.. _waf: waf === WAF related commands waf Specification ----------------- ===================================== ============================================ **Parameter** **Value** ===================================== ============================================ **Type** *Intermediate Resource* **Element Name** waf **Element URI** /axapi/v3/waf **Element Attributes** waf_attributes **Partition Visibility** shared **Schema** :download:`waf schema ` ===================================== ============================================ **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/waf .. raw:: html waf_attributes .. raw:: html
.. _3291_waf_attributes: waf attributes -------------- **global** **Description:** global is a **JSON Block**. Please see below for :ref:`3291_global` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/global ` **policy** **Description:** policy is a **JSON Block**. Please see below for :ref:`3291_policy` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/policy ` **rule-set-config-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/waf/rule-set-config/{name} ` **template-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/waf/template/{name} ` **wsdl** **Description:** wsdl is a **JSON Block**. Please see below for :ref:`3291_wsdl` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/wsdl ` **xml-schema** **Description:** xml-schema is a **JSON Block**. Please see below for :ref:`3291_xml-schema` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/xml-schema ` .. _3291_rule-set-config-list: rule-set-config-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deploy-mode** **Description** 'active': Deploy WAF rule-set in active mode; 'monitor': Deploy WAF rule-set in monitor mode, only log and statistics.; **Type:** string **Supported Values:** active, monitor **max-process-time** **Description** Specify maximum request processing time (in ms) per phase (default: 80) **Type:** number **Range:** 40-1500 **max-rules-per-phase** **Description** Specify maximum rules per phase (default: 10000) **Type:** number **Range:** 100-65535 **name** **Description** WAF rule-set-config template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **process-timeout-action** **Description** 'drop': Drop the request; 'deny': Deny the request; 'allow': Allow the request; **Type:** string **Supported Values:** drop, deny, allow **request-body-access** **Description** 'on': WAF rule-set allow request body processing; 'off': WAF rule-set disable request body processing; **Type:** string **Supported Values:** on, off **request-body-default-action** **Description** Specify WAF rule-set default actions for request-body phase (default: log,deny) (Specify default actions (ex: log,deny)) **Type:** string **Format:** string-rlx **Maximum Length:** 256 characters **Maximum Length:** 1 characters **request-body-limit** **Description** Specify maximum request body size in KB for buffering (default: 1024) **Type:** number **Range:** 1-1048576 **request-body-limit-action** **Description** 'reject': Reject the request (default); 'process-partial': Process partial request body; **Type:** string **Supported Values:** reject, process-partial **request-header-default-action** **Description** Specify WAF rule-set default actions for request-header phase (default: log,deny) (Specify default actions (ex: log,deny)) **Type:** string **Format:** string-rlx **Maximum Length:** 256 characters **Maximum Length:** 1 characters **response-body-access** **Description** 'on': WAF rule-set allow response body processing; 'off': WAF rule-set disable response body processing; **Type:** string **Supported Values:** on, off **response-body-default-action** **Description** Specify WAF rule-set default actions for response-body phase (default: log,pass) (Specify default actions (ex: log,deny)) **Type:** string **Format:** string-rlx **Maximum Length:** 256 characters **Maximum Length:** 1 characters **response-body-limit** **Description** Specify maximum response body in KB size for buffering (default: 512) **Type:** number **Range:** 1-1048576 **response-body-limit-action** **Description** 'reject': Reject the response; 'process-partial': Process partial response body (default); **Type:** string **Supported Values:** reject, process-partial **response-body-mime-type** **Description** Specify MIME types that WAF rule-set will process (default: text/plain text/html) (Specify MIME types (ex: text/plain text/html)) **Type:** string **Format:** string-rlx **Maximum Length:** 1024 characters **Maximum Length:** 1 characters **response-header-default-action** **Description** Specify WAF rule-set default actions for response-header phase (default: log,pass) (Specify default actions (ex: log,deny)) **Type:** string **Format:** string-rlx **Maximum Length:** 256 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_global: global ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **immediate-action** **Description** Disable the violation aggregation, take action on first violation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_global_sampling-enable: global_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'total_req': Total Requests; 'req_allowed': Requests Allowed; 'req_denied': Requests Denied; 'resp_denied': Responses Denied; 'brute_force_success': Brute-Force checks passed; 'brute_force_violation': Brute-Force checks violation; 'brute_force_challenge_cookie_sent': Cookie Challenge Sent; 'brute_force_challenge_cookie_success': Cookie Challenge check passed; 'brute_force_challenge_cookie_violation': Cookie challenge violation; 'brute_force_challenge_javascript_sent': JavaScript challenge sent; 'brute_force_challenge_javascript_success': JavaScript challenge check passed; 'brute_force_challenge_javascript_violation': JavaScript challenge violation; 'brute_force_challenge_captcha_sent': Captcha challenge sent; 'brute_force_challenge_captcha_success': Captcha challenge check passed; 'brute_force_challenge_captcha_violation': Captcha challenge violation; 'brute_force_lockout_limit_success': Lockout limit check passed; 'brute_force_lockout_limit_violation': Lockout limit violation; 'brute_force_challenge_limit_success': Lockout limit check passed; 'brute_force_challenge_limit_violation': Lockout limit violation; 'brute_force_response_codes_triggered': Response Codes Triggered; 'brute_force_response_headers_triggered': Brute Force Response Headers Triggered; 'brute_force_response_string_triggered': Brute Force Response string Triggered; 'cookie_security_encrypt_success': Cookie Security - encrypt successful; 'cookie_security_encrypt_violation': Cookie Security - encrypt violation; 'cookie_security_encrypt_limit_exceeded': Cookie Security - encrypt limit exceeded; 'cookie_security_encrypt_skip_rcache': Cookie Security - encrypt skipped - RAM cache; 'cookie_security_decrypt_success': Cookie Security - decrypt successful; 'cookie_security_decrypt_violation': Cookie Security - decrypt violation; 'cookie_security_sign_success': Cookie Security - signing successful; 'cookie_security_sign_violation': Cookie Security - signing violation; 'cookie_security_sign_limit_exceeded': Cookie Security - signing limit exceeded; 'cookie_security_sign_skip_rcache': Cookie Security - signing skipped - RAM cache; 'cookie_security_signature_check_success': Cookie Security - signature check successful; 'cookie_security_signature_check_violation': Cookie Security - signature check failed; 'cookie_security_add_http_only_success': Cookie Security - http-only flag added successfully; 'cookie_security_add_http_only_violation': Cookie Security - http-only flag violation; 'cookie_security_add_secure_success': Cookie Security - secure flag added successfully; 'cookie_security_add_secure_violation': Cookie Security - secure flag violation; 'cookie_security_missing_cookie_success': Cookie Security - request with missing cookie; 'cookie_security_missing_cookie_violation': Cookie Security - missing cookie violation; 'cookie_security_unrecognized_cookie_success': Cookie Security - request with unrecognized cookie; 'cookie_security_unrecognized_cookie_violation': Cookie Security - unrecognized cookie violation; 'cookie_security_cookie_policy_success': Cookie Security - cookie policy passed; 'cookie_security_cookie_policy_violation': Cookie Security - cookie policy violation; 'cookie_security_persistent_cookies': Cookie Security - persistent cookies; 'cookie_security_persistent_cookies_encrypted': Cookie Security - encrypted persistent cookies; 'cookie_security_persistent_cookies_signed': Cookie Security - signed persistent cookies; 'cookie_security_session_cookies': Cookie Security - session cookies; 'cookie_security_session_cookies_encrypted': Cookie Security - encrypted session cookies; 'cookie_security_session_cookies_signed': Cookie Security - signed session cookies; 'cookie_security_allowed_session_cookies': Cookie Security - allowed session cookies; 'cookie_security_allowed_persistent_cookies': Cookie Security - allowed persistent cookies; 'cookie_security_disallowed_session_cookies': Cookie Security - disallowed session cookies; 'cookie_security_disallowed_persistent_cookies': Cookie Security - disallowed persistent cookies; 'cookie_security_allowed_session_set_cookies': Cookie Security - allowed session Set-Cookies; 'cookie_security_allowed_persistent_set_cookies': Cookie Security - allowed persistent Set-Cookies; 'cookie_security_disallowed_session_set_cookies': Cookie Security - disallowed session Set-Cookies; 'cookie_security_disallowed_persistent_set_cookies': Cookie Security - disallowed persistent Set-Cookies; 'csp_header_violation': CSP header_missing; 'csp_header_success': CSP header found; 'csp_header_inserted': CSP header Inserted; 'form_csrf_tag_success': Form CSRF tag passed; 'form_csrf_tag_violation': Form CSRF tag violation; 'form_consistency_success': Form Consistency passed; 'form_consistency_violation': Form Consistency violation; 'form_tag_inserted': Form A10 Tag Inserted; 'form_non_ssl_success': Form Non SSL check passed; 'form_non_ssl_violation': Form Non SSL violation; 'form_request_non_post_success': Form Method being Non Post in Request passed; 'form_request_non_post_violation': Form Method being Non Post in Request violation; 'form_check_success': Post Form Check passed; 'form_check_violation': Post Form Check violation; 'form_check_sanitize': Post Form Check Sanitized; 'form_non_masked_password_success': Form Non Masked Password check passed; 'form_non_masked_password_violation': Form Non Masked Password violation; 'form_non_ssl_password_success': Form Non SSL Password check passed; 'form_non_ssl_password_violation': Form Non SSL Password violation; 'form_password_autocomplete_success': Form Password Autocomplete check passed; 'form_password_autocomplete_violation': Form Password Autocomplete violation; 'form_set_no_cache_success': Form Set No Cache check passed; 'form_set_no_cache': Form Set No Cache violation; 'dlp_ccn_success': Credit Card Number check passed; 'dlp_ccn_amex_violation': Amex Credit Card Number Detected; 'dlp_ccn_amex_masked': Amex Credit Card Number Masked; 'dlp_ccn_diners_violation': Diners Club Credit Card Number Detected; 'dlp_ccn_diners_masked': Diners Club Credit Card Number Masked; 'dlp_ccn_visa_violation': Visa Credit Card Number Detected; 'dlp_ccn_visa_masked': Visa Credit Card Number Masked; 'dlp_ccn_mastercard_violation': MasterCard Credit Card Number Detected; 'dlp_ccn_mastercard_masked': MasterCard Credit Card Number Masked; 'dlp_ccn_discover_violation': Discover Credit Card Number Detected; 'dlp_ccn_discover_masked': Discover Credit Card Number Masked; 'dlp_ccn_jcb_violation': JCB Credit Card Number Detected; 'dlp_ccn_jcb_masked': JCB Credit Card Number Masked; 'dlp_ssn_success': Social Security Number Mask check passed; 'dlp_ssn_violation': Social Security Number Mask violation; 'dlp_pcre_success': PCRE Mask check passed; 'dlp_pcre_violation': PCRE Mask violation; 'dlp_pcre_masked': PCRE Mask violation; 'evasion_check_apache_whitespace_success': Apache Whitespace check passed; 'evasion_check_apache_whitespace_violation': Apache Whitespace check violation; 'evasion_check_decode_entities_success': Decode Entities check passed; 'evasion_check_decode_entities_violation': Decode Entities check violation; 'evasion_check_decode_escaped_chars_success': Decode Escaped Chars check passed; 'evasion_check_decode_escaped_chars_violation': Decode Escaped Chars check violation; 'evasion_check_decode_unicode_chars_success': Decode Unicode Chars check passed; 'evasion_check_decode_unicode_chars_violation': Decode Unicode Chars check violation; 'evasion_check_dir_traversal_success': Dir traversal check passed; 'evasion_check_dir_traversal_violation': Dir traversal check violation; **Type:** string **Supported Values:** all, total_req, req_allowed, req_denied, resp_denied, brute_force_success, brute_force_violation, brute_force_challenge_cookie_sent, brute_force_challenge_cookie_success, brute_force_challenge_cookie_violation, brute_force_challenge_javascript_sent, brute_force_challenge_javascript_success, brute_force_challenge_javascript_violation, brute_force_challenge_captcha_sent, brute_force_challenge_captcha_success, brute_force_challenge_captcha_violation, brute_force_lockout_limit_success, brute_force_lockout_limit_violation, brute_force_challenge_limit_success, brute_force_challenge_limit_violation, brute_force_response_codes_triggered, brute_force_response_headers_triggered, brute_force_response_string_triggered, cookie_security_encrypt_success, cookie_security_encrypt_violation, cookie_security_encrypt_limit_exceeded, cookie_security_encrypt_skip_rcache, cookie_security_decrypt_success, cookie_security_decrypt_violation, cookie_security_sign_success, cookie_security_sign_violation, cookie_security_sign_limit_exceeded, cookie_security_sign_skip_rcache, cookie_security_signature_check_success, cookie_security_signature_check_violation, cookie_security_add_http_only_success, cookie_security_add_http_only_violation, cookie_security_add_secure_success, cookie_security_add_secure_violation, cookie_security_missing_cookie_success, cookie_security_missing_cookie_violation, cookie_security_unrecognized_cookie_success, cookie_security_unrecognized_cookie_violation, cookie_security_cookie_policy_success, cookie_security_cookie_policy_violation, cookie_security_persistent_cookies, cookie_security_persistent_cookies_encrypted, cookie_security_persistent_cookies_signed, cookie_security_session_cookies, cookie_security_session_cookies_encrypted, cookie_security_session_cookies_signed, cookie_security_allowed_session_cookies, cookie_security_allowed_persistent_cookies, cookie_security_disallowed_session_cookies, cookie_security_disallowed_persistent_cookies, cookie_security_allowed_session_set_cookies, cookie_security_allowed_persistent_set_cookies, cookie_security_disallowed_session_set_cookies, cookie_security_disallowed_persistent_set_cookies, csp_header_violation, csp_header_success, csp_header_inserted, form_csrf_tag_success, form_csrf_tag_violation, form_consistency_success, form_consistency_violation, form_tag_inserted, form_non_ssl_success, form_non_ssl_violation, form_request_non_post_success, form_request_non_post_violation, form_check_success, form_check_violation, form_check_sanitize, form_non_masked_password_success, form_non_masked_password_violation, form_non_ssl_password_success, form_non_ssl_password_violation, form_password_autocomplete_success, form_password_autocomplete_violation, form_set_no_cache_success, form_set_no_cache, dlp_ccn_success, dlp_ccn_amex_violation, dlp_ccn_amex_masked, dlp_ccn_diners_violation, dlp_ccn_diners_masked, dlp_ccn_visa_violation, dlp_ccn_visa_masked, dlp_ccn_mastercard_violation, dlp_ccn_mastercard_masked, dlp_ccn_discover_violation, dlp_ccn_discover_masked, dlp_ccn_jcb_violation, dlp_ccn_jcb_masked, dlp_ssn_success, dlp_ssn_violation, dlp_pcre_success, dlp_pcre_violation, dlp_pcre_masked, evasion_check_apache_whitespace_success, evasion_check_apache_whitespace_violation, evasion_check_decode_entities_success, evasion_check_decode_entities_violation, evasion_check_decode_escaped_chars_success, evasion_check_decode_escaped_chars_violation, evasion_check_decode_unicode_chars_success, evasion_check_decode_unicode_chars_violation, evasion_check_dir_traversal_success, evasion_check_dir_traversal_violation **counters2** **Description** 'evasion_check_high_ascii_bytes_success': High Ascii Bytes check passed; 'evasion_check_high_ascii_bytes_violation': High Ascii Bytes check violation; 'evasion_check_invalid_hex_encoding_success': Invalid Hex Encoding check passed; 'evasion_check_invalid_hex_encoding_violation': Invalid Hex Encoding check violation; 'evasion_check_multiple_encoding_levels_success': Multiple Encoding Levels check passed; 'evasion_check_multiple_encoding_levels_violation': Multiple Encoding Levels check violation; 'evasion_check_multiple_slashes_success': Multiple Slashes check passed; 'evasion_check_multiple_slashes_violation': Multiple Slashes check violation; 'evasion_check_max_levels_success': Max Levels check passed; 'evasion_check_max_levels_violation': Max Levels check violation; 'evasion_check_remove_comments_success': Remove Comments check passed; 'evasion_check_remove_comments_violation': Remove Comments check violation; 'evasion_check_remove_spaces_success': Remove Spaces check passed; 'evasion_check_remove_spaces_violation': Remove Spaces check violation; 'http_limit_max_content_length_success': MAX content-length check passed; 'http_limit_max_content_length_violation': MAX content-length check violation; 'http_limit_max_cookie_header_length_success': MAX cookie header length check passed; 'http_limit_max_cookie_header_length_violation': MAX cookie header length violation; 'http_limit_max_cookie_name_length_success': MAX cookie name length check passed; 'http_limit_max_cookie_name_length_violation': MAX cookie name length violation; 'http_limit_max_cookie_value_length_success': MAX cookie value length check passed; 'http_limit_max_cookie_value_length_violation': MAX cookie value length violation; 'http_limit_max_cookies_success': Max Cookies check passed; 'http_limit_max_cookies_violation': Max Cookies violation; 'http_limit_max_cookies_length_success': MAX cookies length check passed; 'http_limit_max_cookies_length_violation': MAX cookies length violation; 'http_limit_max_data_parse_success': Buffer Overflow - Max Data Parse check passed; 'http_limit_max_data_parse_violation': Buffer Overflow - Max Data Parse violation; 'http_limit_max_entities_success': Max Entities check passed; 'http_limit_max_entities_violation': Max Entities violation; 'http_limit_max_header_length_success': MAX header length check passed; 'http_limit_max_header_length_violation': MAX header length check violation; 'http_limit_max_header_name_length_success': MAX header name length check passed; 'http_limit_max_header_name_length_violation': MAX header name length check violation; 'http_limit_max_header_value_length_success': MAX header value length check passed; 'http_limit_max_header_value_length_violation': MAX header value length check violation; 'http_limit_max_headers_success': MAX headers count check passed; 'http_limit_max_headers_violation': Max Headers violation; 'http_limit_max_headers_length_success': MAX headers length check passed; 'http_limit_max_headers_length_violation': MAX headers length check violation; 'http_limit_max_param_name_length_success': Limit check - MAX parameter name length check passed; 'http_limit_max_param_name_length_violation': Limit check - MAX parameter name length violation; 'http_limit_max_param_value_length_success': Limit check - MAX parameter value length check passed; 'http_limit_max_param_value_length_violation': Limit check - MAX parameter value length violation; 'http_limit_max_params_success': Limit check - MAX parameters check passed; 'http_limit_max_params_violation': Limit check - MAX parameters violation; 'http_limit_max_params_length_success': Limit check - MAX parameters total length check passed; 'http_limit_max_params_length_violation': Limit check - MAX parameters total length violation; 'http_limit_max_post_length_success': MAX POST length check passed; 'http_limit_max_post_length_violation': MAX POST length violation; 'http_limit_max_query_length_success': Limit check - MAX query length check passed; 'http_limit_max_query_length_violation': Limit check - MAX query length violation; 'http_limit_max_request_length_success': Limit check - MAX request length check passed; 'http_limit_max_request_length_violation': Limit check - MAX request length violation; 'http_limit_max_request_line_length_success': Limit check - MAX request line length check passed; 'http_limit_max_request_line_length_violation': Limit check - MAX request line length violation; 'max_url_length_success': Limit check - MAX URL length check passed; 'max_url_length_violation': Limit check - MAX URL length violation; 'http_protocol_allowed_headers_success': HTTP headers check passed; 'http_protocol_allowed_headers_violation': HTTP headers check violation; 'http_protocol_allowed_versions_success': HTTP versions check passed; 'http_protocol_allowed_versions_violation': HTTP versions check violation; 'http_protocol_allowed_method_check_success': HTTP Method Check passed; 'http_protocol_allowed_method_check_violation': HTTP Method Check violation; 'http_protocol_bad_multipart_request_success': Bad multi-part request check passed; 'http_protocol_bad_multipart_request_violation': Bad multi-part request check violation; 'http_protocol_get_with_content_success': GET with content check passed; 'http_protocol_get_with_content_violation': GET with content check violation; 'http_protocol_head_with_content_success': HEAD with content check passed; 'http_protocol_head_with_content_violation': HEAD with content check violation; 'http_protocol_host_header_with_ip_success': Host header with IP check passed; 'http_protocol_host_header_with_ip_violation': Host header with IP check violation; 'http_protocol_invalid_url_encoding_success': Invalid url encoding check passed; 'http_protocol_invalid_url_encoding_violation': Invalid url encoding check violation; 'http_protocol_malformed_content_length_success': Malformed content-length check passed; 'http_protocol_malformed_content_length_violation': Malformed content-length check violation; 'http_protocol_malformed_header_success': Malformed header check passed; 'http_protocol_malformed_header_violation': Malformed header check passed; 'http_protocol_malformed_parameter_success': Malformed parameter check passed; 'http_protocol_malformed_parameter_violation': Malformed parameter check violation; 'http_protocol_malformed_request_success': Malformed request check passed; 'http_protocol_malformed_request_violation': Malformed request check violation; 'http_protocol_malformed_request_line_success': Malformed request line check passed; 'http_protocol_malformed_request_line_violation': Malformed request line check violation; 'http_protocol_missing_header_value_success': Missing header value check violation; 'http_protocol_missing_header_value_violation': Missing header value check violation; 'http_protocol_missing_host_header_success': Missing host header check passed; 'http_protocol_missing_host_header_violation': Missing host header check violation; 'http_protocol_multiple_content_length_success': Multiple content-length headers check passed; 'http_protocol_multiple_content_length_violation': Multiple content-length headers check violation; 'http_protocol_post_with_0_content_success': POST with 0 content check passed; 'http_protocol_post_with_0_content_violation': POST with 0 content check violation; 'http_protocol_post_without_content_success': POST without content check passed; 'http_protocol_post_without_content_violation': POST without content check violation; 'http_protocol_success': HTTP Check passed; 'http_protocol_violation': HTTP Check violation; 'json_check_format_success': JSON Check passed; **Type:** string **Supported Values:** evasion_check_high_ascii_bytes_success, evasion_check_high_ascii_bytes_violation, evasion_check_invalid_hex_encoding_success, evasion_check_invalid_hex_encoding_violation, evasion_check_multiple_encoding_levels_success, evasion_check_multiple_encoding_levels_violation, evasion_check_multiple_slashes_success, evasion_check_multiple_slashes_violation, evasion_check_max_levels_success, evasion_check_max_levels_violation, evasion_check_remove_comments_success, evasion_check_remove_comments_violation, evasion_check_remove_spaces_success, evasion_check_remove_spaces_violation, http_limit_max_content_length_success, http_limit_max_content_length_violation, http_limit_max_cookie_header_length_success, http_limit_max_cookie_header_length_violation, http_limit_max_cookie_name_length_success, http_limit_max_cookie_name_length_violation, http_limit_max_cookie_value_length_success, http_limit_max_cookie_value_length_violation, http_limit_max_cookies_success, http_limit_max_cookies_violation, http_limit_max_cookies_length_success, http_limit_max_cookies_length_violation, http_limit_max_data_parse_success, http_limit_max_data_parse_violation, http_limit_max_entities_success, http_limit_max_entities_violation, http_limit_max_header_length_success, http_limit_max_header_length_violation, http_limit_max_header_name_length_success, http_limit_max_header_name_length_violation, http_limit_max_header_value_length_success, http_limit_max_header_value_length_violation, http_limit_max_headers_success, http_limit_max_headers_violation, http_limit_max_headers_length_success, http_limit_max_headers_length_violation, http_limit_max_param_name_length_success, http_limit_max_param_name_length_violation, http_limit_max_param_value_length_success, http_limit_max_param_value_length_violation, http_limit_max_params_success, http_limit_max_params_violation, http_limit_max_params_length_success, http_limit_max_params_length_violation, http_limit_max_post_length_success, http_limit_max_post_length_violation, http_limit_max_query_length_success, http_limit_max_query_length_violation, http_limit_max_request_length_success, http_limit_max_request_length_violation, http_limit_max_request_line_length_success, http_limit_max_request_line_length_violation, max_url_length_success, max_url_length_violation, http_protocol_allowed_headers_success, http_protocol_allowed_headers_violation, http_protocol_allowed_versions_success, http_protocol_allowed_versions_violation, http_protocol_allowed_method_check_success, http_protocol_allowed_method_check_violation, http_protocol_bad_multipart_request_success, http_protocol_bad_multipart_request_violation, http_protocol_get_with_content_success, http_protocol_get_with_content_violation, http_protocol_head_with_content_success, http_protocol_head_with_content_violation, http_protocol_host_header_with_ip_success, http_protocol_host_header_with_ip_violation, http_protocol_invalid_url_encoding_success, http_protocol_invalid_url_encoding_violation, http_protocol_malformed_content_length_success, http_protocol_malformed_content_length_violation, http_protocol_malformed_header_success, http_protocol_malformed_header_violation, http_protocol_malformed_parameter_success, http_protocol_malformed_parameter_violation, http_protocol_malformed_request_success, http_protocol_malformed_request_violation, http_protocol_malformed_request_line_success, http_protocol_malformed_request_line_violation, http_protocol_missing_header_value_success, http_protocol_missing_header_value_violation, http_protocol_missing_host_header_success, http_protocol_missing_host_header_violation, http_protocol_multiple_content_length_success, http_protocol_multiple_content_length_violation, http_protocol_post_with_0_content_success, http_protocol_post_with_0_content_violation, http_protocol_post_without_content_success, http_protocol_post_without_content_violation, http_protocol_success, http_protocol_violation, json_check_format_success **counters3** **Description** 'json_check_format_violation': JSON Check violation; 'json_check_max_array_value_count_success': JSON Limit Array Value Count check passed; 'json_check_max_array_value_count_violation': JSON Limit Array Value Count violation; 'json_check_max_depth_success': JSON Limit Depth check passed; 'json_check_max_depth_violation': JSON Limit Depth violation; 'json_check_max_object_member_count_success': JSON Limit Object Number Count check passed; 'json_check_max_object_member_count_violation': JSON Limit Object Number Count violation; 'json_check_max_string_success': JSON Limit String check passed; 'json_check_max_string_violation': JSON Limit String violation; 'request_check_bot_success': Bot check passed; 'request_check_bot_violation': Bot check violation; 'request_check_redirect_wlist_success': Redirect Whitelist passed; 'request_check_redirect_wlist_violation': Redirect Whitelist violation; 'request_check_redirect_wlist_learn': Redirect Whitelist Learn; 'request_check_referer_success': Referer Check passed; 'request_check_referer_violation': Referer Check violation; 'request_check_referer_redirect': Referer Check Redirect; 'request_check_session_check_none': Session Created; 'request_check_session_check_success': Session Check passed; 'request_check_session_check_violation': Session Check violation; 'request_check_sqlia_url_success': SQLIA Check URL passed; 'request_check_sqlia_url_violation': SQLIA Check URL violation; 'request_check_sqlia_url_sanitize': SQLIA Check URL Sanitized; 'request_check_sqlia_post_body_success': SQLIA Check Post passed; 'request_check_sqlia_post_body_violation': SQLIA Check Post violation; 'request_check_sqlia_post_body_sanitize': SQLIA Check Post Sanitized; 'request_check_url_list_success': URL Check passed; 'request_check_url_list_violation': URL Check violation; 'request_check_url_list_learn': URL Check Learn; 'request_check_url_whitelist_success': URI White List passed; 'request_check_url_whitelist_violation': URI White List violation; 'request_check_url_blacklist_success': URI Black List passed; 'request_check_url_blacklist_violation': URI Black List violation; 'request_check_xss_cookie_success': XSS Check Cookie passed; 'request_check_xss_cookie_violation': XSS Check Cookie violation; 'request_check_xss_cookie_sanitize': XSS Check Cookie Sanitized; 'request_check_xss_url_success': XSS Check URL passed; 'request_check_xss_url_violation': XSS Check URL violation; 'request_check_xss_url_sanitize': XSS Check URL Sanitized; 'request_check_xss_post_body_success': XSS Check Post passed; 'request_check_xss_post_body_violation': XSS Check Post violation; 'request_check_xss_post_body_sanitize': XSS Check Post Sanitized; 'response_cloaking_hide_status_code_success': Response Hide Code check passed; 'response_cloaking_hide_status_code_violation': Response Hide Code violation; 'response_cloaking_filter_headers_success': Response Headers Filter check passed; 'response_cloaking_filter_headers_violation': Response Headers Filter violation; 'soap_check_success': Soap Check passed; 'soap_check_violation': Soap Check violation; 'xml_check_format_success': XML Check passed; 'xml_check_format_violation': XML Check violation; 'xml_check_max_attr_success': XML Limit Attribute check passed; 'xml_check_max_attr_violation': XML Limit Attribute violation; 'xml_check_max_attr_name_len_success': XML Limit Name Length check passed; 'xml_check_max_attr_name_len_violation': XML Limit Name Length violation; 'xml_check_max_attr_value_len_success': XML Limit Value Length check passed; 'xml_check_max_attr_value_len_violation': XML Limit Value Length violation; 'xml_check_max_cdata_len_success': XML Limit CData Length check passed; 'xml_check_max_cdata_len_violation': XML Limit CData Length violation; 'xml_check_max_elem_success': XML Limit Element check passed; 'xml_check_max_elem_violation': XML Limit Element violation; 'xml_check_max_elem_child_success': XML Limit Element Child check passed; 'xml_check_max_elem_child_violation': XML Limit Element Child violation; 'xml_check_max_elem_depth_success': XML Limit Element Depth check passed; 'xml_check_max_elem_depth_violation': XML Limit Element Depth violation; 'xml_check_max_elem_name_len_success': XML Limit Element Name Length check passed; 'xml_check_max_elem_name_len_violation': XML Limit Element Name Length violation; 'xml_check_max_entity_exp_success': XML Limit Entity Expansions check passed; 'xml_check_max_entity_exp_violation': XML Limit Entity Expansions violation; 'xml_check_max_entity_exp_depth_success': XML Limit Entities Depth check passed; 'xml_check_max_entity_exp_depth_violation': XML Limit Entities Depth violation; 'xml_check_max_namespace_success': XML Limit Namespace check passed; 'xml_check_max_namespace_violation': XML Limit Namespace violation; 'xml_check_namespace_uri_len_success': XML Limit Namespace URI Length check passed; 'xml_check_namespace_uri_len_violation': XML Limit Namespace URI Length violation; 'xml_check_sqlia_success': XML Sqlia Check passed; 'xml_check_sqlia_violation': XML Sqlia Check violation; 'xml_check_xss_success': XML XSS Check passed; 'xml_check_xss_violation': XML XSS Check violation; 'xml_content_check_schema_success': XML Schema passed; 'xml_content_check_schema_violation': XML Schema violation; 'xml_content_check_wsdl_success': WSDL passed; 'xml_content_check_wsdl_violation': WSDL violation; 'learning_list_full': Learning list is full; 'action_allow': Request Action allowed; 'action_deny_200': Request Deny with 200; 'action_deny_403': Request Deny with 403; 'action_deny_redirect': Request Deny with Redirect; 'action_deny_reset': Request Deny with Resets; 'action_drop': Number of Dropped Requests; 'action_deny_custom_response': Request Deny with custom response; 'action_learn': Request Learning Updates; 'action_log': Log request violation; 'policy_limit_exceeded': Policy limit exceeded; 'sessions_alloc': Sessions allocated; 'sessions_freed': Sessions freed; 'out_of_sessions': Out of sessions; 'too_many_sessions': Too many sessions consumed; 'regex_violation': Regular expression failure; 'request_check_command_injection_cookies_success': Command Injection Check cookies passed; 'request_check_command_injection_cookies_violation': Command Injection Check cookies violation; 'request_check_command_injection_headers_success': Command Injection Check headers passed; 'request_check_command_injection_headers_violation': Command Injection Check headers violation; 'request_check_command_injection_uri_query_success': Command Injection Check url query arguments passed; 'request_check_command_injection_uri_query_violation': Command Injection Check url query arguments violation; 'request_check_command_injection_form_body_success': Command Injection Check form body arguments passed; 'request_check_command_injection_form_body_violation': Command Injection Check form body arguments violation; 'cookie_security_decrypt_in_grace_period_violation': Cookie Decrypt violation but in grace period; 'form_response_non_post_success': Response form method was POST; 'form_response_non_post_violation': Response form method was not POST; 'form_response_non_post_sanitize': Changed response form method to POST; 'xml_check_max_entity_decl_success': XML Limit Entity Decl check passed; 'xml_check_max_entity_decl_violation': XML Limit Entity Decl violation; 'xml_check_max_entity_depth_success': XML Limit Entity Depth check passed; 'xml_check_max_entity_depth_violation': XML Limit Entity Depth violation; 'action_response_allow': Response Action allowed; 'action_response_deny_200': Response Deny with 200; **Type:** string **Supported Values:** json_check_format_violation, json_check_max_array_value_count_success, json_check_max_array_value_count_violation, json_check_max_depth_success, json_check_max_depth_violation, json_check_max_object_member_count_success, json_check_max_object_member_count_violation, json_check_max_string_success, json_check_max_string_violation, request_check_bot_success, request_check_bot_violation, request_check_redirect_wlist_success, request_check_redirect_wlist_violation, request_check_redirect_wlist_learn, request_check_referer_success, request_check_referer_violation, request_check_referer_redirect, request_check_session_check_none, request_check_session_check_success, request_check_session_check_violation, request_check_sqlia_url_success, request_check_sqlia_url_violation, request_check_sqlia_url_sanitize, request_check_sqlia_post_body_success, request_check_sqlia_post_body_violation, request_check_sqlia_post_body_sanitize, request_check_url_list_success, request_check_url_list_violation, request_check_url_list_learn, request_check_url_whitelist_success, request_check_url_whitelist_violation, request_check_url_blacklist_success, request_check_url_blacklist_violation, request_check_xss_cookie_success, request_check_xss_cookie_violation, request_check_xss_cookie_sanitize, request_check_xss_url_success, request_check_xss_url_violation, request_check_xss_url_sanitize, request_check_xss_post_body_success, request_check_xss_post_body_violation, request_check_xss_post_body_sanitize, response_cloaking_hide_status_code_success, response_cloaking_hide_status_code_violation, response_cloaking_filter_headers_success, response_cloaking_filter_headers_violation, soap_check_success, soap_check_violation, xml_check_format_success, xml_check_format_violation, xml_check_max_attr_success, xml_check_max_attr_violation, xml_check_max_attr_name_len_success, xml_check_max_attr_name_len_violation, xml_check_max_attr_value_len_success, xml_check_max_attr_value_len_violation, xml_check_max_cdata_len_success, xml_check_max_cdata_len_violation, xml_check_max_elem_success, xml_check_max_elem_violation, xml_check_max_elem_child_success, xml_check_max_elem_child_violation, xml_check_max_elem_depth_success, xml_check_max_elem_depth_violation, xml_check_max_elem_name_len_success, xml_check_max_elem_name_len_violation, xml_check_max_entity_exp_success, xml_check_max_entity_exp_violation, xml_check_max_entity_exp_depth_success, xml_check_max_entity_exp_depth_violation, xml_check_max_namespace_success, xml_check_max_namespace_violation, xml_check_namespace_uri_len_success, xml_check_namespace_uri_len_violation, xml_check_sqlia_success, xml_check_sqlia_violation, xml_check_xss_success, xml_check_xss_violation, xml_content_check_schema_success, xml_content_check_schema_violation, xml_content_check_wsdl_success, xml_content_check_wsdl_violation, learning_list_full, action_allow, action_deny_200, action_deny_403, action_deny_redirect, action_deny_reset, action_drop, action_deny_custom_response, action_learn, action_log, policy_limit_exceeded, sessions_alloc, sessions_freed, out_of_sessions, too_many_sessions, regex_violation, request_check_command_injection_cookies_success, request_check_command_injection_cookies_violation, request_check_command_injection_headers_success, request_check_command_injection_headers_violation, request_check_command_injection_uri_query_success, request_check_command_injection_uri_query_violation, request_check_command_injection_form_body_success, request_check_command_injection_form_body_violation, cookie_security_decrypt_in_grace_period_violation, form_response_non_post_success, form_response_non_post_violation, form_response_non_post_sanitize, xml_check_max_entity_decl_success, xml_check_max_entity_decl_violation, xml_check_max_entity_depth_success, xml_check_max_entity_depth_violation, action_response_allow, action_response_deny_200 **counters4** **Description** 'action_response_deny_403': Response Deny with 403; 'action_response_deny_redirect': Response Deny with Redirect; 'action_response_deny_reset': Deny with Resets; 'action_response_drop': Number of Dropped Responses; 'action_response_deny_custom_response': Response Deny with custom response; 'action_response_learn': Response Learning Updates; 'action_response_log': Log response violation; 'http_protocol_post_without_content_type_success': POST without content type check passed; 'http_protocol_post_without_content_type_violation': POST without content type check violation; 'http_protocol_body_without_content_type_success': Body without content type check passed; 'http_protocol_body_without_content_type_violation': Body without content type check violation; 'http_protocol_non_ssl_cookie_prefix_success': Cookie Name Prefix check passed; 'http_protocol_non_ssl_cookie_prefix_violation': Cookie Name Prefix check violation; 'cookie_security_add_samesite_success': Cookie Security - samesite attribute added successfully; 'cookie_security_add_samesite_violation': Cookie Security - samesite attribute violation; 'rule_set_request': Requests hanlded by WAF rule set; 'rule_set_response': Responses hanlded by WAF rule set; 'phase1_pass': WAF rule set pass hits in phase 1; 'phase1_allow': WAF rule set allow hits in phase 1; 'phase1_deny': WAF rule set deny hits in phase 1; 'phase1_drop': WAF rule set drop hits in phase 1; 'phase1_redirect': WAF rule set redirect hits in phase 1; 'phase1_other': WAF rule set other hits in phase 1; 'phase2_pass': WAF rule set pass hits in phase 2; 'phase2_allow': WAF rule set allow hits in phase 2; 'phase2_deny': WAF rule set deny hits in phase 2; 'phase2_drop': WAF rule set drop hits in phase 2; 'phase2_redirect': WAF rule set redirect hits in phase 2; 'phase2_other': WAF rule set other hits in phase 2; 'phase3_pass': WAF rule set pass hits in phase 3; 'phase3_allow': WAF rule set allow hits in phase 3; 'phase3_deny': WAF rule set deny hits in phase 3; 'phase3_drop': WAF rule set drop hits in phase 3; 'phase3_redirect': WAF rule set redirect hits in phase 3; 'phase3_other': WAF rule set other hits in phase 3; 'phase4_pass': WAF rule set pass hits in phase 4; 'phase4_allow': WAF rule set allow hits in phase 4; 'phase4_deny': WAF rule set deny hits in phase 4; 'phase4_drop': WAF rule set drop hits in phase 4; 'phase4_redirect': WAF rule set redirect hits in phase 4; 'phase4_other': WAF rule set other hits in phase 4; **Type:** string **Supported Values:** action_response_deny_403, action_response_deny_redirect, action_response_deny_reset, action_response_drop, action_response_deny_custom_response, action_response_learn, action_response_log, http_protocol_post_without_content_type_success, http_protocol_post_without_content_type_violation, http_protocol_body_without_content_type_success, http_protocol_body_without_content_type_violation, http_protocol_non_ssl_cookie_prefix_success, http_protocol_non_ssl_cookie_prefix_violation, cookie_security_add_samesite_success, cookie_security_add_samesite_violation, rule_set_request, rule_set_response, phase1_pass, phase1_allow, phase1_deny, phase1_drop, phase1_redirect, phase1_other, phase2_pass, phase2_allow, phase2_deny, phase2_drop, phase2_redirect, phase2_other, phase3_pass, phase3_allow, phase3_deny, phase3_drop, phase3_redirect, phase3_other, phase4_pass, phase4_allow, phase4_deny, phase4_drop, phase4_redirect, phase4_other .. _3291_template-list: template-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **brute-force-protection** **Description:** brute-force-protection is a **JSON Block**. Please see below for :ref:`3291_template-list_brute-force-protection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/brute-force-protection ` **cookie-security** **Description:** cookie-security is a **JSON Block**. Please see below for :ref:`3291_template-list_cookie-security` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/cookie-security ` **csp** **Description** Insert HTTP header Content-Security-Policy if necessary **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **csp-insert-type** **Description** 'insert-if-not-exist': Only insert the header when it does not exist; 'insert-always': Always insert the header even when there is a header with the same name; **Type:** string **Supported Values:** insert-if-not-exist, insert-always **csp-value** **Description** CSP header value, e.g., "script-src 'none'" **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **data-leak-prevention** **Description:** data-leak-prevention is a **JSON Block**. Please see below for :ref:`3291_template-list_data-leak-prevention` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/data-leak-prevention ` **deploy-mode** **Description** 'active': Deploy WAF in active (blocking) mode; 'passive': Deploy WAF in passive (log-only) mode; 'learning': Deploy WAF in learning mode; **Type:** string **Supported Values:** active, passive, learning **Default:** active **evasion-check** **Description:** evasion-check is a **JSON Block**. Please see below for :ref:`3291_template-list_evasion-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/evasion-check ` **form-protection** **Description:** form-protection is a **JSON Block**. Please see below for :ref:`3291_template-list_form-protection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/form-protection ` **http-limit-check** **Description:** http-limit-check is a **JSON Block**. Please see below for :ref:`3291_template-list_http-limit-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/http-limit-check ` **http-protocol-check** **Description:** http-protocol-check is a **JSON Block**. Please see below for :ref:`3291_template-list_http-protocol-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/http-protocol-check ` **http-redirect** **Description** Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** http-redirect,http-resp-200, reset-conn, and http-resp-403 are mutually exclusive **http-resp-200** **Description** Send HTTP response with status code 200 OK **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** http-resp-200,http-redirect, reset-conn, and http-resp-403 are mutually exclusive **http-resp-403** **Description** Send HTTP response with status code 403 Forbidden (default) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** http-resp-403,http-redirect, http-resp-200, and reset-conn are mutually exclusive **json-check** **Description:** json-check is a **JSON Block**. Please see below for :ref:`3291_template-list_json-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/json-check ` **learn-pr** **Description** Enable per-request logs for WAF learning **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-succ-reqs** **Description** Log successful waf requests **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **logging** **Description** Logging template (Logging Config name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/logging ` **name** **Description** WAF Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **parent** **Description** inherit from parent template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **parent-template-waf** **Description** WAF template (WAF Config name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/waf/template ` **pcre-match-limit** **Description** Maximum number of matches allowed (default 30000) **Type:** number **Range:** 1000-1500000 **Default:** 30000 **pcre-match-recursion-limit** **Description** Maximum levels of recursive allowed (default 5000) **Type:** number **Range:** 100-150000 **Default:** 5000 **request-check** **Description:** request-check is a **JSON Block**. Please see below for :ref:`3291_template-list_request-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/request-check ` **reset-conn** **Description** Reset the client connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** reset-conn,http-redirect, http-resp-200, and http-resp-403 are mutually exclusive **resp-url-200** **Description** Response content to send client when denying request **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **resp-url-403** **Description** Response content to send client when denying request **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **response-cloaking** **Description:** response-cloaking is a **JSON Block**. Please see below for :ref:`3291_template-list_response-cloaking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/response-cloaking ` **soap-format-check** **Description** Check XML document for SOAP format compliance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **violation-log-mask** **Description:** violation-log-mask is a **JSON Block**. Please see below for :ref:`3291_template-list_violation-log-mask` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/violation-log-mask ` **wsdl-file** **Description** Specify name of WSDL file for verifying XML body contents **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** wsdl-file and wsdl-resp-val-file are mutually exclusive **wsdl-resp-val-file** **Description** Specify name of WSDL file for verifying XML body contents **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** wsdl-resp-val-file and wsdl-file are mutually exclusive **xml-check** **Description:** xml-check is a **JSON Block**. Please see below for :ref:`3291_template-list_xml-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/waf/template/{name}/xml-check ` **xml-schema-file** **Description** Specify name of XML-Schema file for verifying XML body contents **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** xml-schema-file and xml-schema-resp-val-file are mutually exclusive **xml-schema-resp-val-file** **Description** Specify name of XML-Schema file for verifying XML body contents **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** xml-schema-resp-val-file and xml-schema-file are mutually exclusive .. _3291_template-list_violation-log-mask: template-list_violation-log-mask ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **query-param-name-equal-type** **Description** 'equals': Mask the query value if the query name equals to the string; **Type:** string **Supported Values:** equals **query-param-name-value** **Description** The list of Query parameter names **Type:** string **Format:** string-rlx **Maximum Length:** 1031 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_template-list_data-leak-prevention: template-list_data-leak-prevention ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ccn-mask** **Description** Mask credit card numbers in response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **keep-end** **Description** Number of unmasked characters at the end (default: 0) **Type:** number **Range:** 0-65535 **keep-start** **Description** Number of unmasked characters at the beginning (default: 0) **Type:** number **Range:** 0-65535 **mask** **Description** Character to mask the matched pattern (default: X) **Type:** string **Format:** string-rlx **Maximum Length:** 1 characters **Maximum Length:** 1 characters **pcre-mask** **Description** Mask matched PCRE pattern in response **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssn-mask** **Description** Mask US Social Security numbers in response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_template-list_brute-force-protection: template-list_brute-force-protection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **brute-force-challenge-limit** **Description** Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2)) **Type:** number **Range:** 0-65535 **Default:** 2 **brute-force-global** **Description** Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **brute-force-lockout-limit** **Description** Maximum brute-force events before locking out client (default 5) **Type:** number **Range:** 0-65535 **Default:** 5 **brute-force-lockout-period** **Description** Number of seconds client should be locked out (default 600) **Type:** number **Range:** 0-1800 **Default:** 600 **brute-force-resp-codes** **Description** Trigger brute-force check on HTTP response code **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **brute-force-resp-codes-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **brute-force-resp-headers** **Description** Trigger brute-force check on HTTP response header names **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **brute-force-resp-headers-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **brute-force-resp-string** **Description** Trigger brute-force check on HTTP response reason phrase **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **brute-force-resp-string-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **brute-force-test-period** **Description** Number of seconds for brute-force event counting (default 60) **Type:** number **Range:** 0-600 **Default:** 60 **challenge-action-captcha** **Description** Initiate a Captcha to verify client can respond **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **challenge-action-cookie** **Description** Use Set-Cookie to determine if client allows cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **challenge-action-javascript** **Description** Add JavaScript to response to test if client allows JavaScript **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-disable-action** **Description** 'enable': Enable brute force protections; 'disable': Disable brute force protections (default); **Type:** string **Supported Values:** enable, disable **Default:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_template-list_request-check: template-list_request-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bot-check** **Description** Check User-Agent for known bots **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **bot-check-policy-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **command-injection-check** **Description** Check to protect against command injection attacks **Type:** string **Format:** enum-list **command-injection-check-policy-file** **Description** Name of WAF policy command injection list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **lifetime** **Description** Session lifetime in minutes (default 10) **Type:** number **Range:** 1-1440 **Default:** 10 **redirect-whitelist** **Description** Check Redirect URL against list of previously learned redirects **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **referer-check** **Description** Check referer to protect against CSRF attacks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **referer-domain-list** **Description** List of referer domains allowed **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** referer-domain-list and referer-domain-list-only are mutually exclusive **referer-domain-list-only** **Description** List of referer domains allowed **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** referer-domain-list-only and referer-domain-list are mutually exclusive **referer-safe-url** **Description** Safe URL to redirect to if referer is missing **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **session-check** **Description** Enable session checking via session cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sqlia-check** **Description** 'reject': Reject requests with SQLIA patterns; **Type:** string **Supported Values:** reject **sqlia-check-policy-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **url-blacklist** **Description** specify name of WAF policy list file to blacklist **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **url-learned-list** **Description** Check URL against list of previously learned URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **url-whitelist** **Description** specify name of WAF policy list file to whitelist **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **waf-blacklist-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **waf-whitelist-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **xss-check** **Description** 'reject': Reject requests with bad cookies; **Type:** string **Supported Values:** reject **xss-check-policy-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _3291_template-list_cookie-security: template-list_cookie-security ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-missing-cookie** **Description** Allow requests with missing cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-unrecognized-cookie** **Description** Allow requests with unrecognized cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cookie-policy** **Type:** List **enable-disable-action** **Description** 'enable': Enable cookie security (default); 'disable': Disable cookie security; **Type:** string **Supported Values:** enable, disable **Default:** enable **set-cookie-policy** **Type:** List **tamper-protection-grace-period** **Description** Allow unrecognized cookies for a period of time after cookie encryption being applied (default 120 minutes) **Type:** number **Range:** 0-43200 **Default:** 120 **tamper-protection-http-only** **Description** Add HttpOnly flag to cookies not in set-cookie-policy list (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **tamper-protection-samesite** **Description** 'none': none; 'lax': lax; 'strict': strict; **Type:** string **Supported Values:** none, lax, strict **Default:** none **tamper-protection-secret** **Description** Cookie encryption secret **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tamper-protection-secret-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **tamper-protection-secure** **Description** Add Secure flag to cookies not in set-cookie-policy list (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **tamper-protection-session-cookie-only** **Description** Only encrypt session cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tamper-protection-sign** **Description** Sign cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** tamper-protection-sign and tamper-protection-encrypt are mutually exclusive **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_template-list_cookie-security_set-cookie-policy: template-list_cookie-security_set-cookie-policy ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **set-cookie-policy-allow** **Description** Allow the cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **set-cookie-policy-disallow** **Description** Block the cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **set-cookie-policy-http-only** **Description** Add HttpOnly flag to cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **set-cookie-policy-name** **Description** Name of cookie **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **set-cookie-policy-samesite** **Description** 'none': none; 'lax': lax; 'strict': strict; **Type:** string **Supported Values:** none, lax, strict **set-cookie-policy-secret** **Description** Cookie encryption secret **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **set-cookie-policy-secret-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **set-cookie-policy-secure** **Description** Add Secure flag to cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **set-cookie-policy-sign** **Description** Sign cookies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** set-cookie-policy-sign and set-cookie-policy-encrypt are mutually exclusive .. _3291_template-list_cookie-security_cookie-policy: template-list_cookie-security_cookie-policy ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cookie-policy-allow** **Description** Allow the cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cookie-policy-disallow** **Description** Block the cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cookie-policy-name** **Description** Name of cookie **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _3291_template-list_response-cloaking: template-list_response-cloaking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **filter-headers** **Description** Removes web server's identifying headers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hide-status-codes** **Description** Hides response status codes that are not allowed (default 4xx, 5xx) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hide-status-codes-file** **Description** Name of WAF policy list file **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_template-list_json-check: template-list_json-check ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **format-check** **Description** Check HTTP body for JSON format compliance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-array-values** **Description** Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256)) **Type:** number **Range:** 0-4096 **Default:** 256 **max-depth** **Description** Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16)) **Type:** number **Range:** 0-4096 **Default:** 16 **max-object-members** **Description** Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256)) **Type:** number **Range:** 0-4096 **Default:** 256 **max-string-length** **Description** Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64)) **Type:** number **Range:** 0-4096 **Default:** 64 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_template-list_http-protocol-check: template-list_http-protocol-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allowed-headers** **Description** Enable allowed-headers check (default disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allowed-headers-list** **Description** Allowed HTTP headers. Default "Host Referer User-Agent Accept Accept-Encoding ..." (see docs for full list) (Allowed HTTP headers (default "Host Referer User-Agent Accept Accept-Encoding ..." (see docs for full list))) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Default:** Host Referer User-Agent Accept Accept-Encoding Accept-Language Accept-Language Authorization Cache-Control Content-Length **allowed-methods** **Description** Enable allowed-methods check (default disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allowed-methods-list** **Description** List of allowed HTTP methods. Default is "GET POST". (List of HTTP methods allowed (default "GET POST")) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Default:** GET POST **allowed-versions** **Description** Enable allowed-versions check (default disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allowed-versions-list** **Description** List of allowed HTTP versions (default "1.0 1.1 2") **Type:** string **Format:** enum-list **Default:** 1.0,1.1,2 **bad-multipart-request** **Description** Check for bad multipart/form-data request body **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **body-without-content-type** **Description** Check for Body request without Content-Type header in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** Disable all checks for HTTP protocol compliance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **get-with-content** **Description** Check for GET request with Content-Length headers in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **head-with-content** **Description** Check for HEAD request with Content-Length headers in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **host-header-with-ip** **Description** Check for Host header with IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **invalid-url-encoding** **Description** Check for invalid URL encoding in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-content-length** **Description** Check for malformed content-length in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-header** **Description** Check for malformed HTTP header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-parameter** **Description** Check for malformed HTTP query/POST parameter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-request** **Description** Check for malformed HTTP request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-request-line** **Description** Check for malformed HTTP request line **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **missing-header-value** **Description** Check for missing header value in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **missing-host-header** **Description** Check for missing Host header in HTTP/1.1 request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multiple-content-length** **Description** Check for multiple Content-Length headers in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **non-ssl-cookie-prefix** **Description** Check for Bad __Secure- or __Host- Cookie Name prefixes in non-ssl request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **post-with-0-content** **Description** Check for POST request with Content-Length 0 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **post-without-content** **Description** Check for POST request without Content-Length/Chunked Encoding headers in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **post-without-content-type** **Description** Check for POST request without Content-Type header in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_template-list_xml-check: template-list_xml-check ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **disable** **Description** Disable all checks for XML limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **format** **Description** Check HTTP body for XML format compliance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-attr** **Description** Maximum number of attributes of an XML element (default 256) **Type:** number **Range:** 0-256 **Default:** 256 **max-attr-name-len** **Description** Maximum length of an attribute name (default 128) **Type:** number **Range:** 0-2048 **Default:** 128 **max-attr-value-len** **Description** Maximum length of an attribute text value (default 128) **Type:** number **Range:** 0-4096 **Default:** 128 **max-cdata-len** **Description** Maximum length of an CDATA section of an element (default 65535) **Type:** number **Range:** 0-65535 **Default:** 65535 **max-elem** **Description** Maximum number of XML elements (default 1024) **Type:** number **Range:** 0-8192 **Default:** 1024 **max-elem-child** **Description** Maximum number of children of an XML element (default 1024) **Type:** number **Range:** 0-4096 **Default:** 1024 **max-elem-depth** **Description** Maximum recursion level for element definition (default 256) **Type:** number **Range:** 0-4096 **Default:** 256 **max-elem-name-len** **Description** Maximum length for an element name (default 128) **Type:** number **Range:** 0-65535 **Default:** 128 **max-entity-decl** **Description** Maximum number of entity declarations (default 1024) **Type:** number **Range:** 0-1024 **Default:** 1024 **max-entity-depth** **Description** Maximum depth of entities (default 32) **Type:** number **Range:** 0-32 **Default:** 32 **max-entity-exp** **Description** Maximum number of entity expansions (default 1024) **Type:** number **Range:** 0-1024 **Default:** 1024 **max-entity-exp-depth** **Description** Maximum nested depth of entity expansions (default 32) **Type:** number **Range:** 0-32 **Default:** 32 **max-namespace** **Description** Maximum number of namespace declarations (default 16) **Type:** number **Range:** 0-256 **Default:** 16 **max-namespace-uri-len** **Description** Maximum length of a namespace URI (default 256) **Type:** number **Range:** 0-1024 **Default:** 256 **sqlia** **Description** Check XML data against SQLIA policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **xss** **Description** Check XML data against XSS policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3291_template-list_http-limit-check: template-list_http-limit-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **disable** **Description** Disable all checks for HTTP limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-content-length** **Description** Max length of content (Maximum length of content allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-content-length-value** **Description** Max length of content (default 4096) (Maximum length of content allowed (default 4096)) **Type:** number **Range:** 0-2147483647 **Default:** 4096 **max-cookie-header-length** **Description** Max Cookie header length allowed in request (Maximum length of cookie header allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookie-header-length-value** **Description** Max Cookie header length allowed in request (default 4096) (Maximum length of cookie header allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-cookie-name-length** **Description** Max Cookie name length allowed in request (Maximum length of cookie name allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookie-name-length-value** **Description** Max Cookie name length allowed in request (default 64) (Maximum length of cookie name allowed (default 64)) **Type:** number **Range:** 0-65535 **Default:** 64 **max-cookie-value-length** **Description** Max Cookie value length allowed in request (Maximum length of cookie value allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookie-value-length-value** **Description** Max Cookie value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-cookies** **Description** Max Cookies allowed in request (Maximum number of cookie allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookies-length** **Description** Total Cookies length allowed in request (Maximum length of all cookies in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-cookies-length-value** **Description** Total Cookies length allowed in request (default 4096) (Maximum length of all cookies in request (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-cookies-value** **Description** Max Cookies allowed in request (default 20) (Maximum number of cookie allowed (default 20)) **Type:** number **Range:** 0-1023 **Default:** 20 **max-data-parse** **Description** Max data to be parsed for Web Application Firewall **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-data-parse-value** **Description** Max data to be parsed for Web Application Firewall (default 262144) **Type:** number **Range:** 0-2097152 **Default:** 262144 **max-entities** **Description** Maximum number of MIME entities allowed in request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-entities-value** **Description** Maximum number of MIME entities allowed in request (default 10) **Type:** number **Range:** 0-512 **Default:** 10 **max-header-length** **Description** Max header length allowed in request (Maximum length of header allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-header-length-value** **Description** Max header length allowed in request (default 4096) (Maximum length of header allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-header-name-length** **Description** Max header name length allowed in request (Maximum length of header name allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-header-name-length-value** **Description** Max header name length allowed in request (default 64) (Maximum length of header name allowed (default 64)) **Type:** number **Range:** 0-65535 **Default:** 64 **max-header-value-length** **Description** Max header value length allowed in request (Maximum length of header value allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-header-value-length-value** **Description** Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-headers** **Description** Total number of headers allowed in request (Maximum number of headers in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-headers-length** **Description** Total headers length allowed in request (Maximum length of all headers in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-headers-length-value** **Description** Total headers length allowed in request (default 4096) (Maximum length of all headers in request (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-headers-value** **Description** Total number of headers allowed in request (default 64) (Maximum number of headers in request (default 64)) **Type:** number **Range:** 0-255 **Default:** 64 **max-param-name-length** **Description** Max query/POST parameter name length allowed in request (Maximum length of query/POST parameter names allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-param-name-length-value** **Description** Max query/POST parameter name length allowed in request (default 256) (Maximum length of query/POST parameter names allowed (default 256)) **Type:** number **Range:** 0-65535 **Default:** 256 **max-param-value-length** **Description** Max query/POST parameter value length allowed in request (Maximum length of query/POST parameter value allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-param-value-length-value** **Description** Max query/POST parameter value length allowed in request (default 4096) (Maximum length of query/POST parameter value allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-params** **Description** Total query/POST parameters allowed in request (Maximum number of query/POST parameters in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-params-length** **Description** Total query/POST parameters length allowed in request (Maximum length of all params in request) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-params-length-value** **Description** Total query/POST parameters length allowed in request (default 4096) (Maximum length of all params in request (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-params-value** **Description** Total query/POST parameters allowed in request (default 64) (Maximum number of query/POST parameters in request (default 64)) **Type:** number **Range:** 0-1024 **Default:** 64 **max-post-length** **Description** Maximum content length allowed in POST request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-post-length-value** **Description** Maximum content length allowed in POST request (default 20480) **Type:** number **Range:** 0-2147483647 **Default:** 20480 **max-query-length** **Description** Max length of query string (Maximum length of query string allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-query-length-value** **Description** Max length of query string (default 4096) (Maximum length of query string allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-request-length** **Description** Max length of request (Maximum length of request allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-request-length-value** **Description** Max length of request (default 20480) (Maximum length of request allowed (default 20480)) **Type:** number **Range:** 0-2147483647 **Default:** 20480 **max-request-line-length** **Description** Max length of request line (Maximum length of request line) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-request-line-length-value** **Description** Max length of request line (default 4096) (Maximum length of request line (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **max-url-length** **Description** Max length of url (Maximum length of url allowed) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-url-length-value** **Description** Max length of url (default 4096) (Maximum length of url allowed (default 4096)) **Type:** number **Range:** 0-65535 **Default:** 4096 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_template-list_evasion-check: template-list_evasion-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **apache-whitespace** **Description** Check for whitespace characters in URL **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **decode-entities** **Description** Decode entities in internal url (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **decode-escaped-chars** **Description** Decode escaped characters such as \r \n \" \xXX \u00YY in internal url (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **decode-plus-chars** **Description** Decode '+' as space in URL (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **decode-unicode-chars** **Description** Check for evasion attempt using %u encoding of Unicode chars to bypass (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **dir-traversal** **Description** Check for directory traversal attempt (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **high-ascii-bytes** **Description** Check for evasion attempt using ASCII bytes with values **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **invalid-hex-encoding** **Description** Check for evasion attempt using invalid hex characters (not in 0-9,a-f) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-levels** **Description** Max levels of encoding allowed in request (default 2) **Type:** number **Range:** 0-64 **Default:** 2 **multiple-encoding-levels** **Description** Check for evasion attempt using multiple levels of encoding **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multiple-slashes** **Description** Check for evasion attempt using multiple slashes/backslashes **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **remove-comments** **Description** Remove comments from internal url **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **remove-spaces** **Description** Remove spaces from internal url (default on) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_template-list_form-protection: template-list_form-protection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **csrf-check** **Description** Tag the form to protect against Cross-site Request Forgery **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-disable-action** **Description** 'enable': Enable web form protections (default); 'disable': Disable web form protections; **Type:** string **Supported Values:** enable, disable **Default:** enable **field-consistency-check** **Description** Form input consistency check **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-caching** **Description** Disable caching for response with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-non-post** **Description** Check whether POST is used for request with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-non-ssl** **Description** Check whether SSL is used for request with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-request-non-post** **Description** Check whether POST is used for request with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-response-non-post** **Description** Check whether form method POST is used for response with forms **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **form-check-response-non-post-sanitize** **Description** Change form method GET to POST (Use with caution: make sure server application still work) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **password-check-autocomplete** **Description** Check to protect against server-generated form which contain password fields that allow autocomplete **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **password-check-non-masked** **Description** Check forms that have a password field with a textual type, resulting in this field not being masked **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **password-check-non-ssl** **Description** Check forms that has a password field if the form is not sent over an SSL connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_xml-schema: xml-schema ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-filesize** **Description** Set maximum XML-Schema file size (Maximum file size in KBytes, default is 32K) **Type:** number **Range:** 16-256 **Default:** 32 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_policy: policy ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-filesize** **Description** Set maximum WAF policy file size (Maximum file size in KBytes, default is 32K) **Type:** number **Range:** 16-10240 **Default:** 32 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3291_wsdl: wsdl ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-filesize** **Description** Set maximum WSDL file size (Maximum file size in KBytes, default is 32K) **Type:** number **Range:** 16-256 **Default:** 32 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters