.. _waf_template: waf template ============ Manage WAF template configuration template Specification ---------------------- ===================================== ============================================================ ===================================== ============================================================ **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`2719_template_list` **Collection URI** /axapi/v3/waf/template **Element Name** template **Element URI** /axapi/v3/waf/template/{name} **Element Attributes** template_attributes **Schema** :download:`template schema ` ===================================== ============================================================ **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/waf/template .. raw:: html :ref:`2719_template_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/waf/template .. raw:: html :ref:`2719_template_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/waf/template/{name} .. raw:: html :ref:`2719_template_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/waf/template .. raw:: html :ref:`2719_template_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/waf/template/{name} .. raw:: html :ref:`2719_template_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/waf/template/{name} .. raw:: html :ref:`2719_template_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/waf/template .. raw:: html :ref:`2719_template_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/waf/template/{name} .. raw:: html :ref:`2719_template_attributes` .. raw:: html
.. _2719_template_list: template-list ------------- template-list is **JSON List** of :ref:`2719_template_attributes` template-list : [ { :ref:`2719_template_attributes` }, { :ref:`2719_template_attributes` }, ... ] .. _2719_template_attributes: template attributes ------------------- **brute-force-protection** **Description:** brute-force-protection is a **JSON Block**. Please see below for :ref:`2719_brute-force-protection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/brute-force-protection ` **cookie-security** **Description:** cookie-security is a **JSON Block**. Please see below for :ref:`2719_cookie-security` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/cookie-security ` **csp** **Description** Insert HTTP header Content-Security-Policy if necessary **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **csp-insert-type** **Description** 'insert-if-not-exist': Only insert the header when it does not exist; 'insert-always': Always insert the header even when there is a header with the same name; **Type:** string **Supported Values:** insert-if-not-exist, insert-always **csp-value** **Description** CSP header value, e.g., "script-src 'none'" **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **data-leak-prevention** **Description:** data-leak-prevention is a **JSON Block**. Please see below for :ref:`2719_data-leak-prevention` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/data-leak-prevention ` **deploy-mode** **Description** 'active': Deploy WAF in active (blocking) mode; 'passive': Deploy WAF in passive (log-only) mode; 'learning': Deploy WAF in learning mode; **Type:** string **Supported Values:** active, passive, learning **Default:** active **evasion-check** **Description:** evasion-check is a **JSON Block**. Please see below for :ref:`2719_evasion-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/evasion-check ` **form-protection** **Description:** form-protection is a **JSON Block**. Please see below for :ref:`2719_form-protection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/form-protection ` **http-limit-check** **Description:** http-limit-check is a **JSON Block**. Please see below for :ref:`2719_http-limit-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/http-limit-check ` **http-protocol-check** **Description:** http-protocol-check is a **JSON Block**. Please see below for :ref:`2719_http-protocol-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/http-protocol-check ` **http-redirect** **Description** Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** http-redirecthttp-resp-200, reset-conn and http-resp-403 are mutually exclusive **http-resp-200** **Description** Send HTTP response with status code 200 OK **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** http-resp-200http-redirect, reset-conn and http-resp-403 are mutually exclusive **http-resp-403** **Description** Send HTTP response with status code 403 Forbidden (default) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** http-resp-403http-redirect, http-resp-200 and reset-conn are mutually exclusive **json-check** **Description:** json-check is a **JSON Block**. Please see below for :ref:`2719_json-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/json-check ` **learn-pr** **Description** Enable per-request logs for WAF learning **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-succ-reqs** **Description** Log successful waf requests **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **logging** **Description** Logging template (Logging Config name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/logging ` **name** **Description** WAF Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **parent** **Description** inherit from parent template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **parent-template-waf** **Description** WAF template (WAF Config name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/waf/template ` **pcre-match-limit** **Description** Maximum number of matches allowed (default 30000) **Type:** number **Range:** 1000-1500000 **Default:** 30000 **pcre-match-recursion-limit** **Description** Maximum levels of recursive allowed (default 5000) **Type:** number **Range:** 100-150000 **Default:** 5000 **request-check** **Description:** request-check is a **JSON Block**. Please see below for :ref:`2719_request-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/request-check ` **reset-conn** **Description** Reset the client connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** reset-connhttp-redirect, http-resp-200 and http-resp-403 are mutually exclusive **resp-url-200** **Description** Response content to send client when denying request **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **resp-url-403** **Description** Response content to send client when denying request **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **response-cloaking** **Description:** response-cloaking is a **JSON Block**. Please see below for :ref:`2719_response-cloaking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/response-cloaking ` **soap-format-check** **Description** Check XML document for SOAP format compliance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **violation-log-mask** **Description:** violation-log-mask is a **JSON Block**. Please see below for :ref:`2719_violation-log-mask` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/violation-log-mask ` **wsdl-file** **Description** Specify name of WSDL file for verifying XML body contents **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** wsdl-file and wsdl-resp-val-file are mutually exclusive **wsdl-resp-val-file** **Description** Specify name of WSDL file for verifying XML body contents **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** wsdl-resp-val-file and wsdl-file are mutually exclusive **xml-check** **Description:** xml-check is a **JSON Block**. Please see below for :ref:`2719_xml-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/xml-check ` **xml-schema-file** **Description** Specify name of XML-Schema file for verifying XML body contents **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** xml-schema-file and xml-schema-resp-val-file are mutually exclusive **xml-schema-resp-val-file** **Description** Specify name of XML-Schema file for verifying XML body contents **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** xml-schema-resp-val-file and xml-schema-file are mutually exclusive .. _2719_violation-log-mask: violation-log-mask ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **query-param-name-equal-type** **Description** 'equals': Mask the query value if the query name equals to the string; **Type:** string **Supported Values:** equals **query-param-name-value** **Description** The list of Query parameter names **Type:** string **Format:** string-rlx **Maximum Length:** 1031 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_data-leak-prevention: data-leak-prevention ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ccn-mask** **Description** Mask credit card numbers in response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **keep-end** **Description** Number of unmasked characters at the end (default: 0) **Type:** number **Range:** 0-65535 **keep-start** **Description** Number of unmasked characters at the beginning (default: 0) **Type:** number **Range:** 0-65535 **mask** **Description** Character to mask the matched pattern (default: X) **Type:** string **Format:** string-rlx **Maximum Length:** 1 characters **Maximum Length:** 1 characters **pcre-mask** **Description** Mask matched PCRE pattern in response **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssn-mask** **Description** Mask US Social Security numbers in response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_brute-force-protection: brute-force-protection ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **brute-force-challenge-limit** **Description** Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2)) **Type:** number **Range:** 0-65535 **Default:** 2 **brute-force-global** **Description** Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **brute-force-lockout-limit** **Description** Maximum brute-force events before locking out client (default 5) **Type:** number **Range:** 0-65535 **Default:** 5 **brute-force-lockout-period** **Description** Number of seconds client should be locked out (default 600) **Type:** number **Range:** 0-1800 **Default:** 600 **brute-force-resp-codes** **Description** Trigger brute-force check on HTTP response code **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **brute-force-resp-codes-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **brute-force-resp-headers** **Description** Trigger brute-force check on HTTP response header names **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **brute-force-resp-headers-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **brute-force-resp-string** **Description** Trigger brute-force check on HTTP response reason phrase **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **brute-force-resp-string-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **brute-force-test-period** **Description** Number of seconds for brute-force event counting (default 60) **Type:** number **Range:** 0-600 **Default:** 60 **challenge-action-captcha** **Description** Initiate a Captcha to verify client can respond **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **challenge-action-cookie** **Description** Use Set-Cookie to determine if client allows cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **challenge-action-javascript** **Description** Add JavaScript to response to test if client allows JavaScript **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-disable-action** **Description** 'enable': Enable brute force protections; 'disable': Disable brute force protections (default); **Type:** string **Supported Values:** enable, disable **Default:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_request-check: request-check ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **bot-check** **Description** Check User-Agent for known bots **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **bot-check-policy-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **command-injection-check** **Description** Check to protect against command injection attacks **Type:** string **Format:** enum-list **command-injection-check-policy-file** **Description** Name of WAF policy command injection list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **lifetime** **Description** Session lifetime in minutes (default 10) **Type:** number **Range:** 1-1440 **Default:** 10 **redirect-whitelist** **Description** Check Redirect URL against list of previously learned redirects **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **referer-check** **Description** Check referer to protect against CSRF attacks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **referer-domain-list** **Description** List of referer domains allowed **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** referer-domain-list and referer-domain-list-only are mutually exclusive **referer-domain-list-only** **Description** List of referer domains allowed **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** referer-domain-list-only and referer-domain-list are mutually exclusive **referer-safe-url** **Description** Safe URL to redirect to if referer is missing **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **session-check** **Description** Enable session checking via session cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sqlia-check** **Description** 'reject': Reject requests with SQLIA patterns; **Type:** string **Supported Values:** reject **sqlia-check-policy-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **url-blacklist** **Description** specify name of WAF policy list file to blacklist **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **url-learned-list** **Description** Check URL against list of previously learned URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **url-whitelist** **Description** specify name of WAF policy list file to whitelist **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **waf-blacklist-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **waf-whitelist-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **xss-check** **Description** 'reject': Reject requests with bad cookies; **Type:** string **Supported Values:** reject **xss-check-policy-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _2719_cookie-security: cookie-security ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-missing-cookie** **Description** Allow requests with missing cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-unrecognized-cookie** **Description** Allow requests with unrecognized cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cookie-policy** **Type:** List **enable-disable-action** **Description** 'enable': Enable cookie security (default); 'disable': Disable cookie security; **Type:** string **Supported Values:** enable, disable **Default:** enable **set-cookie-policy** **Type:** List **tamper-protection-grace-period** **Description** Allow unrecognized cookies for a period of time after cookie encryption being applied (default 120 minutes) **Type:** number **Range:** 0-43200 **Default:** 120 **tamper-protection-http-only** **Description** Add HttpOnly flag to cookies not in set-cookie-policy list (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **tamper-protection-samesite** **Description** 'none': none; 'lax': lax; 'strict': strict; **Type:** string **Supported Values:** none, lax, strict **Default:** none **tamper-protection-secret** **Description** Cookie encryption secret **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tamper-protection-secret-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **tamper-protection-secure** **Description** Add Secure flag to cookies not in set-cookie-policy list (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **tamper-protection-session-cookie-only** **Description** Only encrypt session cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tamper-protection-sign** **Description** Sign cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** tamper-protection-sign and tamper-protection-encrypt are mutually exclusive **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_cookie-security_set-cookie-policy: cookie-security_set-cookie-policy ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **set-cookie-policy-allow** **Description** Allow the cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **set-cookie-policy-disallow** **Description** Block the cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **set-cookie-policy-http-only** **Description** Add HttpOnly flag to cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **set-cookie-policy-name** **Description** Name of cookie **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **set-cookie-policy-samesite** **Description** 'none': none; 'lax': lax; 'strict': strict; **Type:** string **Supported Values:** none, lax, strict **set-cookie-policy-secret** **Description** Cookie encryption secret **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **set-cookie-policy-secret-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **set-cookie-policy-secure** **Description** Add Secure flag to cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **set-cookie-policy-sign** **Description** Sign cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** set-cookie-policy-sign and set-cookie-policy-encrypt are mutually exclusive .. _2719_cookie-security_cookie-policy: cookie-security_cookie-policy ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cookie-policy-allow** **Description** Allow the cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cookie-policy-disallow** **Description** Block the cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cookie-policy-name** **Description** Name of cookie **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _2719_response-cloaking: response-cloaking ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **filter-headers** **Description** Removes web server's identifying headers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hide-status-codes** **Description** Hides response status codes that are not allowed (default 4xx, 5xx) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hide-status-codes-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_json-check: json-check ^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **format-check** **Description** Check HTTP body for JSON format compliance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-array-values** **Description** Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256)) **Type:** number **Range:** 0-4096 **Default:** 256 **max-depth** **Description** Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16)) **Type:** number **Range:** 0-4096 **Default:** 16 **max-object-members** **Description** Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256)) **Type:** number **Range:** 0-4096 **Default:** 256 **max-string-length** **Description** Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64)) **Type:** number **Range:** 0-4096 **Default:** 64 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_http-protocol-check: http-protocol-check ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **allowed-headers** **Description** Enable allowed-headers check (default disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allowed-headers-list** **Description** Allowed HTTP headers. Default "Host Referer User-Agent Accept Accept-Encoding ..." (see docs for full list) (Allowed HTTP headers (default "Host Referer User-Agent Accept Accept-Encoding ..." (see docs for full list))) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Default:** Host Referer User-Agent Accept Accept-Encoding Accept-Language Accept-Language Authorization Cache-Control Content-Length **allowed-methods** **Description** Enable allowed-methods check (default disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allowed-methods-list** **Description** List of allowed HTTP methods. Default is "GET POST". (List of HTTP methods allowed (default "GET POST")) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Default:** GET POST **allowed-versions** **Description** Enable allowed-versions check (default disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allowed-versions-list** **Description** List of allowed HTTP versions (default "1.0 1.1 2") **Type:** string **Format:** enum-list **Default:** 1.0,1.1,2 **bad-multipart-request** **Description** Check for bad multipart/form-data request body **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **body-without-content-type** **Description** Check for Body request without Content-Type header in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** Disable all checks for HTTP protocol compliance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **get-with-content** **Description** Check for GET request with Content-Length headers in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **head-with-content** **Description** Check for HEAD request with Content-Length headers in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **host-header-with-ip** **Description** Check for Host header with IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **invalid-url-encoding** **Description** Check for invalid URL encoding in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-content-length** **Description** Check for malformed content-length in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-header** **Description** Check for malformed HTTP header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-parameter** **Description** Check for malformed HTTP query/POST parameter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-request** **Description** Check for malformed HTTP request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-request-line** **Description** Check for malformed HTTP request line **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **missing-header-value** **Description** Check for missing header value in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **missing-host-header** **Description** Check for missing Host header in HTTP/1.1 request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multiple-content-length** **Description** Check for multiple Content-Length headers in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **non-ssl-cookie-prefix** **Description** Check for Bad __Secure- or __Host- Cookie Name prefixes in non-ssl request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **post-with-0-content** **Description** Check for POST request with Content-Length 0 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **post-without-content** **Description** Check for POST request without Content-Length/Chunked Encoding headers in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **post-without-content-type** **Description** Check for POST request without Content-Type header in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_xml-check: xml-check ^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **disable** **Description** Disable all checks for XML limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **format** **Description** Check HTTP body for XML format compliance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-attr** **Description** Maximum number of attributes of an XML element (default 256) **Type:** number **Range:** 0-256 **Default:** 256 **max-attr-name-len** **Description** Maximum length of an attribute name (default 128) **Type:** number **Range:** 0-2048 **Default:** 128 **max-attr-value-len** **Description** Maximum length of an attribute text value (default 128) **Type:** number **Range:** 0-4096 **Default:** 128 **max-cdata-len** **Description** Maximum length of an CDATA section of an element (default 65535) **Type:** number **Range:** 0-65535 **Default:** 65535 **max-elem** **Description** Maximum number of XML elements (default 1024) **Type:** number **Range:** 0-8192 **Default:** 1024 **max-elem-child** **Description** Maximum number of children of an XML element (default 1024) **Type:** number **Range:** 0-4096 **Default:** 1024 **max-elem-depth** **Description** Maximum recursion level for element definition (default 256) **Type:** number **Range:** 0-4096 **Default:** 256 **max-elem-name-len** **Description** Maximum length for an element name (default 128) **Type:** number **Range:** 0-65535 **Default:** 128 **max-entity-decl** **Description** Maximum number of entity declarations (default 1024) **Type:** number **Range:** 0-1024 **Default:** 1024 **max-entity-depth** **Description** Maximum depth of entities (default 32) **Type:** number **Range:** 0-32 **Default:** 32 **max-entity-exp** **Description** Maximum number of entity expansions (default 1024) **Type:** number **Range:** 0-1024 **Default:** 1024 **max-entity-exp-depth** **Description** Maximum nested depth of entity expansions (default 32) **Type:** number **Range:** 0-32 **Default:** 32 **max-namespace** **Description** Maximum number of namespace declarations (default 16) **Type:** number **Range:** 0-256 **Default:** 16 **max-namespace-uri-len** **Description** Maximum length of a namespace URI (default 256) **Type:** number **Range:** 0-1024 **Default:** 256 **sqlia** **Description** Check XML data against SQLIA policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **xss** **Description** Check XML data against XSS policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2719_http-limit-check: http-limit-check ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **disable** **Description** Disable all checks for HTTP limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-content-length** **Description** Max length of content (Maximum length of content allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-content-length-value** **Description** Max length of content (default 4096) (Maximum length of content allowed (default 4096)) **Type:** number **Range:** 0-2147483647 **Default:** 4096 **max-cookie-header-length** **Description** Max Cookie header length allowed in request (Maximum length of cookie header allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookie-header-length-value** **Description** Max Cookie header length allowed in request (default 4096) (Maximum length of cookie header allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-cookie-name-length** **Description** Max Cookie name length allowed in request (Maximum length of cookie name allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookie-name-length-value** **Description** Max Cookie name length allowed in request (default 64) (Maximum length of cookie name allowed (default 64)) **Type:** number **Range:** 0-65535 **Default:** 64 **max-cookie-value-length** **Description** Max Cookie value length allowed in request (Maximum length of cookie value allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookie-value-length-value** **Description** Max Cookie value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-cookies** **Description** Max Cookies allowed in request (Maximum number of cookie allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookies-length** **Description** Total Cookies length allowed in request (Maximum length of all cookies in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookies-length-value** **Description** Total Cookies length allowed in request (default 4096) (Maximum length of all cookies in request (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-cookies-value** **Description** Max Cookies allowed in request (default 20) (Maximum number of cookie allowed (default 20)) **Type:** number **Range:** 0-1023 **Default:** 20 **max-data-parse** **Description** Max data to be parsed for Web Application Firewall **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-data-parse-value** **Description** Max data to be parsed for Web Application Firewall (default 262144) **Type:** number **Range:** 0-2097152 **Default:** 262144 **max-entities** **Description** Maximum number of MIME entities allowed in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-entities-value** **Description** Maximum number of MIME entities allowed in request (default 10) **Type:** number **Range:** 0-512 **Default:** 10 **max-header-length** **Description** Max header length allowed in request (Maximum length of header allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-header-length-value** **Description** Max header length allowed in request (default 4096) (Maximum length of header allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-header-name-length** **Description** Max header name length allowed in request (Maximum length of header name allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-header-name-length-value** **Description** Max header name length allowed in request (default 64) (Maximum length of header name allowed (default 64)) **Type:** number **Range:** 0-65535 **Default:** 64 **max-header-value-length** **Description** Max header value length allowed in request (Maximum length of header value allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-header-value-length-value** **Description** Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-headers** **Description** Total number of headers allowed in request (Maximum number of headers in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-headers-length** **Description** Total headers length allowed in request (Maximum length of all headers in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-headers-length-value** **Description** Total headers length allowed in request (default 4096) (Maximum length of all headers in request (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-headers-value** **Description** Total number of headers allowed in request (default 64) (Maximum number of headers in request (default 64)) **Type:** number **Range:** 0-255 **Default:** 64 **max-param-name-length** **Description** Max query/POST parameter name length allowed in request (Maximum length of query/POST parameter names allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-param-name-length-value** **Description** Max query/POST parameter name length allowed in request (default 256) (Maximum length of query/POST parameter names allowed (default 256)) **Type:** number **Range:** 0-65535 **Default:** 256 **max-param-value-length** **Description** Max query/POST parameter value length allowed in request (Maximum length of query/POST parameter value allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-param-value-length-value** **Description** Max query/POST parameter value length allowed in request (default 4096) (Maximum length of query/POST parameter value allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-params** **Description** Total query/POST parameters allowed in request (Maximum number of query/POST parameters in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-params-length** **Description** Total query/POST parameters length allowed in request (Maximum length of all params in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-params-length-value** **Description** Total query/POST parameters length allowed in request (default 4096) (Maximum length of all params in request (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-params-value** **Description** Total query/POST parameters allowed in request (default 64) (Maximum number of query/POST parameters in request (default 64)) **Type:** number **Range:** 0-1024 **Default:** 64 **max-post-length** **Description** Maximum content length allowed in POST request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-post-length-value** **Description** Maximum content length allowed in POST request (default 20480) **Type:** number **Range:** 0-2147483647 **Default:** 20480 **max-query-length** **Description** Max length of query string (Maximum length of query string allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-query-length-value** **Description** Max length of query string (default 4096) (Maximum length of query string allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-request-length** **Description** Max length of request (Maximum length of request allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-request-length-value** **Description** Max length of request (default 20480) (Maximum length of request allowed (default 20480)) **Type:** number **Range:** 0-2147483647 **Default:** 20480 **max-request-line-length** **Description** Max length of request line (Maximum length of request line) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-request-line-length-value** **Description** Max length of request line (default 4096) (Maximum length of request line (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-url-length** **Description** Max length of url (Maximum length of url allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-url-length-value** **Description** Max length of url (default 4096) (Maximum length of url allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_evasion-check: evasion-check ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **apache-whitespace** **Description** Check for whitespace characters in URL **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **decode-entities** **Description** Decode entities in internal url (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **decode-escaped-chars** **Description** Decode escaped characters such as \r \n \" \xXX \u00YY in internal url (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **decode-plus-chars** **Description** Decode '+' as space in URL (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **decode-unicode-chars** **Description** Check for evasion attempt using %u encoding of Unicode chars to bypass (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **dir-traversal** **Description** Check for directory traversal attempt (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **high-ascii-bytes** **Description** Check for evasion attempt using ASCII bytes with values **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **invalid-hex-encoding** **Description** Check for evasion attempt using invalid hex characters (not in 0-9,a-f) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-levels** **Description** Max levels of encoding allowed in request (default 2) **Type:** number **Range:** 0-64 **Default:** 2 **multiple-encoding-levels** **Description** Check for evasion attempt using multiple levels of encoding **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multiple-slashes** **Description** Check for evasion attempt using multiple slashes/backslashes **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **remove-comments** **Description** Remove comments from internal url **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **remove-spaces** **Description** Remove spaces from internal url (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_form-protection: form-protection ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **csrf-check** **Description** Tag the form to protect against Cross-site Request Forgery **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-disable-action** **Description** 'enable': Enable web form protections (default); 'disable': Disable web form protections; **Type:** string **Supported Values:** enable, disable **Default:** enable **field-consistency-check** **Description** Form input consistency check **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-caching** **Description** Disable caching for response with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-non-post** **Description** Check whether POST is used for request with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-non-ssl** **Description** Check whether SSL is used for request with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-request-non-post** **Description** Check whether POST is used for request with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-response-non-post** **Description** Check whether form method POST is used for response with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-response-non-post-sanitize** **Description** Change form method GET to POST (Use with caution: make sure server application still work) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **password-check-autocomplete** **Description** Check to protect against server-generated form which contain password fields that allow autocomplete **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **password-check-non-masked** **Description** Check forms that have a password field with a textual type, resulting in this field not being masked **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **password-check-non-ssl** **Description** Check forms that has a password field if the form is not sent over an SSL connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2719_stats_data: stats data ---------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - response_cloaking_hide_status_code_success - 8 - Response Hide Code check passed * - - http_limit_max_header_name_length_violation - 8 - MAX header name length check violation * - - dlp_ccn_mastercard_violation - 8 - MasterCard Credit Card Number Detected * - - request_check_url_blacklist_success - 8 - URI Black List passed * - - http_limit_max_data_parse_violation - 8 - Buffer Overflow - Max Data Parse violation * - - brute_force_challenge_cookie_violation - 8 - Cookie challenge violation * - - evasion_check_remove_spaces_success - 8 - Remove Spaces check passed * - - cookie_security_persistent_cookies - 8 - Cookie Security - persistent cookies * - - form_non_masked_password_violation - 8 - Form Non Masked Password violation * - - http_limit_max_cookies_length_violation - 8 - MAX cookies length violation * - - request_check_command_injection_uri_query_success - 8 - Command Injection Check url query arguments passed * - - form_response_non_post_violation - 8 - Response form method was not POST * - - cookie_security_allowed_persistent_set_cookies - 8 - Cookie Security - disallowed persistent Set-Cookies * - - request_check_session_check_none - 8 - Session Created * - - request_check_referer_redirect - 8 - Referer Check Redirect * - - xml_check_max_cdata_len_violation - 8 - XML Limit CData Length violation * - - evasion_check_high_ascii_bytes_violation - 8 - High Ascii Bytes check violation * - - http_limit_max_param_value_length_violation - 8 - Limit check - MAX parameter value length violation * - - request_check_url_list_learn - 8 - URL Check Learn * - - request_check_xss_post_body_sanitize - 8 - XSS Check Post Sanitized * - - form_check_sanitize - 8 - Post Form Check Sanitized * - - brute_force_challenge_cookie_sent - 8 - Cookie Challenge Sent * - - http_limit_max_post_length_violation - 8 - MAX POST length violation * - - cookie_security_signature_check_violation - 8 - Cookie Security - signature check violation * - - http_protocol_host_header_with_ip_violation - 8 - Host header with IP check violation * - - json_check_max_depth_violation - 8 - JSON Limit Depth violation * - - evasion_check_decode_entities_success - 8 - Decode Entities check passed * - - xml_check_max_namespace_violation - 8 - XML Limit Namespace violation * - - brute_force_response_string_triggered - 8 - Brute Force Response string Triggered * - - action_learn - 8 - Request Learning Updates * - - request_check_url_list_success - 8 - URL Check passed * - - http_protocol_malformed_request_line_violation - 8 - Malformed request line check violation * - - http_limit_max_params_length_success - 8 - Limit check - MAX parameters total length check passed * - - resp_denied - 8 - Responses Denied * - - request_check_sqlia_post_body_success - 8 - SQLIA Check Post passed * - - cookie_security_decrypt_success - 8 - Cookie Security - decrypt successful * - - http_limit_max_param_value_length_success - 8 - Limit check - MAX parameter value length check passed * - - xml_check_max_attr_name_len_violation - 8 - XML Limit Name Length violation * - - cookie_security_session_cookies - 8 - Cookie Security - session cookies * - - request_check_sqlia_url_violation - 8 - SQLIA Check URL violation * - - form_tag_inserted - 8 - Form A10 Tag Inserted * - - max_url_length_success - 8 - Limit check - MAX URL length check passed * - - brute_force_response_codes_triggered - 8 - Response Codes Triggered * - - http_limit_max_cookies_success - 8 - Max Cookies check passed * - - http_limit_max_content_length_success - 8 - MAX content-length check passed * - - cookie_security_sign_skip_rcache - 8 - Cookie Security - signing skipped - RAM Cache * - - xml_check_max_attr_value_len_violation - 8 - XML Limit Value Length violation * - - http_protocol_post_with_0_content_violation - 8 - POST with 0 content check violation * - - cookie_security_disallowed_persistent_cookies - 8 - Cookie Security - disallowed persistent cookies * - - xml_content_check_schema_violation - 8 - XML Schema violation * - - evasion_check_multiple_slashes_violation - 8 - Multiple Slashes check violation * - - http_limit_max_request_length_success - 8 - Limit check - MAX request length check passed * - - response_cloaking_filter_headers_violation - 8 - Response Headers Filter violation * - - request_check_command_injection_uri_query_violation - 8 - Command Injection Check url query arguments violation * - - csp_header_violation - 8 - CSP header missing * - - http_protocol_post_without_content_type_violation - 8 - POST without content type check violation * - - http_limit_max_cookie_header_length_success - 8 - MAX cookie header length check passed * - - http_protocol_post_without_content_success - 8 - POST without content check passed * - - json_check_format_success - 8 - JSON Check passed * - - xml_check_max_elem_success - 8 - XML Limit Element check passed * - - xml_check_xss_success - 8 - XML XSS Check passed * - - response_action_log - 8 - Log response violation * - - http_limit_max_headers_success - 8 - MAX headers count check passed * - - request_check_url_whitelist_success - 8 - URI White List passed * - - dlp_pcre_violation - 8 - PCRE Mask violation * - - brute_force_success - 8 - Brute-Force checks passed * - - cookie_security_decrypt_in_grace_period_violation - 8 - Cookie Decrypt violation but in grace period * - - http_limit_max_cookie_name_length_violation - 8 - MAX cookie name length violation * - - evasion_check_decode_escaped_chars_success - 8 - Decode Escaped Chars check passed * - - dlp_ccn_discover_masked - 8 - Discover Credit Card Number Masked * - - cookie_security_add_http_only_violation - 8 - Cookie Security - http-only flag violation * - - request_check_xss_url_success - 8 - XSS Check URL passed * - - xml_check_max_entity_exp_depth_violation - 8 - XML Limit Entities Depth violation * - - http_protocol_post_without_content_type_success - 8 - POST without content type check passed * - - action_deny_200 - 8 - Request Deny with 200 * - - cookie_security_encrypt_limit_exceeded - 8 - Cookie Security - encrypt limit exceeded * - - http_protocol_body_without_content_type_violation - 8 - Body without content type check violation * - - xml_check_max_entity_exp_violation - 8 - XML Limit Entity Decl violation * - - csp_header_success - 8 - CSP header found * - - cookie_security_unrecognized_cookie_violation - 8 - Cookie Security - unrecognized cookie violation * - - dlp_pcre_masked - 8 - PCRE Mask violation * - - xml_check_format_success - 8 - XML Check passed * - - xml_check_namespace_uri_len_violation - 8 - XML Limit Namespace URI Length violation * - - http_protocol_malformed_parameter_violation - 8 - Malformed parameter check violation * - - request_check_command_injection_cookies_violation - 8 - Command Injection Check cookies violation * - - json_check_format_violation - 8 - JSON Check violation * - - form_set_no_cache_success - 8 - Form Set No Cache check passed * - - xml_check_xss_violation - 8 - XML XSS Check violation * - - brute_force_challenge_captcha_sent - 8 - Captcha challenge sent * - - dlp_ssn_success - 8 - Social Security Number Mask check passed * - - brute_force_lockout_limit_success - 8 - Lockout limit check passed * - - cookie_security_cookie_policy_violation - 8 - Cookie Security - cookie policy violation * - - xml_check_max_entity_decl_violation - 8 - XML Limit Entity Decl violation * - - http_protocol_missing_host_header_success - 8 - Missing host header check passed * - - http_protocol_malformed_request_violation - 8 - Malformed request check violation * - - http_limit_max_request_length_violation - 8 - Limit check - MAX request length violation * - - xml_check_max_elem_child_violation - 8 - XML Limit Element Child violation * - - http_protocol_malformed_header_violation - 8 - Malformed header check passed * - - request_check_session_check_success - 8 - Session Check passed * - - request_check_bot_violation - 8 - Bot check violation * - - request_check_sqlia_url_sanitize - 8 - SQLIA Check URL Sanitized * - - http_limit_max_header_length_violation - 8 - MAX header length check violation * - - max_url_length_violation - 8 - Limit check - MAX URL length violation * - - http_protocol_allowed_headers_success - 8 - HTTP headers check passed * - - evasion_check_dir_traversal_violation - 8 - Dir traversal check violation * - - form_request_non_post_violation - 8 - Form Method being Non Post in Request violation * - - request_check_xss_post_body_violation - 8 - XSS Check Post violation * - - cookie_security_sign_success - 8 - Cookie Security - signing successful * - - evasion_check_remove_spaces_violation - 8 - Remove Spaces check violation * - - http_limit_max_data_parse_success - 8 - Buffer Overflow - Max Data Parse check passed * - - evasion_check_dir_traversal_success - 8 - Dir traversal check passed * - - form_consistency_violation - 8 - Form Consistency violation * - - http_protocol_malformed_request_success - 8 - Malformed request check passed * - - request_check_xss_url_sanitize - 8 - XSS Check URL Sanitized * - - http_limit_max_cookie_name_length_success - 8 - MAX cookie name length check passed * - - xml_check_max_elem_violation - 8 - XML Limit Element violation * - - request_check_command_injection_headers_success - 8 - Command Injection Check headers passed * - - brute_force_challenge_cookie_success - 8 - Cookie Challenge check passed * - - cookie_security_allowed_session_cookies - 8 - Cookie Security - allowed session cookies * - - xml_check_max_elem_depth_violation - 8 - XML Limit Element Depth violation * - - response_action_deny_reset - 8 - Response Deny with Resets * - - http_protocol_malformed_request_line_success - 8 - Malformed request line check passed * - - form_set_no_cache - 8 - Form Set No Cache violation * - - request_check_sqlia_post_body_violation - 8 - SQLIA Check Post violation * - - form_check_violation - 8 - Post Form Check violation * - - response_action_allow - 8 - Response Action allowed * - - evasion_check_max_levels_violation - 8 - Max Levels check violation * - - cookie_security_encrypt_violation - 8 - Cookie Security - encrypt violation * - - brute_force_lockout_limit_violation - 8 - Lockout limit violation * - - http_protocol_allowed_method_check_violation - 8 - HTTP Method Check violation * - - http_protocol_malformed_content_length_success - 8 - Malformed content-length check passed * - - http_protocol_missing_host_header_violation - 8 - Missing host header check violation * - - dlp_ccn_jcb_masked - 8 - JCB Credit Card Number Masked * - - http_limit_max_header_length_success - 8 - MAX header length check passed * - - request_check_redirect_wlist_success - 8 - Redirect Whitelist passed * - - xml_check_max_attr_name_len_success - 8 - XML Limit Name Length check passed * - - http_protocol_head_with_content_violation - 8 - HEAD with content check violation * - - learning_list_full - 8 - Learning list is full * - - request_check_xss_cookie_violation - 8 - XSS Check Cookie violation * - - evasion_check_multiple_encoding_levels_violation - 8 - Multiple Encoding Levels check violation * - - http_protocol_body_without_content_type_success - 8 - Body without content type check passed * - - http_protocol_allowed_versions_success - 8 - HTTP versions check passed * - - xml_check_max_entity_decl_success - 8 - XML Limit Entity Decl check passed * - - cookie_security_disallowed_session_set_cookies - 8 - Cookie Security - disallowed session Set-Cookies * - - http_protocol_malformed_header_success - 8 - Malformed header check passed * - - xml_check_sqlia_success - 8 - XML Sqlia Check passed * - - form_consistency_success - 8 - Form Consistency passed * - - xml_check_max_entity_depth_success - 8 - XML Limit Entity Depth check passed * - - action_log - 8 - Log request violation * - - request_check_xss_url_violation - 8 - XSS Check URL violation * - - http_protocol_invalid_url_encoding_success - 8 - Invalid url encoding check passed * - - request_check_referer_violation - 8 - Referer Check violation * - - form_request_non_post_success - 8 - Form Method being Non Post in Request passed * - - json_check_max_object_member_count_success - 8 - JSON Limit Object Number Count check passed * - - dlp_ccn_visa_masked - 8 - Visa Credit Card Number Masked * - - http_limit_max_header_name_length_success - 8 - MAX header name length check passed * - - json_check_max_array_value_count_success - 8 - JSON Limit Array Value Count check passed * - - xml_check_max_entity_exp_depth_success - 8 - XML Limit Entities Depth check passed * - - http_limit_max_headers_length_success - 8 - MAX headers length check passed * - - dlp_ccn_diners_masked - 8 - Diners Club Credit Card Number Masked * - - policy_limit_exceeded - 8 - Policy limit exceeded * - - dlp_ccn_success - 8 - Credit Card Number check passed * - - http_protocol_bad_multipart_request_success - 8 - Bad multi-part request check passed * - - soap_check_violation - 8 - Soap Check violation * - - evasion_check_decode_unicode_chars_success - 8 - Decode Unicode Chars check passed * - - http_limit_max_params_violation - 8 - Limit check - MAX parameters violation * - - cookie_security_sign_limit_exceeded - 8 - Cookie Security - signing limit exceeded * - - request_check_bot_success - 8 - Bot check passed * - - cookie_security_encrypt_skip_rcache - 8 - Cookie Security - encrypt skipped - RAM cache * - - brute_force_challenge_javascript_sent - 8 - JavaScript challenge sent * - - http_limit_max_entities_violation - 8 - Max Entities violation * - - evasion_check_apache_whitespace_success - 8 - Apache Whitespace check passed * - - brute_force_challenge_limit_success - 8 - Lockout limit check passed * - - http_protocol_allowed_versions_violation - 8 - HTTP versions check violation * - - cookie_security_unrecognized_cookie_success - 8 - Cookie Security - request with unrecognized cookie * - - action_deny_reset - 8 - Request Deny with Resets * - - form_non_ssl_password_violation - 8 - Form Non SSL Password violation * - - xml_check_max_elem_depth_success - 8 - XML Limit Element Depth check passed * - - http_limit_max_headers_length_violation - 8 - MAX headers length check violation * - - response_action_drop - 8 - Number of Dropped Responses * - - dlp_ccn_visa_violation - 8 - Visa Credit Card Number Detected * - - req_denied - 8 - Requests Denied * - - http_limit_max_params_success - 8 - Limit check - MAX parameters check passed * - - req_allowed - 8 - Requests Allowed * - - cookie_security_add_secure_success - 8 - Cookie Security - secure flag added * - - evasion_check_invalid_hex_encoding_violation - 8 - Invalid Hex Encoding check violation * - - json_check_max_object_member_count_violation - 8 - JSON Limit Object Number Count violation * - - brute_force_challenge_javascript_success - 8 - JavaScript challenge check passed * - - request_check_command_injection_cookies_success - 8 - Command Injection Check cookies passed * - - dlp_ccn_jcb_violation - 8 - JCB Credit Card Number Detected * - - form_non_ssl_password_success - 8 - Form Non SSL Password check passed * - - form_password_autocomplete_success - 8 - Form Password Autocomplete check passed * - - action_allow - 8 - Request Action allowed * - - http_limit_max_cookies_length_success - 8 - MAX cookies length check passed * - - action_deny_redirect - 8 - Request Deny with Redirect * - - http_limit_max_param_name_length_success - 8 - Limit check - MAX parameter name length check passed * - - dlp_ccn_diners_violation - 8 - Diners Club Credit Card Number Detected * - - http_protocol_malformed_parameter_success - 8 - Malformed parameter check passed * - - http_protocol_invalid_url_encoding_violation - 8 - Invalid url encoding check violation * - - xml_check_max_attr_value_len_success - 8 - XML Limit Value Length check passed * - - request_check_url_whitelist_violation - 8 - URI White List violation * - - request_check_xss_cookie_success - 8 - XSS Check Cookie passed * - - request_check_command_injection_form_body_success - 8 - Command Injection Check form body arguments passed * - - http_protocol_success - 8 - HTTP Check passed * - - http_protocol_bad_multipart_request_violation - 8 - Bad multi-part request check violation * - - xml_check_max_namespace_success - 8 - XML Limit Namespace check passed * - - dlp_ccn_mastercard_masked - 8 - MasterCard Credit Card Number Masked * - - form_check_success - 8 - Post Form Check passed * - - action_deny_custom_response - 8 - Request Deny with custom response * - - xml_check_sqlia_violation - 8 - XML Sqlia Check violation * - - cookie_security_sign_violation - 8 - Cookie Security - signing violation * - - evasion_check_decode_escaped_chars_violation - 8 - Decode Escaped Chars check violation * - - too_many_sessions - 8 - Too many sessions consumed * - - cookie_security_add_secure_violation - 8 - Cookie Security - secure flag violation * - - json_check_max_array_value_count_violation - 8 - JSON Limit Array Value Count violation * - - evasion_check_max_levels_success - 8 - Max Levels check passed * - - http_limit_max_query_length_violation - 8 - Limit check - MAX query length violation * - - xml_check_max_elem_name_len_violation - 8 - XML Limit Element Name Length violation * - - http_protocol_multiple_content_length_success - 8 - Multiple content-length headers check passed * - - regex_violation - 8 - Regular expression failure * - - xml_check_max_attr_violation - 8 - XML Limit Attribute violation * - - http_limit_max_header_value_length_violation - 8 - MAX header value length check violation * - - http_limit_max_request_line_length_success - 8 - Limit check - MAX request line length check passed * - - cookie_security_disallowed_session_cookies - 8 - Cookie Security - disallowed session cookies * - - xml_content_check_schema_success - 8 - XML Schema passed * - - evasion_check_high_ascii_bytes_success - 8 - High Ascii Bytes check passed * - - http_protocol_head_with_content_success - 8 - HEAD with content check passed * - - http_limit_max_content_length_violation - 8 - MAX content-length check violation * - - http_protocol_missing_header_value_violation - 8 - Missing header value check violation * - - http_limit_max_cookie_header_length_violation - 8 - MAX cookie header length violation * - - xml_check_max_cdata_len_success - 8 - XML Limit CData Length check passed * - - response_cloaking_filter_headers_success - 8 - Response Headers Filter check passed * - - cookie_security_missing_cookie_success - 8 - Cookie Security - request with missing cookie * - - http_protocol_post_without_content_violation - 8 - POST without content check violation * - - cookie_security_persistent_cookies_signed - 8 - Cookie Security - signed persistent cookies * - - soap_check_success - 8 - Soap Check passed * - - request_check_redirect_wlist_violation - 8 - Redirect Whitelist violation * - - http_limit_max_request_line_length_violation - 8 - Limit check - MAX request line length violation * - - xml_check_max_elem_child_success - 8 - XML Limit Element Child check passed * - - response_action_deny_custom_response - 8 - Response Deny with custom response * - - http_limit_max_post_length_success - 8 - MAX POST length check passed * - - request_check_url_blacklist_violation - 8 - URI Black List violation * - - dlp_ccn_discover_violation - 8 - Discover Credit Card Number Detected * - - http_limit_max_headers_violation - 8 - Max Headers violation * - - xml_check_max_elem_name_len_success - 8 - XML Limit Element Name Length check passed * - - request_check_sqlia_post_body_sanitize - 8 - SQLIA Check Post Sanitized * - - form_csrf_tag_violation - 8 - Form CSRF tag violation * - - form_non_masked_password_success - 8 - Form Non Masked Password check passed * - - json_check_max_string_violation - 8 - JSON Limit String violation * - - http_protocol_non_ssl_cookie_prefix_violation - 8 - Cookie Name Prefix check violation * - - http_limit_max_entities_success - 8 - Max Entities check passed * - - action_drop - 8 - Number of Dropped Requests * - - http_protocol_missing_header_value_success - 8 - Missing header value check violation * - - xml_check_format_violation - 8 - XML Check violation * - - request_check_xss_post_body_success - 8 - XSS Check Post passed * - - xml_check_max_attr_success - 8 - XML Limit Attribute check passed * - - dlp_ccn_amex_masked - 8 - Amex Credit Card Number Masked * - - form_password_autocomplete_violation - 8 - Form Password Autocomplete violation * - - response_cloaking_hide_status_code_violation - 8 - Response Hide Code violation * - - request_check_sqlia_url_success - 8 - SQLIA Check URL passed * - - http_protocol_allowed_headers_violation - 8 - HTTP headers check violation * - - brute_force_violation - 8 - Brute-Force checks violation * - - brute_force_challenge_captcha_success - 8 - Captcha challenge check passed * - - brute_force_response_headers_triggered - 8 - Brute Force Response Headers Triggered * - - http_limit_max_param_name_length_violation - 8 - Limit check - MAX parameter name length violation * - - response_action_deny_redirect - 8 - Response Deny with Redirect * - - cookie_security_add_samesite_success - 8 - Cookie Security - samesite attribute added successfully * - - evasion_check_remove_comments_violation - 8 - Remove Comments check violation * - - request_check_command_injection_form_body_violation - 8 - Command Injection Check form body arguments violation * - - evasion_check_decode_entities_violation - 8 - Decode Entities check violation * - - request_check_session_check_violation - 8 - Session Check violation * - - form_non_ssl_success - 8 - Form Non SSL check passed * - - cookie_security_session_cookies_signed - 8 - Cookie Security - signed session cookies * - - xml_check_max_entity_depth_violation - 8 - XML Limit Entity Depth violation * - - xml_content_check_wsdl_violation - 8 - WSDL violation * - - json_check_max_depth_success - 8 - JSON Limit Depth check passed * - - http_protocol_get_with_content_violation - 8 - GET with content check violation * - - cookie_security_allowed_session_set_cookies - 8 - Cookie Security - disallowed session Set-Cookies * - - xml_check_namespace_uri_len_success - 8 - XML Limit Namespace URI Length check passed * - - evasion_check_multiple_slashes_success - 8 - Multiple Slashes check passed * - - http_limit_max_params_length_violation - 8 - Limit check - MAX parameters total length violation * - - http_protocol_violation - 8 - HTTP Check violation * - - csp_header_inserted - 8 - CSP header Inserted * - - form_non_ssl_violation - 8 - Form Non SSL violation * - - http_protocol_host_header_with_ip_success - 8 - Host header with IP check passed * - - sessions_freed - 8 - Sessions freed * - - out_of_sessions - 8 - Out of sessions * - - dlp_ssn_violation - 8 - Social Security Number Mask violation * - - form_response_non_post_success - 8 - Response form method was POST * - - sessions_alloc - 8 - Sessions allocated * - - request_check_command_injection_headers_violation - 8 - Command Injection Check headers violation * - - form_response_non_post_sanitize - 8 - Changed response form method to POST * - - http_protocol_non_ssl_cookie_prefix_success - 8 - Cookie Name Prefix check passed * - - request_check_referer_success - 8 - Referer Check passed * - - cookie_security_missing_cookie_violation - 8 - Cookie Security - missing cookie violation * - - response_action_deny_403 - 8 - Response Deny with 403 * - - http_protocol_malformed_content_length_violation - 8 - Malformed content-length check violation * - - cookie_security_persistent_cookies_encrypted - 8 - Cookie Security - encrypted persistent cookies * - - evasion_check_decode_unicode_chars_violation - 8 - Decode Unicode Chars check violation * - - evasion_check_invalid_hex_encoding_success - 8 - Invalid Hex Encoding check passed * - - evasion_check_apache_whitespace_violation - 8 - Apache Whitespace check violation * - - response_action_deny_200 - 8 - Response Deny with 200 * - - cookie_security_signature_check_success - 8 - Cookie Security - signature check successful * - - brute_force_challenge_limit_violation - 8 - Lockout limit violation * - - response_action_learn - 8 - Response Learning Updates * - - total_req - 8 - Total Requests * - - http_limit_max_cookie_value_length_success - 8 - MAX cookie value length check passed * - - http_protocol_multiple_content_length_violation - 8 - Multiple content-length headers check violation * - - action_deny_403 - 8 - Request Deny with 403 * - - form_csrf_tag_success - 8 - Form CSRF tag passed * - - http_protocol_post_with_0_content_success - 8 - POST with 0 content check passed * - - cookie_security_encrypt_success - 8 - Cookie Security - encrypt successful * - - request_check_xss_cookie_sanitize - 8 - XSS Check Cookie Sanitized * - - cookie_security_cookie_policy_success - 8 - Cookie Security - cookie policy passed * - - xml_content_check_wsdl_success - 8 - WSDL passed * - - cookie_security_disallowed_persistent_set_cookies - 8 - Cookie Security - disallowed persistent Set-Cookies * - - cookie_security_decrypt_violation - 8 - Cookie Security - decrypt violation * - - http_protocol_get_with_content_success - 8 - GET with content check passed * - - request_check_redirect_wlist_learn - 8 - Redirect Whitelist Learn * - - http_limit_max_header_value_length_success - 8 - MAX header value length check passed * - - evasion_check_remove_comments_success - 8 - Remove Comments check passed * - - brute_force_challenge_javascript_violation - 8 - JavaScript challenge violation * - - evasion_check_multiple_encoding_levels_success - 8 - Multiple Encoding Levels check passed * - - cookie_security_allowed_persistent_cookies - 8 - Cookie Security - allowed persistent cookies * - - http_protocol_allowed_method_check_success - 8 - HTTP Method Check passed * - - request_check_url_list_violation - 8 - URL Check violation * - - cookie_security_add_samesite_violation - 8 - Cookie Security - samesite attribute violation * - - http_limit_max_query_length_success - 8 - Limit check - MAX query length check passed * - - cookie_security_add_http_only_success - 8 - Cookie Security - http-only flag added * - - dlp_ccn_amex_violation - 8 - Amex Credit Card Number Detected * - - json_check_max_string_success - 8 - JSON Limit String check passed * - - http_limit_max_cookie_value_length_violation - 8 - MAX cookie value length violation * - - brute_force_challenge_captcha_violation - 8 - Captcha challenge violation * - - dlp_pcre_success - 8 - PCRE Mask check passed * - - xml_check_max_entity_exp_success - 8 - XML Limit Entity Decl check passed * - - cookie_security_session_cookies_encrypted - 8 - Cookie Security - encrypted session cookies * - - http_limit_max_cookies_violation - 8 - Max Cookies violation