.. _waf_template_form_protection:

waf template form-protection
============================

Web form protection


form-protection Specification
-----------------------------

	===================================== ============================================================================
	 **Parameter**                         **Value** 

	===================================== ============================================================================
	 **Type**                              *Configuration Resource*

	 **Element Name**                      form-protection

	 **Element URI**                       /axapi/v3/waf/template/{name}/form-protection

	 **Element Attributes**                form-protection_attributes

	 **Partition Visibility**              shared

	 **Schema**                             :download:`form-protection schema <waf-template-form-protection/waf-template-form-protection.txt>`
	===================================== ============================================================================





	**Operations Allowed:**




.. raw:: html

   <script type="text/javascript">
 function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
   function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
 </script>
   <table width='90%' style='margin-left:5%'>



.. raw:: html

   <tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/form-protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`3279_form-protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get Object



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/form-protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`3279_form-protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Modify Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/form-protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`3279_form-protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Replace Object



.. raw:: html

   </td><td valign = 'top'>


PUT



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/form-protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`3279_form-protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Delete Object



.. raw:: html

   </td><td valign = 'top'>


DELETE



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/form-protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`3279_form-protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   </table>

.. _3279_form-protection_attributes:

form-protection attributes
--------------------------

    **csrf-check**

        **Description** Tag the form to protect against Cross-site Request Forgery

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **enable-disable-action**

        **Description** 'enable': Enable web form protections (default); 'disable': Disable web form protections; 

        **Type:** string

        **Supported Values:** enable, disable

        **Default:** enable

    **field-consistency-check**

        **Description** Form input consistency check

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **form-check-caching**

        **Description** Disable caching for response with forms

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **form-check-non-post**

        **Description** Check whether POST is used for request with forms

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **form-check-non-ssl**

        **Description** Check whether SSL is used for request with forms

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **form-check-request-non-post**

        **Description** Check whether POST is used for request with forms

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **form-check-response-non-post**

        **Description** Check whether form method POST is used for response with forms

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **form-check-response-non-post-sanitize**

        **Description** Change form method GET to POST (Use with caution: make sure server application still work)

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **password-check-autocomplete**

        **Description** Check to protect against server-generated form which contain password fields that allow autocomplete

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **password-check-non-masked**

        **Description** Check forms that have a password field with a textual type, resulting in this field not being masked

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **password-check-non-ssl**

        **Description** Check forms that has a password field if the form is not sent over an SSL connection

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **uuid**

        **Description** uuid of the object

        **Type:** string

        **Maximum Length:** 64 characters

        **Maximum Length:** 1 characters