit_max_cookies_success", "http_limit_max_cookies_violation", "http_limit_max_cookies_length_success", "http_limit_max_cookies_length_violation", "http_limit_max_data_parse_success", "http_limit_max_data_parse_violation", "http_limit_max_entities_success", "http_limit_max_entities_violation", "http_limit_max_header_length_success", "http_limit_max_header_length_violation", "http_limit_max_header_name_length_success", "http_limit_max_header_name_length_violation", "http_limit_max_header_value_length_success", "http_limit_max_header_value_length_violation", "http_limit_max_headers_success", "http_limit_max_headers_violation", "http_limit_max_headers_length_success", "http_limit_max_headers_length_violation", "http_limit_max_param_name_length_success", "http_limit_max_param_name_length_violation", "http_limit_max_param_value_length_success", "http_limit_max_param_value_length_violation", "http_limit_max_params_success", "http_limit_max_params_violation", "http_limit_max_params_length_success", "http_limit_max_params_length_violation", "http_limit_max_post_length_success", "http_limit_max_post_length_violation", "http_limit_max_query_length_success", "http_limit_max_query_length_violation", "http_limit_max_request_length_success", "http_limit_max_request_length_violation", "http_limit_max_request_line_length_success", "http_limit_max_request_line_length_violation", "max_url_length_success", "max_url_length_violation", "http_protocol_allowed_headers_success", "http_protocol_allowed_headers_violation", "http_protocol_allowed_versions_success", "http_protocol_allowed_versions_violation", "http_protocol_allowed_method_check_success", "http_protocol_allowed_method_check_violation", "http_protocol_bad_multipart_request_success", "http_protocol_bad_multipart_request_violation", "http_protocol_get_with_content_success", "http_protocol_get_with_content_violation", "http_protocol_head_with_content_success", "http_protocol_head_with_content_violation", "http_protocol_host_header_with_ip_success", "http_protocol_host_header_with_ip_violation", "http_protocol_invalid_url_encoding_success", "http_protocol_invalid_url_encoding_violation", "http_protocol_malformed_content_length_success", "http_protocol_malformed_content_length_violation", "http_protocol_malformed_header_success", "http_protocol_malformed_header_violation", "http_protocol_malformed_parameter_success", "http_protocol_malformed_parameter_violation", "http_protocol_malformed_request_success", "http_protocol_malformed_request_violation", "http_protocol_malformed_request_line_success", "http_protocol_malformed_request_line_violation", "http_protocol_missing_header_value_success", "http_protocol_missing_header_value_violation", "http_protocol_missing_host_header_success", "http_protocol_missing_host_header_violation", "http_protocol_multiple_content_length_success", "http_protocol_multiple_content_length_violation", "http_protocol_post_with_0_content_success", "http_protocol_post_with_0_content_violation", "http_protocol_post_without_content_success", "http_protocol_post_without_content_violation", "http_protocol_success", "http_protocol_violation", "json_check_format_success" ] }, "counters3":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'json_check_format_violation': JSON Check violation; 'json_check_max_array_value_count_success': JSON Limit Array Value Count check passed; 'json_check_max_array_value_count_violation': JSON Limit Array Value Count violation; 'json_check_max_depth_success': JSON Limit Depth check passed; 'json_check_max_depth_violation': JSON Limit Depth violation; 'json_check_max_object_member_count_success': JSON Limit Object Number Count check passed; 'json_check_max_object_member_count_violation': JSON Limit Object Number Count violation; 'json_check_max_string_success': JSON Limit String check passed; 'json_check_max_string_violation': JSON Limit String violation; 'request_check_bot_success': Bot check passed; 'request_check_bot_violation': Bot check violation; 'request_check_redirect_wlist_success': Redirect Whitelist passed; 'request_check_redirect_wlist_violation': Redirect Whitelist violation; 'request_check_redirect_wlist_learn': Redirect Whitelist Learn; 'request_check_referer_success': Referer Check passed; 'request_check_referer_violation': Referer Check violation; 'request_check_referer_redirect': Referer Check Redirect; 'request_check_session_check_none': Session Created; 'request_check_session_check_success': Session Check passed; 'request_check_session_check_violation': Session Check violation; 'request_check_sqlia_url_success': SQLIA Check URL passed; 'request_check_sqlia_url_violation': SQLIA Check URL violation; 'request_check_sqlia_url_sanitize': SQLIA Check URL Sanitized; 'request_check_sqlia_post_body_success': SQLIA Check Post passed; 'request_check_sqlia_post_body_violation': SQLIA Check Post violation; 'request_check_sqlia_post_body_sanitize': SQLIA Check Post Sanitized; 'request_check_url_list_success': URL Check passed; 'request_check_url_list_violation': URL Check violation; 'request_check_url_list_learn': URL Check Learn; 'request_check_url_whitelist_success': URI White List passed; 'request_check_url_whitelist_violation': URI White List violation; 'request_check_url_blacklist_success': URI Black List passed; 'request_check_url_blacklist_violation': URI Black List violation; 'request_check_xss_cookie_success': XSS Check Cookie passed; 'request_check_xss_cookie_violation': XSS Check Cookie violation; 'request_check_xss_cookie_sanitize': XSS Check Cookie Sanitized; 'request_check_xss_url_success': XSS Check URL passed; 'request_check_xss_url_violation': XSS Check URL violation; 'request_check_xss_url_sanitize': XSS Check URL Sanitized; 'request_check_xss_post_body_success': XSS Check Post passed; 'request_check_xss_post_body_violation': XSS Check Post violation; 'request_check_xss_post_body_sanitize': XSS Check Post Sanitized; 'response_cloaking_hide_status_code_success': Response Hide Code check passed; 'response_cloaking_hide_status_code_violation': Response Hide Code violation; 'response_cloaking_filter_headers_success': Response Headers Filter check passed; 'response_cloaking_filter_headers_violation': Response Headers Filter violation; 'soap_check_success': Soap Check passed; 'soap_check_violation': Soap Check violation; 'xml_check_format_success': XML Check passed; 'xml_check_format_violation': XML Check violation; 'xml_check_max_attr_success': XML Limit Attribute check passed; 'xml_check_max_attr_violation': XML Limit Attribute violation; 'xml_check_max_attr_name_len_success': XML Limit Name Length check passed; 'xml_check_max_attr_name_len_violation': XML Limit Name Length violation; 'xml_check_max_attr_value_len_success': XML Limit Value Length check passed; 'xml_check_max_attr_value_len_violation': XML Limit Value Length violation; 'xml_check_max_cdata_len_success': XML Limit CData Length check passed; 'xml_check_max_cdata_len_violation': XML Limit CData Length violation; 'xml_check_max_elem_success': XML Limit Element check passed; 'xml_check_max_elem_violation': XML Limit Element violation; 'xml_check_max_elem_child_success': XML Limit Element Child check passed; 'xml_check_max_elem_child_violation': XML Limit Element Child violation; 'xml_check_max_elem_depth_success': XML Limit Element Depth check passed; 'xml_check_max_elem_depth_violation': XML Limit Element Depth violation; 'xml_check_max_elem_name_len_success': XML Limit Element Name Length check passed; 'xml_check_max_elem_name_len_violation': XML Limit Element Name Length violation; 'xml_check_max_entity_exp_success': XML Limit Entity Expansions check passed; 'xml_check_max_entity_exp_violation': XML Limit Entity Expansions violation; 'xml_check_max_entity_exp_depth_success': XML Limit Entities Depth check passed; 'xml_check_max_entity_exp_depth_violation': XML Limit Entities Depth violation; 'xml_check_max_namespace_success': XML Limit Namespace check passed; 'xml_check_max_namespace_violation': XML Limit Namespace violation; 'xml_check_namespace_uri_len_success': XML Limit Namespace URI Length check passed; 'xml_check_namespace_uri_len_violation': XML Limit Namespace URI Length violation; 'xml_check_sqlia_success': XML Sqlia Check passed; 'xml_check_sqlia_violation': XML Sqlia Check violation; 'xml_check_xss_success': XML XSS Check passed; 'xml_check_xss_violation': XML XSS Check violation; 'xml_content_check_schema_success': XML Schema passed; 'xml_content_check_schema_violation': XML Schema violation; 'xml_content_check_wsdl_success': WSDL passed; 'xml_content_check_wsdl_violation': WSDL violation; 'learning_list_full': Learning list is full; 'action_allow': Request Action allowed; 'action_deny_200': Request Deny with 200; 'action_deny_403': Request Deny with 403; 'action_deny_redirect': Request Deny with Redirect; 'action_deny_reset': Request Deny with Resets; 'action_drop': Number of Dropped Requests; 'action_deny_custom_response': Request Deny with custom response; 'action_learn': Request Learning Updates; 'action_log': Log request violation; 'policy_limit_exceeded': Policy limit exceeded; 'sessions_alloc': Sessions allocated; 'sessions_freed': Sessions freed; 'out_of_sessions': Out of sessions; 'too_many_sessions': Too many sessions consumed; 'regex_violation': Regular expression failure; 'request_check_command_injection_cookies_success': Command Injection Check cookies passed; 'request_check_command_injection_cookies_violation': Command Injection Check cookies violation; 'request_check_command_injection_headers_success': Command Injection Check headers passed; 'request_check_command_injection_headers_violation': Command Injection Check headers violation; 'request_check_command_injection_uri_query_success': Command Injection Check url query arguments passed; 'request_check_command_injection_uri_query_violation': Command Injection Check url query arguments violation; 'request_check_command_injection_form_body_success': Command Injection Check form body arguments passed; 'request_check_command_injection_form_body_violation': Command Injection Check form body arguments violation; 'cookie_security_decrypt_in_grace_period_violation': Cookie Decrypt violation but in grace period; 'form_response_non_post_success': Response form method was POST; 'form_response_non_post_violation': Response form method was not POST; 'form_response_non_post_sanitize': Changed response form method to POST; 'xml_check_max_entity_decl_success': XML Limit Entity Decl check passed; 'xml_check_max_entity_decl_violation': XML Limit Entity Decl violation; 'xml_check_max_entity_depth_success': XML Limit Entity Depth check passed; 'xml_check_max_entity_depth_violation': XML Limit Entity Depth violation; 'action_response_allow': Response Action allowed; 'action_response_deny_200': Response Deny with 200; ", "enum":[ "json_check_format_violation", "json_check_max_array_value_count_success", "json_check_max_array_value_count_violation", "json_check_max_depth_success", "json_check_max_depth_violation", "json_check_max_object_member_count_success", "json_check_max_object_member_count_violation", "json_check_max_string_success", "json_check_max_string_violation", "request_check_bot_success", "request_check_bot_violation", "request_check_redirect_wlist_success", "request_check_redirect_wlist_violation", "request_check_redirect_wlist_learn", "request_check_referer_success", "request_check_referer_violation", "request_check_referer_redirect", "request_check_session_check_none", "request_check_session_check_success", "request_check_session_check_violation", "request_check_sqlia_url_success", "request_check_sqlia_url_violation", "request_check_sqlia_url_sanitize", "request_check_sqlia_post_body_success", "request_check_sqlia_post_body_violation", "request_check_sqlia_post_body_sanitize", "request_check_url_list_success", "request_check_url_list_violation", "request_check_url_list_learn", "request_check_url_whitelist_success", "request_check_url_whitelist_violation", "request_check_url_blacklist_success", "request_check_url_blacklist_violation", "request_check_xss_cookie_success", "request_check_xss_cookie_violation", "request_check_xss_cookie_sanitize", "request_check_xss_url_success", "request_check_xss_url_violation", "request_check_xss_url_sanitize", "request_check_xss_post_body_success", "request_check_xss_post_body_violation", "request_check_xss_post_body_sanitize", "response_cloaking_hide_status_code_success", "response_cloaking_hide_status_code_violation", "response_cloaking_filter_headers_success", "response_cloaking_filter_headers_violation", "soap_check_success", "soap_check_violation", "xml_check_format_success", "xml_check_format_violation", "xml_check_max_attr_success", "xml_check_max_attr_violation", "xml_check_max_attr_name_len_success", "xml_check_max_attr_name_len_violation", "xml_check_max_attr_value_len_success", "xml_check_max_attr_value_len_violation", "xml_check_max_cdata_len_success", "xml_check_max_cdata_len_violation", "xml_check_max_elem_success", "xml_check_max_elem_violation", "xml_check_max_elem_child_success", "xml_check_max_elem_child_violation", "xml_check_max_elem_depth_success", "xml_check_max_elem_depth_violation", "xml_check_max_elem_name_len_success", "xml_check_max_elem_name_len_violation", "xml_check_max_entity_exp_success", "xml_check_max_entity_exp_violation", "xml_check_max_entity_exp_depth_success", "xml_check_max_entity_exp_depth_violation", "xml_check_max_namespace_success", "xml_check_max_namespace_violation", "xml_check_namespace_uri_len_success", "xml_check_namespace_uri_len_violation", "xml_check_sqlia_success", "xml_check_sqlia_violation", "xml_check_xss_success", "xml_check_xss_violation", "xml_content_check_schema_success", "xml_content_check_schema_violation", "xml_content_check_wsdl_success", "xml_content_check_wsdl_violation", "learning_list_full", "action_allow", "action_deny_200", "action_deny_403", "action_deny_redirect", "action_deny_reset", "action_drop", "action_deny_custom_response", "action_learn", "action_log", "policy_limit_exceeded", "sessions_alloc", "sessions_freed", "out_of_sessions", "too_many_sessions", "regex_violation", "request_check_command_injection_cookies_success", "request_check_command_injection_cookies_violation", "request_check_command_injection_headers_success", "request_check_command_injection_headers_violation", "request_check_command_injection_uri_query_success", "request_check_command_injection_uri_query_violation", "request_check_command_injection_form_body_success", "request_check_command_injection_form_body_violation", "cookie_security_decrypt_in_grace_period_violation", "form_response_non_post_success", "form_response_non_post_violation", "form_response_non_post_sanitize", "xml_check_max_entity_decl_success", "xml_check_max_entity_decl_violation", "xml_check_max_entity_depth_success", "xml_check_max_entity_depth_violation", "action_response_allow", "action_response_deny_200" ] }, "counters4":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'action_response_deny_403': Response Deny with 403; 'action_response_deny_redirect': Response Deny with Redirect; 'action_response_deny_reset': Deny with Resets; 'action_response_drop': Number of Dropped Responses; 'action_response_deny_custom_response': Response Deny with custom response; 'action_response_learn': Response Learning Updates; 'action_response_log': Log response violation; 'http_protocol_post_without_content_type_success': POST without content type check passed; 'http_protocol_post_without_content_type_violation': POST without content type check violation; 'http_protocol_body_without_content_type_success': Body without content type check passed; 'http_protocol_body_without_content_type_violation': Body without content type check violation; 'http_protocol_non_ssl_cookie_prefix_success': Cookie Name Prefix check passed; 'http_protocol_non_ssl_cookie_prefix_violation': Cookie Name Prefix check violation; 'cookie_security_add_samesite_success': Cookie Security - samesite attribute added successfully; 'cookie_security_add_samesite_violation': Cookie Security - samesite attribute violation; 'rule_set_request': Requests hanlded by WAF rule set; 'rule_set_response': Responses hanlded by WAF rule set; 'phase1_pass': WAF rule set pass hits in phase 1; 'phase1_allow': WAF rule set allow hits in phase 1; 'phase1_deny': WAF rule set deny hits in phase 1; 'phase1_drop': WAF rule set drop hits in phase 1; 'phase1_redirect': WAF rule set redirect hits in phase 1; 'phase1_other': WAF rule set other hits in phase 1; 'phase2_pass': WAF rule set pass hits in phase 2; 'phase2_allow': WAF rule set allow hits in phase 2; 'phase2_deny': WAF rule set deny hits in phase 2; 'phase2_drop': WAF rule set drop hits in phase 2; 'phase2_redirect': WAF rule set redirect hits in phase 2; 'phase2_other': WAF rule set other hits in phase 2; 'phase3_pass': WAF rule set pass hits in phase 3; 'phase3_allow': WAF rule set allow hits in phase 3; 'phase3_deny': WAF rule set deny hits in phase 3; 'phase3_drop': WAF rule set drop hits in phase 3; 'phase3_redirect': WAF rule set redirect hits in phase 3; 'phase3_other': WAF rule set other hits in phase 3; 'phase4_pass': WAF rule set pass hits in phase 4; 'phase4_allow': WAF rule set allow hits in phase 4; 'phase4_deny': WAF rule set deny hits in phase 4; 'phase4_drop': WAF rule set drop hits in phase 4; 'phase4_redirect': WAF rule set redirect hits in phase 4; 'phase4_other': WAF rule set other hits in phase 4; ", "enum":[ "action_response_deny_403", "action_response_deny_redirect", "action_response_deny_reset", "action_response_drop", "action_response_deny_custom_response", "action_response_learn", "action_response_log", "http_protocol_post_without_content_type_success", "http_protocol_post_without_content_type_violation", "http_protocol_body_without_content_type_success", "http_protocol_body_without_content_type_violation", "http_protocol_non_ssl_cookie_prefix_success", "http_protocol_non_ssl_cookie_prefix_violation", "cookie_security_add_samesite_success", "cookie_security_add_samesite_violation", "rule_set_request", "rule_set_response", "phase1_pass", "phase1_allow", "phase1_deny", "phase1_drop", "phase1_redirect", "phase1_other", "phase2_pass", "phase2_allow", "phase2_deny", "phase2_drop", "phase2_redirect", "phase2_other", "phase3_pass", "phase3_allow", "phase3_deny", "phase3_drop", "phase3_redirect", "phase3_other", "phase4_pass", "phase4_allow", "phase4_deny", "phase4_drop", "phase4_redirect", "phase4_other" ] }, "optional":true } } ] } } }, "policy":{ "type":"object", "$ref":"/axapi/v3/waf/policy", "properties":{ "max-filesize":{ "type":"number", "format":"number", "minimum":16, "maximum":10240, "default":32, "partition-visibility":"shared", "description":"Set maximum WAF policy file size (Maximum file size in KBytes, default is 32K)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "xml-schema":{ "type":"object", "$ref":"/axapi/v3/waf/xml-schema", "properties":{ "max-filesize":{ "type":"number", "format":"number", "minimum":16, "maximum":256, "default":32, "partition-visibility":"shared", "description":"Set maximum XML-Schema file size (Maximum file size in KBytes, default is 32K)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "wsdl":{ "type":"object", "$ref":"/axapi/v3/waf/wsdl", "properties":{ "max-filesize":{ "type":"number", "format":"number", "minimum":16, "maximum":256, "default":32, "partition-visibility":"shared", "description":"Set maximum WSDL file size (Maximum file size in KBytes, default is 32K)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "rule-set-config-list":{ "type":"array", "minItems":1, "items":{ "type":"rule-set-config" }, "uniqueItems":true, "$ref":"/axapi/v3/waf/rule-set-config/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"WAF rule-set-config template Name", "optional":false }, "deploy-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'active': Deploy WAF rule-set in active mode; 'monitor': Deploy WAF rule-set in monitor mode, only log and statistics.; ", "enum":[ "active", "monitor" ], "optional":true }, "max-rules-per-phase":{ "type":"number", "format":"number", "minimum":100, "maximum":65535, "partition-visibility":"shared", "description":"Specify maximum rules per phase (default: 10000)", "optional":true }, "max-process-time":{ "type":"number", "format":"number", "minimum":40, "maximum":1500, "partition-visibility":"shared", "description":"Specify maximum request processing time (in ms) per phase (default: 80)", "optional":true }, "process-timeout-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop the request; 'deny': Deny the request; 'allow': Allow the request; ", "enum":[ "drop", "deny", "allow" ], "optional":true }, "request-body-access":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'on': WAF rule-set allow request body processing; 'off': WAF rule-set disable request body processing; ", "enum":[ "on", "off" ], "optional":true }, "request-body-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":1048576, "partition-visibility":"shared", "description":"Specify maximum request body size in KB for buffering (default: 1024)", "optional":true }, "request-body-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'reject': Reject the request (default); 'process-partial': Process partial request body; ", "enum":[ "reject", "process-partial" ], "optional":true }, "response-body-access":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'on': WAF rule-set allow response body processing; 'off': WAF rule-set disable response body processing; ", "enum":[ "on", "off" ], "optional":true }, "response-body-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":1048576, "partition-visibility":"shared", "description":"Specify maximum response body in KB size for buffering (default: 512)", "optional":true }, "response-body-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'reject': Reject the response; 'process-partial': Process partial response body (default); ", "enum":[ "reject", "process-partial" ], "optional":true }, "response-body-mime-type":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1024, "partition-visibility":"shared", "description":"Specify MIME types that WAF rule-set will process (default: text/plain text/html) (Specify MIME types (ex: text/plain text/html))", "optional":true }, "request-header-default-action":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":256, "partition-visibility":"shared", "description":"Specify WAF rule-set default actions for request-header phase (default: log,deny) (Specify default actions (ex: log,deny))", "optional":true }, "request-body-default-action":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":256, "partition-visibility":"shared", "description":"Specify WAF rule-set default actions for request-body phase (default: log,deny) (Specify default actions (ex: log,deny))", "optional":true }, "response-header-default-action":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":256, "partition-visibility":"shared", "description":"Specify WAF rule-set default actions for response-header phase (default: log,pass) (Specify default actions (ex: log,deny))", "optional":true }, "response-body-default-action":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":256, "partition-visibility":"shared", "description":"Specify WAF rule-set default actions for response-body phase (default: log,pass) (Specify default actions (ex: log,deny))", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "name" ] } ] }, "template-list":{ "type":"array", "minItems":1, "items":{ "type":"template" }, "uniqueItems":true, "$ref":"/axapi/v3/waf/template/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"WAF Template Name", "optional":false }, "csp":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Insert HTTP header Content-Security-Policy if necessary", "optional":true }, "csp-value":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"CSP header value, e.g., \"script-src 'none'\"", "optional":true }, "csp-insert-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'insert-if-not-exist': Only insert the header when it does not exist; 'insert-always': Always insert the header even when there is a header with the same name; ", "enum":[ "insert-if-not-exist", "insert-always" ], "optional":true }, "http-redirect":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not-list":[ "http-resp-200", "reset-conn", "http-resp-403" ], "description":"Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)", "optional":true }, "http-resp-200":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "http-redirect", "reset-conn", "http-resp-403" ], "description":"Send HTTP response with status code 200 OK", "optional":true }, "resp-url-200":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Response content to send client when denying request", "optional":true }, "reset-conn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "http-redirect", "http-resp-200", "http-resp-403" ], "description":"Reset the client connection", "optional":true }, "http-resp-403":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "http-redirect", "http-resp-200", "reset-conn" ], "description":"Send HTTP response with status code 403 Forbidden (default)", "optional":true }, "resp-url-403":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Response content to send client when denying request", "optional":true }, "deploy-mode":{ "type":"string", "format":"enum", "default":"active", "partition-visibility":"shared", "description":"'active': Deploy WAF in active (blocking) mode; 'passive': Deploy WAF in passive (log-only) mode; 'learning': Deploy WAF in learning mode; ", "enum":[ "active", "passive", "learning" ], "optional":true }, "log-succ-reqs":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log successful waf requests", "optional":true }, "learn-pr":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable per-request logs for WAF learning", "optional":true }, "parent":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"inherit from parent template", "optional":true }, "parent-template-waf":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/waf/template", "description":"WAF template (WAF Config name)", "optional":true }, "pcre-match-limit":{ "type":"number", "format":"number", "minimum":1000, "maximum":1500000, "default":30000, "partition-visibility":"shared", "description":"Maximum number of matches allowed (default 30000)", "optional":true }, "pcre-match-recursion-limit":{ "type":"number", "format":"number", "minimum":100, "maximum":150000, "default":5000, "partition-visibility":"shared", "description":"Maximum levels of recursive allowed (default 5000)", "optional":true }, "soap-format-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check XML document for SOAP format compliance", "optional":true }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/slb/template/logging", "description":"Logging template (Logging Config name)", "optional":true }, "wsdl-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"wsdl-resp-val-file", "description":"Specify name of WSDL file for verifying XML body contents", "optional":true }, "wsdl-resp-val-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"wsdl-file", "description":"Specify name of WSDL file for verifying XML body contents", "optional":true }, "xml-schema-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"xml-schema-resp-val-file", "description":"Specify name of XML-Schema file for verifying XML body contents", "optional":true }, "xml-schema-resp-val-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"xml-schema-file", "description":"Specify name of XML-Schema file for verifying XML body contents", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "brute-force-protection":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/brute-force-protection", "properties":{ "challenge-action-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use Set-Cookie to determine if client allows cookies" }, "challenge-action-javascript":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Add JavaScript to response to test if client allows JavaScript" }, "challenge-action-captcha":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Initiate a Captcha to verify client can respond" }, "brute-force-challenge-limit":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":2, "partition-visibility":"shared", "description":"Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2))" }, "enable-disable-action":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable brute force protections; 'disable': Disable brute force protections (default); ", "enum":[ "enable", "disable" ] }, "brute-force-global":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally)" }, "brute-force-lockout-limit":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":5, "partition-visibility":"shared", "description":"Maximum brute-force events before locking out client (default 5)" }, "brute-force-lockout-period":{ "type":"number", "format":"number", "minimum":0, "maximum":1800, "default":600, "partition-visibility":"shared", "description":"Number of seconds client should be locked out (default 600)" }, "brute-force-resp-codes":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Trigger brute-force check on HTTP response code" }, "brute-force-resp-codes-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file" }, "brute-force-resp-headers":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Trigger brute-force check on HTTP response header names" }, "brute-force-resp-headers-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file" }, "brute-force-resp-string":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Trigger brute-force check on HTTP response reason phrase" }, "brute-force-resp-string-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file" }, "brute-force-test-period":{ "type":"number", "format":"number", "minimum":0, "maximum":600, "default":60, "partition-visibility":"shared", "description":"Number of seconds for brute-force event counting (default 60)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "http-limit-check":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/http-limit-check", "properties":{ "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable all checks for HTTP limit" }, "max-content-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max length of content (Maximum length of content allowed)" }, "max-content-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "default":4096, "partition-visibility":"shared", "description":"Max length of content (default 4096) (Maximum length of content allowed (default 4096))" }, "max-cookie-header-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max Cookie header length allowed in request (Maximum length of cookie header allowed)" }, "max-cookie-header-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max Cookie header length allowed in request (default 4096) (Maximum length of cookie header allowed (default 4096))" }, "max-cookie-name-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max Cookie name length allowed in request (Maximum length of cookie name allowed)" }, "max-cookie-name-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":64, "partition-visibility":"shared", "description":"Max Cookie name length allowed in request (default 64) (Maximum length of cookie name allowed (default 64))" }, "max-cookie-value-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max Cookie value length allowed in request (Maximum length of cookie value allowed)" }, "max-cookie-value-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max Cookie value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))" }, "max-cookies":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max Cookies allowed in request (Maximum number of cookie allowed)" }, "max-cookies-value":{ "type":"number", "format":"number", "minimum":0, "maximum":1023, "default":20, "partition-visibility":"shared", "description":"Max Cookies allowed in request (default 20) (Maximum number of cookie allowed (default 20))" }, "max-cookies-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Total Cookies length allowed in request (Maximum length of all cookies in request)" }, "max-cookies-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Total Cookies length allowed in request (default 4096) (Maximum length of all cookies in request (default 4096))" }, "max-data-parse":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max data to be parsed for Web Application Firewall" }, "max-data-parse-value":{ "type":"number", "format":"number", "minimum":0, "maximum":2097152, "default":262144, "partition-visibility":"shared", "description":"Max data to be parsed for Web Application Firewall (default 262144)" }, "max-entities":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Maximum number of MIME entities allowed in request" }, "max-entities-value":{ "type":"number", "format":"number", "minimum":0, "maximum":512, "default":10, "partition-visibility":"shared", "description":"Maximum number of MIME entities allowed in request (default 10)" }, "max-header-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max header length allowed in request (Maximum length of header allowed)" }, "max-header-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max header length allowed in request (default 4096) (Maximum length of header allowed (default 4096))" }, "max-header-name-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max header name length allowed in request (Maximum length of header name allowed)" }, "max-header-name-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":64, "partition-visibility":"shared", "description":"Max header name length allowed in request (default 64) (Maximum length of header name allowed (default 64))" }, "max-header-value-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max header value length allowed in request (Maximum length of header value allowed)" }, "max-header-value-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))" }, "max-headers":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Total number of headers allowed in request (Maximum number of headers in request)" }, "max-headers-value":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "default":64, "partition-visibility":"shared", "description":"Total number of headers allowed in request (default 64) (Maximum number of headers in request (default 64))" }, "max-headers-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Total headers length allowed in request (Maximum length of all headers in request)" }, "max-headers-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Total headers length allowed in request (default 4096) (Maximum length of all headers in request (default 4096))" }, "max-param-name-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max query/POST parameter name length allowed in request (Maximum length of query/POST parameter names allowed)" }, "max-param-name-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":256, "partition-visibility":"shared", "description":"Max query/POST parameter name length allowed in request (default 256) (Maximum length of query/POST parameter names allowed (default 256))" }, "max-param-value-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max query/POST parameter value length allowed in request (Maximum length of query/POST parameter value allowed)" }, "max-param-value-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max query/POST parameter value length allowed in request (default 4096) (Maximum length of query/POST parameter value allowed (default 4096))" }, "max-params":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Total query/POST parameters allowed in request (Maximum number of query/POST parameters in request)" }, "max-params-value":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":64, "partition-visibility":"shared", "description":"Total query/POST parameters allowed in request (default 64) (Maximum number of query/POST parameters in request (default 64))" }, "max-params-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Total query/POST parameters length allowed in request (Maximum length of all params in request)" }, "max-params-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Total query/POST parameters length allowed in request (default 4096) (Maximum length of all params in request (default 4096))" }, "max-post-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Maximum content length allowed in POST request" }, "max-post-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "default":20480, "partition-visibility":"shared", "description":"Maximum content length allowed in POST request (default 20480)" }, "max-query-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max length of query string (Maximum length of query string allowed)" }, "max-query-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max length of query string (default 4096) (Maximum length of query string allowed (default 4096))" }, "max-request-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max length of request (Maximum length of request allowed)" }, "max-request-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "default":20480, "partition-visibility":"shared", "description":"Max length of request (default 20480) (Maximum length of request allowed (default 20480))" }, "max-request-line-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max length of request line (Maximum length of request line)" }, "max-request-line-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max length of request line (default 4096) (Maximum length of request line (default 4096))" }, "max-url-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Max length of url (Maximum length of url allowed)" }, "max-url-length-value":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":4096, "partition-visibility":"shared", "description":"Max length of url (default 4096) (Maximum length of url allowed (default 4096))" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "http-protocol-check":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/http-protocol-check", "properties":{ "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable all checks for HTTP protocol compliance" }, "allowed-headers":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable allowed-headers check (default disabled)" }, "allowed-headers-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1023, "default":"Host Referer User-Agent Accept Accept-Encoding Accept-Language Accept-Language Authorization Cache-Control Content-Length", "partition-visibility":"shared", "description":"Allowed HTTP headers. Default \"Host Referer User-Agent Accept Accept-Encoding ...\" (see docs for full list) (Allowed HTTP headers (default \"Host Referer User-Agent Accept Accept-Encoding ...\" (see docs for full list)))" }, "allowed-methods":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable allowed-methods check (default disabled)" }, "allowed-methods-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1023, "default":"GET POST", "partition-visibility":"shared", "description":"List of allowed HTTP methods. Default is \"GET POST\". (List of HTTP methods allowed (default \"GET POST\"))" }, "allowed-versions":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable allowed-versions check (default disabled)" }, "allowed-versions-list":{ "type":"string", "format":"enum-list", "default":"1.0,1.1,2", "partition-visibility":"shared", "description":"List of allowed HTTP versions (default \"1.0 1.1 2\")", "enum":[ "0.9", "1.0", "1.1", "2" ] }, "bad-multipart-request":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for bad multipart/form-data request body" }, "body-without-content-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for Body request without Content-Type header in request" }, "get-with-content":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for GET request with Content-Length headers in request" }, "head-with-content":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for HEAD request with Content-Length headers in request" }, "host-header-with-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for Host header with IP address" }, "invalid-url-encoding":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for invalid URL encoding in request" }, "malformed-content-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for malformed content-length in request" }, "malformed-header":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for malformed HTTP header" }, "malformed-parameter":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for malformed HTTP query/POST parameter" }, "malformed-request":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for malformed HTTP request" }, "malformed-request-line":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for malformed HTTP request line" }, "missing-header-value":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for missing header value in request" }, "missing-host-header":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for missing Host header in HTTP/1.1 request" }, "multiple-content-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for multiple Content-Length headers in request" }, "post-with-0-content":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for POST request with Content-Length 0" }, "post-without-content":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for POST request without Content-Length/Chunked Encoding headers in request" }, "post-without-content-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for POST request without Content-Type header in request" }, "non-ssl-cookie-prefix":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for Bad __Secure- or __Host- Cookie Name prefixes in non-ssl request" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "cookie-security":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/cookie-security", "properties":{ "enable-disable-action":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable cookie security (default); 'disable': Disable cookie security; ", "enum":[ "enable", "disable" ] }, "allow-missing-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow requests with missing cookies" }, "allow-unrecognized-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow requests with unrecognized cookies" }, "cookie-policy":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "cookie-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Name of cookie" }, "cookie-policy-allow":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow the cookie" }, "cookie-policy-disallow":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Block the cookie" }, "optional":true } } ] }, "set-cookie-policy":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "set-cookie-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Name of cookie" }, "set-cookie-policy-allow":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow the cookie" }, "set-cookie-policy-disallow":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Block the cookie" }, "set-cookie-policy-http-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Add HttpOnly flag to cookie" }, "set-cookie-policy-secure":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Add Secure flag to cookie" }, "set-cookie-policy-samesite":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'none': none; 'lax': lax; 'strict': strict; ", "enum":[ "none", "lax", "strict" ] }, "set-cookie-policy-sign":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"set-cookie-policy-encrypt", "description":"Sign cookies" }, "set-cookie-policy-secret":{ "type":"string", "format":"password", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Cookie encryption secret" }, "set-cookie-policy-secret-encrypted":{ "type":"encrypted", "format":"encrypted", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)" }, "optional":true } } ] }, "tamper-protection-http-only":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Add HttpOnly flag to cookies not in set-cookie-policy list (default on)" }, "tamper-protection-secure":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Add Secure flag to cookies not in set-cookie-policy list (default on)" }, "tamper-protection-samesite":{ "type":"string", "format":"enum", "default":"none", "partition-visibility":"shared", "description":"'none': none; 'lax': lax; 'strict': strict; ", "enum":[ "none", "lax", "strict" ] }, "tamper-protection-secret":{ "type":"string", "format":"password", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Cookie encryption secret" }, "tamper-protection-secret-encrypted":{ "type":"encrypted", "format":"encrypted", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)" }, "tamper-protection-grace-period":{ "type":"number", "format":"number", "minimum":0, "maximum":43200, "default":120, "partition-visibility":"shared", "description":"Allow unrecognized cookies for a period of time after cookie encryption being applied (default 120 minutes)" }, "tamper-protection-session-cookie-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Only encrypt session cookies" }, "tamper-protection-sign":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"tamper-protection-encrypt", "description":"Sign cookies" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "evasion-check":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/evasion-check", "properties":{ "apache-whitespace":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for whitespace characters in URL" }, "decode-entities":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Decode entities in internal url (default on)" }, "decode-escaped-chars":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Decode escaped characters such as \\r \\n \\\" \\xXX \\u00YY in internal url (default on)" }, "decode-plus-chars":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Decode '+' as space in URL (default on)" }, "decode-unicode-chars":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Check for evasion attempt using %u encoding of Unicode chars to bypass (default on)" }, "dir-traversal":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Check for directory traversal attempt (default on)" }, "high-ascii-bytes":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Check for evasion attempt using ASCII bytes with values" }, "invalid-hex-encoding":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for evasion attempt using invalid hex characters (not in 0-9,a-f)" }, "multiple-encoding-levels":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for evasion attempt using multiple levels of encoding" }, "multiple-slashes":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check for evasion attempt using multiple slashes/backslashes" }, "max-levels":{ "type":"number", "format":"number", "minimum":0, "maximum":64, "default":2, "partition-visibility":"shared", "description":"Max levels of encoding allowed in request (default 2)" }, "remove-comments":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Remove comments from internal url" }, "remove-spaces":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Remove spaces from internal url (default on)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "data-leak-prevention":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/data-leak-prevention", "properties":{ "ccn-mask":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mask credit card numbers in response" }, "ssn-mask":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mask US Social Security numbers in response" }, "pcre-mask":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Mask matched PCRE pattern in response" }, "keep-start":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Number of unmasked characters at the beginning (default: 0)" }, "keep-end":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Number of unmasked characters at the end (default: 0)" }, "mask":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1, "partition-visibility":"shared", "description":"Character to mask the matched pattern (default: X)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "form-protection":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/form-protection", "properties":{ "enable-disable-action":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable web form protections (default); 'disable': Disable web form protections; ", "enum":[ "enable", "disable" ] }, "csrf-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Tag the form to protect against Cross-site Request Forgery" }, "field-consistency-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Form input consistency check" }, "password-check-non-masked":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check forms that have a password field with a textual type, resulting in this field not being masked" }, "password-check-non-ssl":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check forms that has a password field if the form is not sent over an SSL connection" }, "password-check-autocomplete":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check to protect against server-generated form which contain password fields that allow autocomplete" }, "form-check-non-ssl":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check whether SSL is used for request with forms" }, "form-check-caching":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable caching for response with forms" }, "form-check-non-post":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check whether POST is used for request with forms" }, "form-check-request-non-post":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check whether POST is used for request with forms" }, "form-check-response-non-post":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check whether form method POST is used for response with forms" }, "form-check-response-non-post-sanitize":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Change form method GET to POST (Use with caution: make sure server application still work)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "response-cloaking":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/response-cloaking", "properties":{ "filter-headers":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Removes web server's identifying headers" }, "hide-status-codes":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Hides response status codes that are not allowed (default 4xx, 5xx)" }, "hide-status-codes-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "request-check":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/request-check", "properties":{ "bot-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check User-Agent for known bots" }, "bot-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file" }, "command-injection-check":{ "type":"string", "format":"enum-list", "partition-visibility":"shared", "description":"Check to protect against command injection attacks", "enum":[ "cookies", "headers", "form-body", "uri-query" ] }, "command-injection-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy command injection list file" }, "redirect-whitelist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check Redirect URL against list of previously learned redirects" }, "referer-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check referer to protect against CSRF attacks" }, "referer-domain-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not":"referer-domain-list-only", "description":"List of referer domains allowed" }, "referer-safe-url":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":" Safe URL to redirect to if referer is missing" }, "referer-domain-list-only":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not":"referer-domain-list", "description":"List of referer domains allowed" }, "session-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable session checking via session cookie" }, "lifetime":{ "type":"number", "format":"number", "minimum":1, "maximum":1440, "default":10, "partition-visibility":"shared", "description":"Session lifetime in minutes (default 10)" }, "sqlia-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'reject': Reject requests with SQLIA patterns; ", "enum":[ "reject" ] }, "sqlia-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file" }, "url-blacklist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"specify name of WAF policy list file to blacklist" }, "waf-blacklist-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file" }, "url-whitelist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"specify name of WAF policy list file to whitelist" }, "waf-whitelist-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file" }, "url-learned-list":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check URL against list of previously learned URLs" }, "xss-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'reject': Reject requests with bad cookies; ", "enum":[ "reject" ] }, "xss-check-policy-file":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Name of WAF policy list file" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "violation-log-mask":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/violation-log-mask", "properties":{ "query-param-name-equal-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'equals': Mask the query value if the query name equals to the string; ", "enum":[ "equals" ] }, "query-param-name-value":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1031, "partition-visibility":"shared", "description":"The list of Query parameter names" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "json-check":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/json-check", "properties":{ "format-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check HTTP body for JSON format compliance" }, "max-array-values":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":256, "partition-visibility":"shared", "description":"Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))" }, "max-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":16, "partition-visibility":"shared", "description":"Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))" }, "max-object-members":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":256, "partition-visibility":"shared", "description":"Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))" }, "max-string-length":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":64, "partition-visibility":"shared", "description":"Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "xml-check":{ "type":"object", "$ref":"/axapi/v3/waf/template/{name}/xml-check", "properties":{ "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable all checks for XML limit" }, "max-attr":{ "type":"number", "format":"number", "minimum":0, "maximum":256, "default":256, "partition-visibility":"shared", "description":"Maximum number of attributes of an XML element (default 256)" }, "max-attr-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":2048, "default":128, "partition-visibility":"shared", "description":"Maximum length of an attribute name (default 128)" }, "max-attr-value-len":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":128, "partition-visibility":"shared", "description":"Maximum length of an attribute text value (default 128)" }, "max-cdata-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":65535, "partition-visibility":"shared", "description":"Maximum length of an CDATA section of an element (default 65535)" }, "max-elem":{ "type":"number", "format":"number", "minimum":0, "maximum":8192, "default":1024, "partition-visibility":"shared", "description":"Maximum number of XML elements (default 1024)" }, "max-elem-child":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":1024, "partition-visibility":"shared", "description":"Maximum number of children of an XML element (default 1024)" }, "max-elem-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":4096, "default":256, "partition-visibility":"shared", "description":"Maximum recursion level for element definition (default 256)" }, "max-elem-name-len":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "default":128, "partition-visibility":"shared", "description":"Maximum length for an element name (default 128)" }, "max-entity-decl":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":1024, "partition-visibility":"shared", "description":"Maximum number of entity declarations (default 1024)" }, "max-entity-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":32, "default":32, "partition-visibility":"shared", "description":"Maximum depth of entities (default 32)" }, "max-entity-exp":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":1024, "partition-visibility":"shared", "description":"Maximum number of entity expansions (default 1024)" }, "max-entity-exp-depth":{ "type":"number", "format":"number", "minimum":0, "maximum":32, "default":32, "partition-visibility":"shared", "description":"Maximum nested depth of entity expansions (default 32)" }, "max-namespace":{ "type":"number", "format":"number", "minimum":0, "maximum":256, "default":16, "partition-visibility":"shared", "description":"Maximum number of namespace declarations (default 16)" }, "max-namespace-uri-len":{ "type":"number", "format":"number", "minimum":0, "maximum":1024, "default":256, "partition-visibility":"shared", "description":"Maximum length of a namespace URI (default 256)" }, "format":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check HTTP body for XML format compliance" }, "sqlia":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check XML data against SQLIA policy" }, "xss":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Check XML data against XSS policy" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] } } }