waf template¶
Manage WAF template configuration
template Specification¶
Type Collection Object Key(s) name Collection Name template-list Collection URI /axapi/v3/waf/template Element Name template Element URI /axapi/v3/waf/template/{name} Element Attributes template_attributes Schema template schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/waf/template | ||
Create List | POST | /axapi/v3/waf/template | ||
Get Object | GET | /axapi/v3/waf/template/{name} | ||
Get List | GET | /axapi/v3/waf/template | ||
Modify Object | POST | /axapi/v3/waf/template/{name} | ||
Replace Object | PUT | /axapi/v3/waf/template/{name} | ||
Replace List | PUT | /axapi/v3/waf/template | ||
Delete Object | DELETE | /axapi/v3/waf/template/{name} |
template-list¶
template-list is JSON List of template attributes
template-list : [
]
template attributes¶
brute-force-protection
Description: brute-force-protection is a JSON Block. Please see below for brute-force-protection
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/brute-force-protection
cookie-security
Description: cookie-security is a JSON Block. Please see below for cookie-security
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/cookie-security
csp
Description Insert HTTP header Content-Security-Policy if necessary
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
csp-insert-type
Description ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;
Type: string
Supported Values: insert-if-not-exist, insert-always
csp-value
Description CSP header value, e.g., “script-src ‘none’”
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
data-leak-prevention
Description: data-leak-prevention is a JSON Block. Please see below for data-leak-prevention
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/data-leak-prevention
deploy-mode
Description ‘active’: Deploy WAF in active (blocking) mode; ‘passive’: Deploy WAF in passive (log-only) mode; ‘learning’: Deploy WAF in learning mode;
Type: string
Supported Values: active, passive, learning
Default: active
evasion-check
Description: evasion-check is a JSON Block. Please see below for evasion-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/evasion-check
form-protection
Description: form-protection is a JSON Block. Please see below for form-protection
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/form-protection
http-limit-check
Description: http-limit-check is a JSON Block. Please see below for http-limit-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/http-limit-check
http-protocol-check
Description: http-protocol-check is a JSON Block. Please see below for http-protocol-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/http-protocol-check
http-redirect
Description Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: http-redirecthttp-resp-200, reset-conn and http-resp-403 are mutually exclusive
http-resp-200
Description Send HTTP response with status code 200 OK
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: http-resp-200http-redirect, reset-conn and http-resp-403 are mutually exclusive
http-resp-403
Description Send HTTP response with status code 403 Forbidden (default)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: http-resp-403http-redirect, http-resp-200 and reset-conn are mutually exclusive
json-check
Description: json-check is a JSON Block. Please see below for json-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/json-check
learn-pr
Description Enable per-request logs for WAF learning
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-succ-reqs
Description Log successful waf requests
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
logging
Description Logging template (Logging Config name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/logging
name
Description WAF Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
parent
Description inherit from parent template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
parent-template-waf
Description WAF template (WAF Config name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/waf/template
pcre-match-limit
Description Maximum number of matches allowed (default 30000)
Type: number
Range: 1000-1500000
Default: 30000
pcre-match-recursion-limit
Description Maximum levels of recursive allowed (default 5000)
Type: number
Range: 100-150000
Default: 5000
request-check
Description: request-check is a JSON Block. Please see below for request-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/request-check
reset-conn
Description Reset the client connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: reset-connhttp-redirect, http-resp-200 and http-resp-403 are mutually exclusive
resp-url-200
Description Response content to send client when denying request
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
resp-url-403
Description Response content to send client when denying request
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
response-cloaking
Description: response-cloaking is a JSON Block. Please see below for response-cloaking
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/response-cloaking
soap-format-check
Description Check XML document for SOAP format compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation-log-mask
Description: violation-log-mask is a JSON Block. Please see below for violation-log-mask
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/violation-log-mask
wsdl-file
Description Specify name of WSDL file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: wsdl-file and wsdl-resp-val-file are mutually exclusive
wsdl-resp-val-file
Description Specify name of WSDL file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: wsdl-resp-val-file and wsdl-file are mutually exclusive
xml-check
Description: xml-check is a JSON Block. Please see below for xml-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/xml-check
xml-schema-file
Description Specify name of XML-Schema file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: xml-schema-file and xml-schema-resp-val-file are mutually exclusive
xml-schema-resp-val-file
Description Specify name of XML-Schema file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: xml-schema-resp-val-file and xml-schema-file are mutually exclusive
violation-log-mask¶
Specification Type object query-param-name-equal-type
Description ‘equals’: Mask the query value if the query name equals to the string;
Type: string
Supported Values: equals
query-param-name-value
Description The list of Query parameter names
Type: string
Format: string-rlx
Maximum Length: 1031 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
data-leak-prevention¶
Specification Type object ccn-mask
Description Mask credit card numbers in response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
keep-end
Description Number of unmasked characters at the end (default: 0)
Type: number
Range: 0-65535
keep-start
Description Number of unmasked characters at the beginning (default: 0)
Type: number
Range: 0-65535
mask
Description Character to mask the matched pattern (default: X)
Type: string
Format: string-rlx
Maximum Length: 1 characters
Maximum Length: 1 characters
pcre-mask
Description Mask matched PCRE pattern in response
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssn-mask
Description Mask US Social Security numbers in response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
brute-force-protection¶
Specification Type object brute-force-challenge-limit
Description Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2))
Type: number
Range: 0-65535
Default: 2
brute-force-global
Description Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-lockout-limit
Description Maximum brute-force events before locking out client (default 5)
Type: number
Range: 0-65535
Default: 5
brute-force-lockout-period
Description Number of seconds client should be locked out (default 600)
Type: number
Range: 0-1800
Default: 600
brute-force-resp-codes
Description Trigger brute-force check on HTTP response code
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-resp-codes-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-resp-headers
Description Trigger brute-force check on HTTP response header names
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-resp-headers-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-resp-string
Description Trigger brute-force check on HTTP response reason phrase
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-resp-string-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-test-period
Description Number of seconds for brute-force event counting (default 60)
Type: number
Range: 0-600
Default: 60
challenge-action-captcha
Description Initiate a Captcha to verify client can respond
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-action-cookie
Description Use Set-Cookie to determine if client allows cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-action-javascript
Description Add JavaScript to response to test if client allows JavaScript
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-disable-action
Description ‘enable’: Enable brute force protections; ‘disable’: Disable brute force protections (default);
Type: string
Supported Values: enable, disable
Default: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
request-check¶
Specification Type object bot-check
Description Check User-Agent for known bots
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bot-check-policy-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
command-injection-check
Description Check to protect against command injection attacks
Type: string
Format: enum-list
command-injection-check-policy-file
Description Name of WAF policy command injection list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
lifetime
Description Session lifetime in minutes (default 10)
Type: number
Range: 1-1440
Default: 10
redirect-whitelist
Description Check Redirect URL against list of previously learned redirects
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
referer-check
Description Check referer to protect against CSRF attacks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
referer-domain-list
Description List of referer domains allowed
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: referer-domain-list and referer-domain-list-only are mutually exclusive
referer-domain-list-only
Description List of referer domains allowed
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: referer-domain-list-only and referer-domain-list are mutually exclusive
referer-safe-url
Description Safe URL to redirect to if referer is missing
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
session-check
Description Enable session checking via session cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sqlia-check
Description ‘reject’: Reject requests with SQLIA patterns;
Type: string
Supported Values: reject
sqlia-check-policy-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
url-blacklist
Description specify name of WAF policy list file to blacklist
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
url-learned-list
Description Check URL against list of previously learned URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
url-whitelist
Description specify name of WAF policy list file to whitelist
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
waf-blacklist-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
waf-whitelist-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
xss-check
Description ‘reject’: Reject requests with bad cookies;
Type: string
Supported Values: reject
xss-check-policy-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
cookie-security¶
Specification Type object allow-missing-cookie
Description Allow requests with missing cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-unrecognized-cookie
Description Allow requests with unrecognized cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cookie-policy
Type: Listenable-disable-action
Description ‘enable’: Enable cookie security (default); ‘disable’: Disable cookie security;
Type: string
Supported Values: enable, disable
Default: enable
set-cookie-policy
Type: Listtamper-protection-grace-period
Description Allow unrecognized cookies for a period of time after cookie encryption being applied (default 120 minutes)
Type: number
Range: 0-43200
Default: 120
tamper-protection-http-only
Description Add HttpOnly flag to cookies not in set-cookie-policy list (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
tamper-protection-samesite
Description ‘none’: none; ‘lax’: lax; ‘strict’: strict;
Type: string
Supported Values: none, lax, strict
Default: none
tamper-protection-secret
Description Cookie encryption secret
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
tamper-protection-secret-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)tamper-protection-secure
Description Add Secure flag to cookies not in set-cookie-policy list (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
tamper-protection-session-cookie-only
Description Only encrypt session cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tamper-protection-sign
Description Sign cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: tamper-protection-sign and tamper-protection-encrypt are mutually exclusive
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cookie-security_set-cookie-policy¶
Specification Type list Block object keys set-cookie-policy-allow
Description Allow the cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-cookie-policy-disallow
Description Block the cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-cookie-policy-http-only
Description Add HttpOnly flag to cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-cookie-policy-name
Description Name of cookie
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
set-cookie-policy-samesite
Description ‘none’: none; ‘lax’: lax; ‘strict’: strict;
Type: string
Supported Values: none, lax, strict
set-cookie-policy-secret
Description Cookie encryption secret
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
set-cookie-policy-secret-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)set-cookie-policy-secure
Description Add Secure flag to cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-cookie-policy-sign
Description Sign cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: set-cookie-policy-sign and set-cookie-policy-encrypt are mutually exclusive
cookie-security_cookie-policy¶
Specification Type list Block object keys cookie-policy-allow
Description Allow the cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cookie-policy-disallow
Description Block the cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cookie-policy-name
Description Name of cookie
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
response-cloaking¶
Specification Type object filter-headers
Description Removes web server’s identifying headers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hide-status-codes
Description Hides response status codes that are not allowed (default 4xx, 5xx)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hide-status-codes-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
json-check¶
Specification Type object format-check
Description Check HTTP body for JSON format compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-array-values
Description Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))
Type: number
Range: 0-4096
Default: 256
max-depth
Description Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))
Type: number
Range: 0-4096
Default: 16
max-object-members
Description Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))
Type: number
Range: 0-4096
Default: 256
max-string-length
Description Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))
Type: number
Range: 0-4096
Default: 64
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-protocol-check¶
Specification Type object allowed-headers
Description Enable allowed-headers check (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allowed-headers-list
Description Allowed HTTP headers. Default “Host Referer User-Agent Accept Accept-Encoding …” (see docs for full list) (Allowed HTTP headers (default “Host Referer User-Agent Accept Accept-Encoding …” (see docs for full list)))
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Default: Host Referer User-Agent Accept Accept-Encoding Accept-Language Accept-Language Authorization Cache-Control Content-Length
allowed-methods
Description Enable allowed-methods check (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allowed-methods-list
Description List of allowed HTTP methods. Default is “GET POST”. (List of HTTP methods allowed (default “GET POST”))
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Default: GET POST
allowed-versions
Description Enable allowed-versions check (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allowed-versions-list
Description List of allowed HTTP versions (default “1.0 1.1 2”)
Type: string
Format: enum-list
Default: 1.0,1.1,2
bad-multipart-request
Description Check for bad multipart/form-data request body
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
body-without-content-type
Description Check for Body request without Content-Type header in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description Disable all checks for HTTP protocol compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
get-with-content
Description Check for GET request with Content-Length headers in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
head-with-content
Description Check for HEAD request with Content-Length headers in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
host-header-with-ip
Description Check for Host header with IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
invalid-url-encoding
Description Check for invalid URL encoding in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-content-length
Description Check for malformed content-length in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-header
Description Check for malformed HTTP header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-parameter
Description Check for malformed HTTP query/POST parameter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-request
Description Check for malformed HTTP request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-request-line
Description Check for malformed HTTP request line
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
missing-header-value
Description Check for missing header value in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
missing-host-header
Description Check for missing Host header in HTTP/1.1 request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multiple-content-length
Description Check for multiple Content-Length headers in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
non-ssl-cookie-prefix
Description Check for Bad __Secure- or __Host- Cookie Name prefixes in non-ssl request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
post-with-0-content
Description Check for POST request with Content-Length 0
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
post-without-content
Description Check for POST request without Content-Length/Chunked Encoding headers in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
post-without-content-type
Description Check for POST request without Content-Type header in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
xml-check¶
Specification Type object disable
Description Disable all checks for XML limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
format
Description Check HTTP body for XML format compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-attr
Description Maximum number of attributes of an XML element (default 256)
Type: number
Range: 0-256
Default: 256
max-attr-name-len
Description Maximum length of an attribute name (default 128)
Type: number
Range: 0-2048
Default: 128
max-attr-value-len
Description Maximum length of an attribute text value (default 128)
Type: number
Range: 0-4096
Default: 128
max-cdata-len
Description Maximum length of an CDATA section of an element (default 65535)
Type: number
Range: 0-65535
Default: 65535
max-elem
Description Maximum number of XML elements (default 1024)
Type: number
Range: 0-8192
Default: 1024
max-elem-child
Description Maximum number of children of an XML element (default 1024)
Type: number
Range: 0-4096
Default: 1024
max-elem-depth
Description Maximum recursion level for element definition (default 256)
Type: number
Range: 0-4096
Default: 256
max-elem-name-len
Description Maximum length for an element name (default 128)
Type: number
Range: 0-65535
Default: 128
max-entity-decl
Description Maximum number of entity declarations (default 1024)
Type: number
Range: 0-1024
Default: 1024
max-entity-depth
Description Maximum depth of entities (default 32)
Type: number
Range: 0-32
Default: 32
max-entity-exp
Description Maximum number of entity expansions (default 1024)
Type: number
Range: 0-1024
Default: 1024
max-entity-exp-depth
Description Maximum nested depth of entity expansions (default 32)
Type: number
Range: 0-32
Default: 32
max-namespace
Description Maximum number of namespace declarations (default 16)
Type: number
Range: 0-256
Default: 16
max-namespace-uri-len
Description Maximum length of a namespace URI (default 256)
Type: number
Range: 0-1024
Default: 256
sqlia
Description Check XML data against SQLIA policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
xss
Description Check XML data against XSS policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-limit-check¶
Specification Type object disable
Description Disable all checks for HTTP limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-content-length
Description Max length of content (Maximum length of content allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-content-length-value
Description Max length of content (default 4096) (Maximum length of content allowed (default 4096))
Type: number
Range: 0-2147483647
Default: 4096
max-cookie-header-length
Description Max Cookie header length allowed in request (Maximum length of cookie header allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookie-header-length-value
Description Max Cookie header length allowed in request (default 4096) (Maximum length of cookie header allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-cookie-name-length
Description Max Cookie name length allowed in request (Maximum length of cookie name allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookie-name-length-value
Description Max Cookie name length allowed in request (default 64) (Maximum length of cookie name allowed (default 64))
Type: number
Range: 0-65535
Default: 64
max-cookie-value-length
Description Max Cookie value length allowed in request (Maximum length of cookie value allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookie-value-length-value
Description Max Cookie value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-cookies
Description Max Cookies allowed in request (Maximum number of cookie allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookies-length
Description Total Cookies length allowed in request (Maximum length of all cookies in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookies-length-value
Description Total Cookies length allowed in request (default 4096) (Maximum length of all cookies in request (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-cookies-value
Description Max Cookies allowed in request (default 20) (Maximum number of cookie allowed (default 20))
Type: number
Range: 0-1023
Default: 20
max-data-parse
Description Max data to be parsed for Web Application Firewall
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-data-parse-value
Description Max data to be parsed for Web Application Firewall (default 262144)
Type: number
Range: 0-2097152
Default: 262144
max-entities
Description Maximum number of MIME entities allowed in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-entities-value
Description Maximum number of MIME entities allowed in request (default 10)
Type: number
Range: 0-512
Default: 10
max-header-length
Description Max header length allowed in request (Maximum length of header allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-header-length-value
Description Max header length allowed in request (default 4096) (Maximum length of header allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-header-name-length
Description Max header name length allowed in request (Maximum length of header name allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-header-name-length-value
Description Max header name length allowed in request (default 64) (Maximum length of header name allowed (default 64))
Type: number
Range: 0-65535
Default: 64
max-header-value-length
Description Max header value length allowed in request (Maximum length of header value allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-header-value-length-value
Description Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-headers
Description Total number of headers allowed in request (Maximum number of headers in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-headers-length
Description Total headers length allowed in request (Maximum length of all headers in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-headers-length-value
Description Total headers length allowed in request (default 4096) (Maximum length of all headers in request (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-headers-value
Description Total number of headers allowed in request (default 64) (Maximum number of headers in request (default 64))
Type: number
Range: 0-255
Default: 64
max-param-name-length
Description Max query/POST parameter name length allowed in request (Maximum length of query/POST parameter names allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-param-name-length-value
Description Max query/POST parameter name length allowed in request (default 256) (Maximum length of query/POST parameter names allowed (default 256))
Type: number
Range: 0-65535
Default: 256
max-param-value-length
Description Max query/POST parameter value length allowed in request (Maximum length of query/POST parameter value allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-param-value-length-value
Description Max query/POST parameter value length allowed in request (default 4096) (Maximum length of query/POST parameter value allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-params
Description Total query/POST parameters allowed in request (Maximum number of query/POST parameters in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-params-length
Description Total query/POST parameters length allowed in request (Maximum length of all params in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-params-length-value
Description Total query/POST parameters length allowed in request (default 4096) (Maximum length of all params in request (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-params-value
Description Total query/POST parameters allowed in request (default 64) (Maximum number of query/POST parameters in request (default 64))
Type: number
Range: 0-1024
Default: 64
max-post-length
Description Maximum content length allowed in POST request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-post-length-value
Description Maximum content length allowed in POST request (default 20480)
Type: number
Range: 0-2147483647
Default: 20480
max-query-length
Description Max length of query string (Maximum length of query string allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-query-length-value
Description Max length of query string (default 4096) (Maximum length of query string allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-request-length
Description Max length of request (Maximum length of request allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-request-length-value
Description Max length of request (default 20480) (Maximum length of request allowed (default 20480))
Type: number
Range: 0-2147483647
Default: 20480
max-request-line-length
Description Max length of request line (Maximum length of request line)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-request-line-length-value
Description Max length of request line (default 4096) (Maximum length of request line (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-url-length
Description Max length of url (Maximum length of url allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-url-length-value
Description Max length of url (default 4096) (Maximum length of url allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
evasion-check¶
Specification Type object apache-whitespace
Description Check for whitespace characters in URL
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
decode-entities
Description Decode entities in internal url (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
decode-escaped-chars
Description Decode escaped characters such as r n ” xXX u00YY in internal url (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
decode-plus-chars
Description Decode ‘+’ as space in URL (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
decode-unicode-chars
Description Check for evasion attempt using %u encoding of Unicode chars to bypass (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
dir-traversal
Description Check for directory traversal attempt (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
high-ascii-bytes
Description Check for evasion attempt using ASCII bytes with values
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
invalid-hex-encoding
Description Check for evasion attempt using invalid hex characters (not in 0-9,a-f)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-levels
Description Max levels of encoding allowed in request (default 2)
Type: number
Range: 0-64
Default: 2
multiple-encoding-levels
Description Check for evasion attempt using multiple levels of encoding
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multiple-slashes
Description Check for evasion attempt using multiple slashes/backslashes
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
remove-comments
Description Remove comments from internal url
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
remove-spaces
Description Remove spaces from internal url (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
form-protection¶
Specification Type object csrf-check
Description Tag the form to protect against Cross-site Request Forgery
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-disable-action
Description ‘enable’: Enable web form protections (default); ‘disable’: Disable web form protections;
Type: string
Supported Values: enable, disable
Default: enable
field-consistency-check
Description Form input consistency check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-caching
Description Disable caching for response with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-non-post
Description Check whether POST is used for request with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-non-ssl
Description Check whether SSL is used for request with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-request-non-post
Description Check whether POST is used for request with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-response-non-post
Description Check whether form method POST is used for response with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-response-non-post-sanitize
Description Change form method GET to POST (Use with caution: make sure server application still work)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
password-check-autocomplete
Description Check to protect against server-generated form which contain password fields that allow autocomplete
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
password-check-non-masked
Description Check forms that have a password field with a textual type, resulting in this field not being masked
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
password-check-non-ssl
Description Check forms that has a password field if the form is not sent over an SSL connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
stats data¶
| Counter | Size | Description | |
|---|---|---|---|
| response_cloaking_hide_status_code_success | 8 | Response Hide Code check passed | |
| http_limit_max_header_name_length_violation | 8 | MAX header name length check violation | |
| dlp_ccn_mastercard_violation | 8 | MasterCard Credit Card Number Detected | |
| request_check_url_blacklist_success | 8 | URI Black List passed | |
| http_limit_max_data_parse_violation | 8 | Buffer Overflow - Max Data Parse violation | |
| brute_force_challenge_cookie_violation | 8 | Cookie challenge violation | |
| evasion_check_remove_spaces_success | 8 | Remove Spaces check passed | |
| cookie_security_persistent_cookies | 8 | Cookie Security - persistent cookies | |
| form_non_masked_password_violation | 8 | Form Non Masked Password violation | |
| http_limit_max_cookies_length_violation | 8 | MAX cookies length violation | |
| request_check_command_injection_uri_query_success | 8 | Command Injection Check url query arguments passed | |
| form_response_non_post_violation | 8 | Response form method was not POST | |
| cookie_security_allowed_persistent_set_cookies | 8 | Cookie Security - disallowed persistent Set-Cookies | |
| request_check_session_check_none | 8 | Session Created | |
| request_check_referer_redirect | 8 | Referer Check Redirect | |
| xml_check_max_cdata_len_violation | 8 | XML Limit CData Length violation | |
| evasion_check_high_ascii_bytes_violation | 8 | High Ascii Bytes check violation | |
| http_limit_max_param_value_length_violation | 8 | Limit check - MAX parameter value length violation | |
| request_check_url_list_learn | 8 | URL Check Learn | |
| request_check_xss_post_body_sanitize | 8 | XSS Check Post Sanitized | |
| form_check_sanitize | 8 | Post Form Check Sanitized | |
| brute_force_challenge_cookie_sent | 8 | Cookie Challenge Sent | |
| http_limit_max_post_length_violation | 8 | MAX POST length violation | |
| cookie_security_signature_check_violation | 8 | Cookie Security - signature check violation | |
| http_protocol_host_header_with_ip_violation | 8 | Host header with IP check violation | |
| json_check_max_depth_violation | 8 | JSON Limit Depth violation | |
| evasion_check_decode_entities_success | 8 | Decode Entities check passed | |
| xml_check_max_namespace_violation | 8 | XML Limit Namespace violation | |
| brute_force_response_string_triggered | 8 | Brute Force Response string Triggered | |
| action_learn | 8 | Request Learning Updates | |
| request_check_url_list_success | 8 | URL Check passed | |
| http_protocol_malformed_request_line_violation | 8 | Malformed request line check violation | |
| http_limit_max_params_length_success | 8 | Limit check - MAX parameters total length check passed | |
| resp_denied | 8 | Responses Denied | |
| request_check_sqlia_post_body_success | 8 | SQLIA Check Post passed | |
| cookie_security_decrypt_success | 8 | Cookie Security - decrypt successful | |
| http_limit_max_param_value_length_success | 8 | Limit check - MAX parameter value length check passed | |
| xml_check_max_attr_name_len_violation | 8 | XML Limit Name Length violation | |
| cookie_security_session_cookies | 8 | Cookie Security - session cookies | |
| request_check_sqlia_url_violation | 8 | SQLIA Check URL violation | |
| form_tag_inserted | 8 | Form A10 Tag Inserted | |
| max_url_length_success | 8 | Limit check - MAX URL length check passed | |
| brute_force_response_codes_triggered | 8 | Response Codes Triggered | |
| http_limit_max_cookies_success | 8 | Max Cookies check passed | |
| http_limit_max_content_length_success | 8 | MAX content-length check passed | |
| cookie_security_sign_skip_rcache | 8 | Cookie Security - signing skipped - RAM Cache | |
| xml_check_max_attr_value_len_violation | 8 | XML Limit Value Length violation | |
| http_protocol_post_with_0_content_violation | 8 | POST with 0 content check violation | |
| cookie_security_disallowed_persistent_cookies | 8 | Cookie Security - disallowed persistent cookies | |
| xml_content_check_schema_violation | 8 | XML Schema violation | |
| evasion_check_multiple_slashes_violation | 8 | Multiple Slashes check violation | |
| http_limit_max_request_length_success | 8 | Limit check - MAX request length check passed | |
| response_cloaking_filter_headers_violation | 8 | Response Headers Filter violation | |
| request_check_command_injection_uri_query_violation | 8 | Command Injection Check url query arguments violation | |
| csp_header_violation | 8 | CSP header missing | |
| http_protocol_post_without_content_type_violation | 8 | POST without content type check violation | |
| http_limit_max_cookie_header_length_success | 8 | MAX cookie header length check passed | |
| http_protocol_post_without_content_success | 8 | POST without content check passed | |
| json_check_format_success | 8 | JSON Check passed | |
| xml_check_max_elem_success | 8 | XML Limit Element check passed | |
| xml_check_xss_success | 8 | XML XSS Check passed | |
| response_action_log | 8 | Log response violation | |
| http_limit_max_headers_success | 8 | MAX headers count check passed | |
| request_check_url_whitelist_success | 8 | URI White List passed | |
| dlp_pcre_violation | 8 | PCRE Mask violation | |
| brute_force_success | 8 | Brute-Force checks passed | |
| cookie_security_decrypt_in_grace_period_violation | 8 | Cookie Decrypt violation but in grace period | |
| http_limit_max_cookie_name_length_violation | 8 | MAX cookie name length violation | |
| evasion_check_decode_escaped_chars_success | 8 | Decode Escaped Chars check passed | |
| dlp_ccn_discover_masked | 8 | Discover Credit Card Number Masked | |
| cookie_security_add_http_only_violation | 8 | Cookie Security - http-only flag violation | |
| request_check_xss_url_success | 8 | XSS Check URL passed | |
| xml_check_max_entity_exp_depth_violation | 8 | XML Limit Entities Depth violation | |
| http_protocol_post_without_content_type_success | 8 | POST without content type check passed | |
| action_deny_200 | 8 | Request Deny with 200 | |
| cookie_security_encrypt_limit_exceeded | 8 | Cookie Security - encrypt limit exceeded | |
| http_protocol_body_without_content_type_violation | 8 | Body without content type check violation | |
| xml_check_max_entity_exp_violation | 8 | XML Limit Entity Decl violation | |
| csp_header_success | 8 | CSP header found | |
| cookie_security_unrecognized_cookie_violation | 8 | Cookie Security - unrecognized cookie violation | |
| dlp_pcre_masked | 8 | PCRE Mask violation | |
| xml_check_format_success | 8 | XML Check passed | |
| xml_check_namespace_uri_len_violation | 8 | XML Limit Namespace URI Length violation | |
| http_protocol_malformed_parameter_violation | 8 | Malformed parameter check violation | |
| request_check_command_injection_cookies_violation | 8 | Command Injection Check cookies violation | |
| json_check_format_violation | 8 | JSON Check violation | |
| form_set_no_cache_success | 8 | Form Set No Cache check passed | |
| xml_check_xss_violation | 8 | XML XSS Check violation | |
| brute_force_challenge_captcha_sent | 8 | Captcha challenge sent | |
| dlp_ssn_success | 8 | Social Security Number Mask check passed | |
| brute_force_lockout_limit_success | 8 | Lockout limit check passed | |
| cookie_security_cookie_policy_violation | 8 | Cookie Security - cookie policy violation | |
| xml_check_max_entity_decl_violation | 8 | XML Limit Entity Decl violation | |
| http_protocol_missing_host_header_success | 8 | Missing host header check passed | |
| http_protocol_malformed_request_violation | 8 | Malformed request check violation | |
| http_limit_max_request_length_violation | 8 | Limit check - MAX request length violation | |
| xml_check_max_elem_child_violation | 8 | XML Limit Element Child violation | |
| http_protocol_malformed_header_violation | 8 | Malformed header check passed | |
| request_check_session_check_success | 8 | Session Check passed | |
| request_check_bot_violation | 8 | Bot check violation | |
| request_check_sqlia_url_sanitize | 8 | SQLIA Check URL Sanitized | |
| http_limit_max_header_length_violation | 8 | MAX header length check violation | |
| max_url_length_violation | 8 | Limit check - MAX URL length violation | |
| http_protocol_allowed_headers_success | 8 | HTTP headers check passed | |
| evasion_check_dir_traversal_violation | 8 | Dir traversal check violation | |
| form_request_non_post_violation | 8 | Form Method being Non Post in Request violation | |
| request_check_xss_post_body_violation | 8 | XSS Check Post violation | |
| cookie_security_sign_success | 8 | Cookie Security - signing successful | |
| evasion_check_remove_spaces_violation | 8 | Remove Spaces check violation | |
| http_limit_max_data_parse_success | 8 | Buffer Overflow - Max Data Parse check passed | |
| evasion_check_dir_traversal_success | 8 | Dir traversal check passed | |
| form_consistency_violation | 8 | Form Consistency violation | |
| http_protocol_malformed_request_success | 8 | Malformed request check passed | |
| request_check_xss_url_sanitize | 8 | XSS Check URL Sanitized | |
| http_limit_max_cookie_name_length_success | 8 | MAX cookie name length check passed | |
| xml_check_max_elem_violation | 8 | XML Limit Element violation | |
| request_check_command_injection_headers_success | 8 | Command Injection Check headers passed | |
| brute_force_challenge_cookie_success | 8 | Cookie Challenge check passed | |
| cookie_security_allowed_session_cookies | 8 | Cookie Security - allowed session cookies | |
| xml_check_max_elem_depth_violation | 8 | XML Limit Element Depth violation | |
| response_action_deny_reset | 8 | Response Deny with Resets | |
| http_protocol_malformed_request_line_success | 8 | Malformed request line check passed | |
| form_set_no_cache | 8 | Form Set No Cache violation | |
| request_check_sqlia_post_body_violation | 8 | SQLIA Check Post violation | |
| form_check_violation | 8 | Post Form Check violation | |
| response_action_allow | 8 | Response Action allowed | |
| evasion_check_max_levels_violation | 8 | Max Levels check violation | |
| cookie_security_encrypt_violation | 8 | Cookie Security - encrypt violation | |
| brute_force_lockout_limit_violation | 8 | Lockout limit violation | |
| http_protocol_allowed_method_check_violation | 8 | HTTP Method Check violation | |
| http_protocol_malformed_content_length_success | 8 | Malformed content-length check passed | |
| http_protocol_missing_host_header_violation | 8 | Missing host header check violation | |
| dlp_ccn_jcb_masked | 8 | JCB Credit Card Number Masked | |
| http_limit_max_header_length_success | 8 | MAX header length check passed | |
| request_check_redirect_wlist_success | 8 | Redirect Whitelist passed | |
| xml_check_max_attr_name_len_success | 8 | XML Limit Name Length check passed | |
| http_protocol_head_with_content_violation | 8 | HEAD with content check violation | |
| learning_list_full | 8 | Learning list is full | |
| request_check_xss_cookie_violation | 8 | XSS Check Cookie violation | |
| evasion_check_multiple_encoding_levels_violation | 8 | Multiple Encoding Levels check violation | |
| http_protocol_body_without_content_type_success | 8 | Body without content type check passed | |
| http_protocol_allowed_versions_success | 8 | HTTP versions check passed | |
| xml_check_max_entity_decl_success | 8 | XML Limit Entity Decl check passed | |
| cookie_security_disallowed_session_set_cookies | 8 | Cookie Security - disallowed session Set-Cookies | |
| http_protocol_malformed_header_success | 8 | Malformed header check passed | |
| xml_check_sqlia_success | 8 | XML Sqlia Check passed | |
| form_consistency_success | 8 | Form Consistency passed | |
| xml_check_max_entity_depth_success | 8 | XML Limit Entity Depth check passed | |
| action_log | 8 | Log request violation | |
| request_check_xss_url_violation | 8 | XSS Check URL violation | |
| http_protocol_invalid_url_encoding_success | 8 | Invalid url encoding check passed | |
| request_check_referer_violation | 8 | Referer Check violation | |
| form_request_non_post_success | 8 | Form Method being Non Post in Request passed | |
| json_check_max_object_member_count_success | 8 | JSON Limit Object Number Count check passed | |
| dlp_ccn_visa_masked | 8 | Visa Credit Card Number Masked | |
| http_limit_max_header_name_length_success | 8 | MAX header name length check passed | |
| json_check_max_array_value_count_success | 8 | JSON Limit Array Value Count check passed | |
| xml_check_max_entity_exp_depth_success | 8 | XML Limit Entities Depth check passed | |
| http_limit_max_headers_length_success | 8 | MAX headers length check passed | |
| dlp_ccn_diners_masked | 8 | Diners Club Credit Card Number Masked | |
| policy_limit_exceeded | 8 | Policy limit exceeded | |
| dlp_ccn_success | 8 | Credit Card Number check passed | |
| http_protocol_bad_multipart_request_success | 8 | Bad multi-part request check passed | |
| soap_check_violation | 8 | Soap Check violation | |
| evasion_check_decode_unicode_chars_success | 8 | Decode Unicode Chars check passed | |
| http_limit_max_params_violation | 8 | Limit check - MAX parameters violation | |
| cookie_security_sign_limit_exceeded | 8 | Cookie Security - signing limit exceeded | |
| request_check_bot_success | 8 | Bot check passed | |
| cookie_security_encrypt_skip_rcache | 8 | Cookie Security - encrypt skipped - RAM cache | |
| brute_force_challenge_javascript_sent | 8 | JavaScript challenge sent | |
| http_limit_max_entities_violation | 8 | Max Entities violation | |
| evasion_check_apache_whitespace_success | 8 | Apache Whitespace check passed | |
| brute_force_challenge_limit_success | 8 | Lockout limit check passed | |
| http_protocol_allowed_versions_violation | 8 | HTTP versions check violation | |
| cookie_security_unrecognized_cookie_success | 8 | Cookie Security - request with unrecognized cookie | |
| action_deny_reset | 8 | Request Deny with Resets | |
| form_non_ssl_password_violation | 8 | Form Non SSL Password violation | |
| xml_check_max_elem_depth_success | 8 | XML Limit Element Depth check passed | |
| http_limit_max_headers_length_violation | 8 | MAX headers length check violation | |
| response_action_drop | 8 | Number of Dropped Responses | |
| dlp_ccn_visa_violation | 8 | Visa Credit Card Number Detected | |
| req_denied | 8 | Requests Denied | |
| http_limit_max_params_success | 8 | Limit check - MAX parameters check passed | |
| req_allowed | 8 | Requests Allowed | |
| cookie_security_add_secure_success | 8 | Cookie Security - secure flag added | |
| evasion_check_invalid_hex_encoding_violation | 8 | Invalid Hex Encoding check violation | |
| json_check_max_object_member_count_violation | 8 | JSON Limit Object Number Count violation | |
| brute_force_challenge_javascript_success | 8 | JavaScript challenge check passed | |
| request_check_command_injection_cookies_success | 8 | Command Injection Check cookies passed | |
| dlp_ccn_jcb_violation | 8 | JCB Credit Card Number Detected | |
| form_non_ssl_password_success | 8 | Form Non SSL Password check passed | |
| form_password_autocomplete_success | 8 | Form Password Autocomplete check passed | |
| action_allow | 8 | Request Action allowed | |
| http_limit_max_cookies_length_success | 8 | MAX cookies length check passed | |
| action_deny_redirect | 8 | Request Deny with Redirect | |
| http_limit_max_param_name_length_success | 8 | Limit check - MAX parameter name length check passed | |
| dlp_ccn_diners_violation | 8 | Diners Club Credit Card Number Detected | |
| http_protocol_malformed_parameter_success | 8 | Malformed parameter check passed | |
| http_protocol_invalid_url_encoding_violation | 8 | Invalid url encoding check violation | |
| xml_check_max_attr_value_len_success | 8 | XML Limit Value Length check passed | |
| request_check_url_whitelist_violation | 8 | URI White List violation | |
| request_check_xss_cookie_success | 8 | XSS Check Cookie passed | |
| request_check_command_injection_form_body_success | 8 | Command Injection Check form body arguments passed | |
| http_protocol_success | 8 | HTTP Check passed | |
| http_protocol_bad_multipart_request_violation | 8 | Bad multi-part request check violation | |
| xml_check_max_namespace_success | 8 | XML Limit Namespace check passed | |
| dlp_ccn_mastercard_masked | 8 | MasterCard Credit Card Number Masked | |
| form_check_success | 8 | Post Form Check passed | |
| action_deny_custom_response | 8 | Request Deny with custom response | |
| xml_check_sqlia_violation | 8 | XML Sqlia Check violation | |
| cookie_security_sign_violation | 8 | Cookie Security - signing violation | |
| evasion_check_decode_escaped_chars_violation | 8 | Decode Escaped Chars check violation | |
| too_many_sessions | 8 | Too many sessions consumed | |
| cookie_security_add_secure_violation | 8 | Cookie Security - secure flag violation | |
| json_check_max_array_value_count_violation | 8 | JSON Limit Array Value Count violation | |
| evasion_check_max_levels_success | 8 | Max Levels check passed | |
| http_limit_max_query_length_violation | 8 | Limit check - MAX query length violation | |
| xml_check_max_elem_name_len_violation | 8 | XML Limit Element Name Length violation | |
| http_protocol_multiple_content_length_success | 8 | Multiple content-length headers check passed | |
| regex_violation | 8 | Regular expression failure | |
| xml_check_max_attr_violation | 8 | XML Limit Attribute violation | |
| http_limit_max_header_value_length_violation | 8 | MAX header value length check violation | |
| http_limit_max_request_line_length_success | 8 | Limit check - MAX request line length check passed | |
| cookie_security_disallowed_session_cookies | 8 | Cookie Security - disallowed session cookies | |
| xml_content_check_schema_success | 8 | XML Schema passed | |
| evasion_check_high_ascii_bytes_success | 8 | High Ascii Bytes check passed | |
| http_protocol_head_with_content_success | 8 | HEAD with content check passed | |
| http_limit_max_content_length_violation | 8 | MAX content-length check violation | |
| http_protocol_missing_header_value_violation | 8 | Missing header value check violation | |
| http_limit_max_cookie_header_length_violation | 8 | MAX cookie header length violation | |
| xml_check_max_cdata_len_success | 8 | XML Limit CData Length check passed | |
| response_cloaking_filter_headers_success | 8 | Response Headers Filter check passed | |
| cookie_security_missing_cookie_success | 8 | Cookie Security - request with missing cookie | |
| http_protocol_post_without_content_violation | 8 | POST without content check violation | |
| cookie_security_persistent_cookies_signed | 8 | Cookie Security - signed persistent cookies | |
| soap_check_success | 8 | Soap Check passed | |
| request_check_redirect_wlist_violation | 8 | Redirect Whitelist violation | |
| http_limit_max_request_line_length_violation | 8 | Limit check - MAX request line length violation | |
| xml_check_max_elem_child_success | 8 | XML Limit Element Child check passed | |
| response_action_deny_custom_response | 8 | Response Deny with custom response | |
| http_limit_max_post_length_success | 8 | MAX POST length check passed | |
| request_check_url_blacklist_violation | 8 | URI Black List violation | |
| dlp_ccn_discover_violation | 8 | Discover Credit Card Number Detected | |
| http_limit_max_headers_violation | 8 | Max Headers violation | |
| xml_check_max_elem_name_len_success | 8 | XML Limit Element Name Length check passed | |
| request_check_sqlia_post_body_sanitize | 8 | SQLIA Check Post Sanitized | |
| form_csrf_tag_violation | 8 | Form CSRF tag violation | |
| form_non_masked_password_success | 8 | Form Non Masked Password check passed | |
| json_check_max_string_violation | 8 | JSON Limit String violation | |
| http_protocol_non_ssl_cookie_prefix_violation | 8 | Cookie Name Prefix check violation | |
| http_limit_max_entities_success | 8 | Max Entities check passed | |
| action_drop | 8 | Number of Dropped Requests | |
| http_protocol_missing_header_value_success | 8 | Missing header value check violation | |
| xml_check_format_violation | 8 | XML Check violation | |
| request_check_xss_post_body_success | 8 | XSS Check Post passed | |
| xml_check_max_attr_success | 8 | XML Limit Attribute check passed | |
| dlp_ccn_amex_masked | 8 | Amex Credit Card Number Masked | |
| form_password_autocomplete_violation | 8 | Form Password Autocomplete violation | |
| response_cloaking_hide_status_code_violation | 8 | Response Hide Code violation | |
| request_check_sqlia_url_success | 8 | SQLIA Check URL passed | |
| http_protocol_allowed_headers_violation | 8 | HTTP headers check violation | |
| brute_force_violation | 8 | Brute-Force checks violation | |
| brute_force_challenge_captcha_success | 8 | Captcha challenge check passed | |
| brute_force_response_headers_triggered | 8 | Brute Force Response Headers Triggered | |
| http_limit_max_param_name_length_violation | 8 | Limit check - MAX parameter name length violation | |
| response_action_deny_redirect | 8 | Response Deny with Redirect | |
| cookie_security_add_samesite_success | 8 | Cookie Security - samesite attribute added successfully | |
| evasion_check_remove_comments_violation | 8 | Remove Comments check violation | |
| request_check_command_injection_form_body_violation | 8 | Command Injection Check form body arguments violation | |
| evasion_check_decode_entities_violation | 8 | Decode Entities check violation | |
| request_check_session_check_violation | 8 | Session Check violation | |
| form_non_ssl_success | 8 | Form Non SSL check passed | |
| cookie_security_session_cookies_signed | 8 | Cookie Security - signed session cookies | |
| xml_check_max_entity_depth_violation | 8 | XML Limit Entity Depth violation | |
| xml_content_check_wsdl_violation | 8 | WSDL violation | |
| json_check_max_depth_success | 8 | JSON Limit Depth check passed | |
| http_protocol_get_with_content_violation | 8 | GET with content check violation | |
| cookie_security_allowed_session_set_cookies | 8 | Cookie Security - disallowed session Set-Cookies | |
| xml_check_namespace_uri_len_success | 8 | XML Limit Namespace URI Length check passed | |
| evasion_check_multiple_slashes_success | 8 | Multiple Slashes check passed | |
| http_limit_max_params_length_violation | 8 | Limit check - MAX parameters total length violation | |
| http_protocol_violation | 8 | HTTP Check violation | |
| csp_header_inserted | 8 | CSP header Inserted | |
| form_non_ssl_violation | 8 | Form Non SSL violation | |
| http_protocol_host_header_with_ip_success | 8 | Host header with IP check passed | |
| sessions_freed | 8 | Sessions freed | |
| out_of_sessions | 8 | Out of sessions | |
| dlp_ssn_violation | 8 | Social Security Number Mask violation | |
| form_response_non_post_success | 8 | Response form method was POST | |
| sessions_alloc | 8 | Sessions allocated | |
| request_check_command_injection_headers_violation | 8 | Command Injection Check headers violation | |
| form_response_non_post_sanitize | 8 | Changed response form method to POST | |
| http_protocol_non_ssl_cookie_prefix_success | 8 | Cookie Name Prefix check passed | |
| request_check_referer_success | 8 | Referer Check passed | |
| cookie_security_missing_cookie_violation | 8 | Cookie Security - missing cookie violation | |
| response_action_deny_403 | 8 | Response Deny with 403 | |
| http_protocol_malformed_content_length_violation | 8 | Malformed content-length check violation | |
| cookie_security_persistent_cookies_encrypted | 8 | Cookie Security - encrypted persistent cookies | |
| evasion_check_decode_unicode_chars_violation | 8 | Decode Unicode Chars check violation | |
| evasion_check_invalid_hex_encoding_success | 8 | Invalid Hex Encoding check passed | |
| evasion_check_apache_whitespace_violation | 8 | Apache Whitespace check violation | |
| response_action_deny_200 | 8 | Response Deny with 200 | |
| cookie_security_signature_check_success | 8 | Cookie Security - signature check successful | |
| brute_force_challenge_limit_violation | 8 | Lockout limit violation | |
| response_action_learn | 8 | Response Learning Updates | |
| total_req | 8 | Total Requests | |
| http_limit_max_cookie_value_length_success | 8 | MAX cookie value length check passed | |
| http_protocol_multiple_content_length_violation | 8 | Multiple content-length headers check violation | |
| action_deny_403 | 8 | Request Deny with 403 | |
| form_csrf_tag_success | 8 | Form CSRF tag passed | |
| http_protocol_post_with_0_content_success | 8 | POST with 0 content check passed | |
| cookie_security_encrypt_success | 8 | Cookie Security - encrypt successful | |
| request_check_xss_cookie_sanitize | 8 | XSS Check Cookie Sanitized | |
| cookie_security_cookie_policy_success | 8 | Cookie Security - cookie policy passed | |
| xml_content_check_wsdl_success | 8 | WSDL passed | |
| cookie_security_disallowed_persistent_set_cookies | 8 | Cookie Security - disallowed persistent Set-Cookies | |
| cookie_security_decrypt_violation | 8 | Cookie Security - decrypt violation | |
| http_protocol_get_with_content_success | 8 | GET with content check passed | |
| request_check_redirect_wlist_learn | 8 | Redirect Whitelist Learn | |
| http_limit_max_header_value_length_success | 8 | MAX header value length check passed | |
| evasion_check_remove_comments_success | 8 | Remove Comments check passed | |
| brute_force_challenge_javascript_violation | 8 | JavaScript challenge violation | |
| evasion_check_multiple_encoding_levels_success | 8 | Multiple Encoding Levels check passed | |
| cookie_security_allowed_persistent_cookies | 8 | Cookie Security - allowed persistent cookies | |
| http_protocol_allowed_method_check_success | 8 | HTTP Method Check passed | |
| request_check_url_list_violation | 8 | URL Check violation | |
| cookie_security_add_samesite_violation | 8 | Cookie Security - samesite attribute violation | |
| http_limit_max_query_length_success | 8 | Limit check - MAX query length check passed | |
| cookie_security_add_http_only_success | 8 | Cookie Security - http-only flag added | |
| dlp_ccn_amex_violation | 8 | Amex Credit Card Number Detected | |
| json_check_max_string_success | 8 | JSON Limit String check passed | |
| http_limit_max_cookie_value_length_violation | 8 | MAX cookie value length violation | |
| brute_force_challenge_captcha_violation | 8 | Captcha challenge violation | |
| dlp_pcre_success | 8 | PCRE Mask check passed | |
| xml_check_max_entity_exp_success | 8 | XML Limit Entity Decl check passed | |
| cookie_security_session_cookies_encrypted | 8 | Cookie Security - encrypted session cookies | |
| http_limit_max_cookies_violation | 8 | Max Cookies violation |