waf¶
WAF related commands
waf Specification¶
Parameter Value Type Intermediate Resource Element Name waf Element URI /axapi/v3/waf Element Attributes waf_attributes Partition Visibility shared Schema waf schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/waf | waf_attributes |
waf attributes¶
global
Description: global is a JSON Block. Please see below for global
Type: Object
Reference Object: /axapi/v3/waf/global
policy
Description: policy is a JSON Block. Please see below for policy
Type: Object
Reference Object: /axapi/v3/waf/policy
rule-set-config-list
Type: List
Reference Object: /axapi/v3/waf/rule-set-config/{name}
template-list
Type: List
Reference Object: /axapi/v3/waf/template/{name}
wsdl
Description: wsdl is a JSON Block. Please see below for wsdl
Type: Object
Reference Object: /axapi/v3/waf/wsdl
xml-schema
Description: xml-schema is a JSON Block. Please see below for xml-schema
Type: Object
Reference Object: /axapi/v3/waf/xml-schema
rule-set-config-list¶
Specification Value Type list Block object keys deploy-mode
Description ‘active’: Deploy WAF rule-set in active mode; ‘monitor’: Deploy WAF rule-set in monitor mode, only log and statistics.;
Type: string
Supported Values: active, monitor
max-process-time
Description Specify maximum request processing time (in ms) per phase (default: 80)
Type: number
Range: 40-1500
max-rules-per-phase
Description Specify maximum rules per phase (default: 10000)
Type: number
Range: 100-65535
name
Description WAF rule-set-config template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
process-timeout-action
Description ‘drop’: Drop the request; ‘deny’: Deny the request; ‘allow’: Allow the request;
Type: string
Supported Values: drop, deny, allow
request-body-access
Description ‘on’: WAF rule-set allow request body processing; ‘off’: WAF rule-set disable request body processing;
Type: string
Supported Values: on, off
request-body-default-action
Description Specify WAF rule-set default actions for request-body phase (default: log,deny) (Specify default actions (ex: log,deny))
Type: string
Format: string-rlx
Maximum Length: 256 characters
Maximum Length: 1 characters
request-body-limit
Description Specify maximum request body size in KB for buffering (default: 1024)
Type: number
Range: 1-1048576
request-body-limit-action
Description ‘reject’: Reject the request (default); ‘process-partial’: Process partial request body;
Type: string
Supported Values: reject, process-partial
request-header-default-action
Description Specify WAF rule-set default actions for request-header phase (default: log,deny) (Specify default actions (ex: log,deny))
Type: string
Format: string-rlx
Maximum Length: 256 characters
Maximum Length: 1 characters
response-body-access
Description ‘on’: WAF rule-set allow response body processing; ‘off’: WAF rule-set disable response body processing;
Type: string
Supported Values: on, off
response-body-default-action
Description Specify WAF rule-set default actions for response-body phase (default: log,pass) (Specify default actions (ex: log,deny))
Type: string
Format: string-rlx
Maximum Length: 256 characters
Maximum Length: 1 characters
response-body-limit
Description Specify maximum response body in KB size for buffering (default: 512)
Type: number
Range: 1-1048576
response-body-limit-action
Description ‘reject’: Reject the response; ‘process-partial’: Process partial response body (default);
Type: string
Supported Values: reject, process-partial
response-body-mime-type
Description Specify MIME types that WAF rule-set will process (default: text/plain text/html) (Specify MIME types (ex: text/plain text/html))
Type: string
Format: string-rlx
Maximum Length: 1024 characters
Maximum Length: 1 characters
response-header-default-action
Description Specify WAF rule-set default actions for response-header phase (default: log,pass) (Specify default actions (ex: log,deny))
Type: string
Format: string-rlx
Maximum Length: 256 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
global¶
Specification Value Type object immediate-action
Description Disable the violation aggregation, take action on first violation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
global_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘total_req’: Total Requests; ‘req_allowed’: Requests Allowed; ‘req_denied’: Requests Denied; ‘resp_denied’: Responses Denied; ‘brute_force_success’: Brute-Force checks passed; ‘brute_force_violation’: Brute-Force checks violation; ‘brute_force_challenge_cookie_sent’: Cookie Challenge Sent; ‘brute_force_challenge_cookie_success’: Cookie Challenge check passed; ‘brute_force_challenge_cookie_violation’: Cookie challenge violation; ‘brute_force_challenge_javascript_sent’: JavaScript challenge sent; ‘brute_force_challenge_javascript_success’: JavaScript challenge check passed; ‘brute_force_challenge_javascript_violation’: JavaScript challenge violation; ‘brute_force_challenge_captcha_sent’: Captcha challenge sent; ‘brute_force_challenge_captcha_success’: Captcha challenge check passed; ‘brute_force_challenge_captcha_violation’: Captcha challenge violation; ‘brute_force_lockout_limit_success’: Lockout limit check passed; ‘brute_force_lockout_limit_violation’: Lockout limit violation; ‘brute_force_challenge_limit_success’: Lockout limit check passed; ‘brute_force_challenge_limit_violation’: Lockout limit violation; ‘brute_force_response_codes_triggered’: Response Codes Triggered; ‘brute_force_response_headers_triggered’: Brute Force Response Headers Triggered; ‘brute_force_response_string_triggered’: Brute Force Response string Triggered; ‘cookie_security_encrypt_success’: Cookie Security - encrypt successful; ‘cookie_security_encrypt_violation’: Cookie Security - encrypt violation; ‘cookie_security_encrypt_limit_exceeded’: Cookie Security - encrypt limit exceeded; ‘cookie_security_encrypt_skip_rcache’: Cookie Security - encrypt skipped - RAM cache; ‘cookie_security_decrypt_success’: Cookie Security - decrypt successful; ‘cookie_security_decrypt_violation’: Cookie Security - decrypt violation; ‘cookie_security_sign_success’: Cookie Security - signing successful; ‘cookie_security_sign_violation’: Cookie Security - signing violation; ‘cookie_security_sign_limit_exceeded’: Cookie Security - signing limit exceeded; ‘cookie_security_sign_skip_rcache’: Cookie Security - signing skipped - RAM cache; ‘cookie_security_signature_check_success’: Cookie Security - signature check successful; ‘cookie_security_signature_check_violation’: Cookie Security - signature check failed; ‘cookie_security_add_http_only_success’: Cookie Security - http-only flag added successfully; ‘cookie_security_add_http_only_violation’: Cookie Security - http-only flag violation; ‘cookie_security_add_secure_success’: Cookie Security - secure flag added successfully; ‘cookie_security_add_secure_violation’: Cookie Security - secure flag violation; ‘cookie_security_missing_cookie_success’: Cookie Security - request with missing cookie; ‘cookie_security_missing_cookie_violation’: Cookie Security - missing cookie violation; ‘cookie_security_unrecognized_cookie_success’: Cookie Security - request with unrecognized cookie; ‘cookie_security_unrecognized_cookie_violation’: Cookie Security - unrecognized cookie violation; ‘cookie_security_cookie_policy_success’: Cookie Security - cookie policy passed; ‘cookie_security_cookie_policy_violation’: Cookie Security - cookie policy violation; ‘cookie_security_persistent_cookies’: Cookie Security - persistent cookies; ‘cookie_security_persistent_cookies_encrypted’: Cookie Security - encrypted persistent cookies; ‘cookie_security_persistent_cookies_signed’: Cookie Security - signed persistent cookies; ‘cookie_security_session_cookies’: Cookie Security - session cookies; ‘cookie_security_session_cookies_encrypted’: Cookie Security - encrypted session cookies; ‘cookie_security_session_cookies_signed’: Cookie Security - signed session cookies; ‘cookie_security_allowed_session_cookies’: Cookie Security - allowed session cookies; ‘cookie_security_allowed_persistent_cookies’: Cookie Security - allowed persistent cookies; ‘cookie_security_disallowed_session_cookies’: Cookie Security - disallowed session cookies; ‘cookie_security_disallowed_persistent_cookies’: Cookie Security - disallowed persistent cookies; ‘cookie_security_allowed_session_set_cookies’: Cookie Security - allowed session Set-Cookies; ‘cookie_security_allowed_persistent_set_cookies’: Cookie Security - allowed persistent Set-Cookies; ‘cookie_security_disallowed_session_set_cookies’: Cookie Security - disallowed session Set-Cookies; ‘cookie_security_disallowed_persistent_set_cookies’: Cookie Security - disallowed persistent Set-Cookies; ‘csp_header_violation’: CSP header_missing; ‘csp_header_success’: CSP header found; ‘csp_header_inserted’: CSP header Inserted; ‘form_csrf_tag_success’: Form CSRF tag passed; ‘form_csrf_tag_violation’: Form CSRF tag violation; ‘form_consistency_success’: Form Consistency passed; ‘form_consistency_violation’: Form Consistency violation; ‘form_tag_inserted’: Form A10 Tag Inserted; ‘form_non_ssl_success’: Form Non SSL check passed; ‘form_non_ssl_violation’: Form Non SSL violation; ‘form_request_non_post_success’: Form Method being Non Post in Request passed; ‘form_request_non_post_violation’: Form Method being Non Post in Request violation; ‘form_check_success’: Post Form Check passed; ‘form_check_violation’: Post Form Check violation; ‘form_check_sanitize’: Post Form Check Sanitized; ‘form_non_masked_password_success’: Form Non Masked Password check passed; ‘form_non_masked_password_violation’: Form Non Masked Password violation; ‘form_non_ssl_password_success’: Form Non SSL Password check passed; ‘form_non_ssl_password_violation’: Form Non SSL Password violation; ‘form_password_autocomplete_success’: Form Password Autocomplete check passed; ‘form_password_autocomplete_violation’: Form Password Autocomplete violation; ‘form_set_no_cache_success’: Form Set No Cache check passed; ‘form_set_no_cache’: Form Set No Cache violation; ‘dlp_ccn_success’: Credit Card Number check passed; ‘dlp_ccn_amex_violation’: Amex Credit Card Number Detected; ‘dlp_ccn_amex_masked’: Amex Credit Card Number Masked; ‘dlp_ccn_diners_violation’: Diners Club Credit Card Number Detected; ‘dlp_ccn_diners_masked’: Diners Club Credit Card Number Masked; ‘dlp_ccn_visa_violation’: Visa Credit Card Number Detected; ‘dlp_ccn_visa_masked’: Visa Credit Card Number Masked; ‘dlp_ccn_mastercard_violation’: MasterCard Credit Card Number Detected; ‘dlp_ccn_mastercard_masked’: MasterCard Credit Card Number Masked; ‘dlp_ccn_discover_violation’: Discover Credit Card Number Detected; ‘dlp_ccn_discover_masked’: Discover Credit Card Number Masked; ‘dlp_ccn_jcb_violation’: JCB Credit Card Number Detected; ‘dlp_ccn_jcb_masked’: JCB Credit Card Number Masked; ‘dlp_ssn_success’: Social Security Number Mask check passed; ‘dlp_ssn_violation’: Social Security Number Mask violation; ‘dlp_pcre_success’: PCRE Mask check passed; ‘dlp_pcre_violation’: PCRE Mask violation; ‘dlp_pcre_masked’: PCRE Mask violation; ‘evasion_check_apache_whitespace_success’: Apache Whitespace check passed; ‘evasion_check_apache_whitespace_violation’: Apache Whitespace check violation; ‘evasion_check_decode_entities_success’: Decode Entities check passed; ‘evasion_check_decode_entities_violation’: Decode Entities check violation; ‘evasion_check_decode_escaped_chars_success’: Decode Escaped Chars check passed; ‘evasion_check_decode_escaped_chars_violation’: Decode Escaped Chars check violation; ‘evasion_check_decode_unicode_chars_success’: Decode Unicode Chars check passed; ‘evasion_check_decode_unicode_chars_violation’: Decode Unicode Chars check violation; ‘evasion_check_dir_traversal_success’: Dir traversal check passed; ‘evasion_check_dir_traversal_violation’: Dir traversal check violation;
Type: string
Supported Values: all, total_req, req_allowed, req_denied, resp_denied, brute_force_success, brute_force_violation, brute_force_challenge_cookie_sent, brute_force_challenge_cookie_success, brute_force_challenge_cookie_violation, brute_force_challenge_javascript_sent, brute_force_challenge_javascript_success, brute_force_challenge_javascript_violation, brute_force_challenge_captcha_sent, brute_force_challenge_captcha_success, brute_force_challenge_captcha_violation, brute_force_lockout_limit_success, brute_force_lockout_limit_violation, brute_force_challenge_limit_success, brute_force_challenge_limit_violation, brute_force_response_codes_triggered, brute_force_response_headers_triggered, brute_force_response_string_triggered, cookie_security_encrypt_success, cookie_security_encrypt_violation, cookie_security_encrypt_limit_exceeded, cookie_security_encrypt_skip_rcache, cookie_security_decrypt_success, cookie_security_decrypt_violation, cookie_security_sign_success, cookie_security_sign_violation, cookie_security_sign_limit_exceeded, cookie_security_sign_skip_rcache, cookie_security_signature_check_success, cookie_security_signature_check_violation, cookie_security_add_http_only_success, cookie_security_add_http_only_violation, cookie_security_add_secure_success, cookie_security_add_secure_violation, cookie_security_missing_cookie_success, cookie_security_missing_cookie_violation, cookie_security_unrecognized_cookie_success, cookie_security_unrecognized_cookie_violation, cookie_security_cookie_policy_success, cookie_security_cookie_policy_violation, cookie_security_persistent_cookies, cookie_security_persistent_cookies_encrypted, cookie_security_persistent_cookies_signed, cookie_security_session_cookies, cookie_security_session_cookies_encrypted, cookie_security_session_cookies_signed, cookie_security_allowed_session_cookies, cookie_security_allowed_persistent_cookies, cookie_security_disallowed_session_cookies, cookie_security_disallowed_persistent_cookies, cookie_security_allowed_session_set_cookies, cookie_security_allowed_persistent_set_cookies, cookie_security_disallowed_session_set_cookies, cookie_security_disallowed_persistent_set_cookies, csp_header_violation, csp_header_success, csp_header_inserted, form_csrf_tag_success, form_csrf_tag_violation, form_consistency_success, form_consistency_violation, form_tag_inserted, form_non_ssl_success, form_non_ssl_violation, form_request_non_post_success, form_request_non_post_violation, form_check_success, form_check_violation, form_check_sanitize, form_non_masked_password_success, form_non_masked_password_violation, form_non_ssl_password_success, form_non_ssl_password_violation, form_password_autocomplete_success, form_password_autocomplete_violation, form_set_no_cache_success, form_set_no_cache, dlp_ccn_success, dlp_ccn_amex_violation, dlp_ccn_amex_masked, dlp_ccn_diners_violation, dlp_ccn_diners_masked, dlp_ccn_visa_violation, dlp_ccn_visa_masked, dlp_ccn_mastercard_violation, dlp_ccn_mastercard_masked, dlp_ccn_discover_violation, dlp_ccn_discover_masked, dlp_ccn_jcb_violation, dlp_ccn_jcb_masked, dlp_ssn_success, dlp_ssn_violation, dlp_pcre_success, dlp_pcre_violation, dlp_pcre_masked, evasion_check_apache_whitespace_success, evasion_check_apache_whitespace_violation, evasion_check_decode_entities_success, evasion_check_decode_entities_violation, evasion_check_decode_escaped_chars_success, evasion_check_decode_escaped_chars_violation, evasion_check_decode_unicode_chars_success, evasion_check_decode_unicode_chars_violation, evasion_check_dir_traversal_success, evasion_check_dir_traversal_violation
counters2
Description ‘evasion_check_high_ascii_bytes_success’: High Ascii Bytes check passed; ‘evasion_check_high_ascii_bytes_violation’: High Ascii Bytes check violation; ‘evasion_check_invalid_hex_encoding_success’: Invalid Hex Encoding check passed; ‘evasion_check_invalid_hex_encoding_violation’: Invalid Hex Encoding check violation; ‘evasion_check_multiple_encoding_levels_success’: Multiple Encoding Levels check passed; ‘evasion_check_multiple_encoding_levels_violation’: Multiple Encoding Levels check violation; ‘evasion_check_multiple_slashes_success’: Multiple Slashes check passed; ‘evasion_check_multiple_slashes_violation’: Multiple Slashes check violation; ‘evasion_check_max_levels_success’: Max Levels check passed; ‘evasion_check_max_levels_violation’: Max Levels check violation; ‘evasion_check_remove_comments_success’: Remove Comments check passed; ‘evasion_check_remove_comments_violation’: Remove Comments check violation; ‘evasion_check_remove_spaces_success’: Remove Spaces check passed; ‘evasion_check_remove_spaces_violation’: Remove Spaces check violation; ‘http_limit_max_content_length_success’: MAX content-length check passed; ‘http_limit_max_content_length_violation’: MAX content-length check violation; ‘http_limit_max_cookie_header_length_success’: MAX cookie header length check passed; ‘http_limit_max_cookie_header_length_violation’: MAX cookie header length violation; ‘http_limit_max_cookie_name_length_success’: MAX cookie name length check passed; ‘http_limit_max_cookie_name_length_violation’: MAX cookie name length violation; ‘http_limit_max_cookie_value_length_success’: MAX cookie value length check passed; ‘http_limit_max_cookie_value_length_violation’: MAX cookie value length violation; ‘http_limit_max_cookies_success’: Max Cookies check passed; ‘http_limit_max_cookies_violation’: Max Cookies violation; ‘http_limit_max_cookies_length_success’: MAX cookies length check passed; ‘http_limit_max_cookies_length_violation’: MAX cookies length violation; ‘http_limit_max_data_parse_success’: Buffer Overflow - Max Data Parse check passed; ‘http_limit_max_data_parse_violation’: Buffer Overflow - Max Data Parse violation; ‘http_limit_max_entities_success’: Max Entities check passed; ‘http_limit_max_entities_violation’: Max Entities violation; ‘http_limit_max_header_length_success’: MAX header length check passed; ‘http_limit_max_header_length_violation’: MAX header length check violation; ‘http_limit_max_header_name_length_success’: MAX header name length check passed; ‘http_limit_max_header_name_length_violation’: MAX header name length check violation; ‘http_limit_max_header_value_length_success’: MAX header value length check passed; ‘http_limit_max_header_value_length_violation’: MAX header value length check violation; ‘http_limit_max_headers_success’: MAX headers count check passed; ‘http_limit_max_headers_violation’: Max Headers violation; ‘http_limit_max_headers_length_success’: MAX headers length check passed; ‘http_limit_max_headers_length_violation’: MAX headers length check violation; ‘http_limit_max_param_name_length_success’: Limit check - MAX parameter name length check passed; ‘http_limit_max_param_name_length_violation’: Limit check - MAX parameter name length violation; ‘http_limit_max_param_value_length_success’: Limit check - MAX parameter value length check passed; ‘http_limit_max_param_value_length_violation’: Limit check - MAX parameter value length violation; ‘http_limit_max_params_success’: Limit check - MAX parameters check passed; ‘http_limit_max_params_violation’: Limit check - MAX parameters violation; ‘http_limit_max_params_length_success’: Limit check - MAX parameters total length check passed; ‘http_limit_max_params_length_violation’: Limit check - MAX parameters total length violation; ‘http_limit_max_post_length_success’: MAX POST length check passed; ‘http_limit_max_post_length_violation’: MAX POST length violation; ‘http_limit_max_query_length_success’: Limit check - MAX query length check passed; ‘http_limit_max_query_length_violation’: Limit check - MAX query length violation; ‘http_limit_max_request_length_success’: Limit check - MAX request length check passed; ‘http_limit_max_request_length_violation’: Limit check - MAX request length violation; ‘http_limit_max_request_line_length_success’: Limit check - MAX request line length check passed; ‘http_limit_max_request_line_length_violation’: Limit check - MAX request line length violation; ‘max_url_length_success’: Limit check - MAX URL length check passed; ‘max_url_length_violation’: Limit check - MAX URL length violation; ‘http_protocol_allowed_headers_success’: HTTP headers check passed; ‘http_protocol_allowed_headers_violation’: HTTP headers check violation; ‘http_protocol_allowed_versions_success’: HTTP versions check passed; ‘http_protocol_allowed_versions_violation’: HTTP versions check violation; ‘http_protocol_allowed_method_check_success’: HTTP Method Check passed; ‘http_protocol_allowed_method_check_violation’: HTTP Method Check violation; ‘http_protocol_bad_multipart_request_success’: Bad multi-part request check passed; ‘http_protocol_bad_multipart_request_violation’: Bad multi-part request check violation; ‘http_protocol_get_with_content_success’: GET with content check passed; ‘http_protocol_get_with_content_violation’: GET with content check violation; ‘http_protocol_head_with_content_success’: HEAD with content check passed; ‘http_protocol_head_with_content_violation’: HEAD with content check violation; ‘http_protocol_host_header_with_ip_success’: Host header with IP check passed; ‘http_protocol_host_header_with_ip_violation’: Host header with IP check violation; ‘http_protocol_invalid_url_encoding_success’: Invalid url encoding check passed; ‘http_protocol_invalid_url_encoding_violation’: Invalid url encoding check violation; ‘http_protocol_malformed_content_length_success’: Malformed content-length check passed; ‘http_protocol_malformed_content_length_violation’: Malformed content-length check violation; ‘http_protocol_malformed_header_success’: Malformed header check passed; ‘http_protocol_malformed_header_violation’: Malformed header check passed; ‘http_protocol_malformed_parameter_success’: Malformed parameter check passed; ‘http_protocol_malformed_parameter_violation’: Malformed parameter check violation; ‘http_protocol_malformed_request_success’: Malformed request check passed; ‘http_protocol_malformed_request_violation’: Malformed request check violation; ‘http_protocol_malformed_request_line_success’: Malformed request line check passed; ‘http_protocol_malformed_request_line_violation’: Malformed request line check violation; ‘http_protocol_missing_header_value_success’: Missing header value check violation; ‘http_protocol_missing_header_value_violation’: Missing header value check violation; ‘http_protocol_missing_host_header_success’: Missing host header check passed; ‘http_protocol_missing_host_header_violation’: Missing host header check violation; ‘http_protocol_multiple_content_length_success’: Multiple content-length headers check passed; ‘http_protocol_multiple_content_length_violation’: Multiple content-length headers check violation; ‘http_protocol_post_with_0_content_success’: POST with 0 content check passed; ‘http_protocol_post_with_0_content_violation’: POST with 0 content check violation; ‘http_protocol_post_without_content_success’: POST without content check passed; ‘http_protocol_post_without_content_violation’: POST without content check violation; ‘http_protocol_success’: HTTP Check passed; ‘http_protocol_violation’: HTTP Check violation; ‘json_check_format_success’: JSON Check passed;
Type: string
Supported Values: evasion_check_high_ascii_bytes_success, evasion_check_high_ascii_bytes_violation, evasion_check_invalid_hex_encoding_success, evasion_check_invalid_hex_encoding_violation, evasion_check_multiple_encoding_levels_success, evasion_check_multiple_encoding_levels_violation, evasion_check_multiple_slashes_success, evasion_check_multiple_slashes_violation, evasion_check_max_levels_success, evasion_check_max_levels_violation, evasion_check_remove_comments_success, evasion_check_remove_comments_violation, evasion_check_remove_spaces_success, evasion_check_remove_spaces_violation, http_limit_max_content_length_success, http_limit_max_content_length_violation, http_limit_max_cookie_header_length_success, http_limit_max_cookie_header_length_violation, http_limit_max_cookie_name_length_success, http_limit_max_cookie_name_length_violation, http_limit_max_cookie_value_length_success, http_limit_max_cookie_value_length_violation, http_limit_max_cookies_success, http_limit_max_cookies_violation, http_limit_max_cookies_length_success, http_limit_max_cookies_length_violation, http_limit_max_data_parse_success, http_limit_max_data_parse_violation, http_limit_max_entities_success, http_limit_max_entities_violation, http_limit_max_header_length_success, http_limit_max_header_length_violation, http_limit_max_header_name_length_success, http_limit_max_header_name_length_violation, http_limit_max_header_value_length_success, http_limit_max_header_value_length_violation, http_limit_max_headers_success, http_limit_max_headers_violation, http_limit_max_headers_length_success, http_limit_max_headers_length_violation, http_limit_max_param_name_length_success, http_limit_max_param_name_length_violation, http_limit_max_param_value_length_success, http_limit_max_param_value_length_violation, http_limit_max_params_success, http_limit_max_params_violation, http_limit_max_params_length_success, http_limit_max_params_length_violation, http_limit_max_post_length_success, http_limit_max_post_length_violation, http_limit_max_query_length_success, http_limit_max_query_length_violation, http_limit_max_request_length_success, http_limit_max_request_length_violation, http_limit_max_request_line_length_success, http_limit_max_request_line_length_violation, max_url_length_success, max_url_length_violation, http_protocol_allowed_headers_success, http_protocol_allowed_headers_violation, http_protocol_allowed_versions_success, http_protocol_allowed_versions_violation, http_protocol_allowed_method_check_success, http_protocol_allowed_method_check_violation, http_protocol_bad_multipart_request_success, http_protocol_bad_multipart_request_violation, http_protocol_get_with_content_success, http_protocol_get_with_content_violation, http_protocol_head_with_content_success, http_protocol_head_with_content_violation, http_protocol_host_header_with_ip_success, http_protocol_host_header_with_ip_violation, http_protocol_invalid_url_encoding_success, http_protocol_invalid_url_encoding_violation, http_protocol_malformed_content_length_success, http_protocol_malformed_content_length_violation, http_protocol_malformed_header_success, http_protocol_malformed_header_violation, http_protocol_malformed_parameter_success, http_protocol_malformed_parameter_violation, http_protocol_malformed_request_success, http_protocol_malformed_request_violation, http_protocol_malformed_request_line_success, http_protocol_malformed_request_line_violation, http_protocol_missing_header_value_success, http_protocol_missing_header_value_violation, http_protocol_missing_host_header_success, http_protocol_missing_host_header_violation, http_protocol_multiple_content_length_success, http_protocol_multiple_content_length_violation, http_protocol_post_with_0_content_success, http_protocol_post_with_0_content_violation, http_protocol_post_without_content_success, http_protocol_post_without_content_violation, http_protocol_success, http_protocol_violation, json_check_format_success
counters3
Description ‘json_check_format_violation’: JSON Check violation; ‘json_check_max_array_value_count_success’: JSON Limit Array Value Count check passed; ‘json_check_max_array_value_count_violation’: JSON Limit Array Value Count violation; ‘json_check_max_depth_success’: JSON Limit Depth check passed; ‘json_check_max_depth_violation’: JSON Limit Depth violation; ‘json_check_max_object_member_count_success’: JSON Limit Object Number Count check passed; ‘json_check_max_object_member_count_violation’: JSON Limit Object Number Count violation; ‘json_check_max_string_success’: JSON Limit String check passed; ‘json_check_max_string_violation’: JSON Limit String violation; ‘request_check_bot_success’: Bot check passed; ‘request_check_bot_violation’: Bot check violation; ‘request_check_redirect_wlist_success’: Redirect Whitelist passed; ‘request_check_redirect_wlist_violation’: Redirect Whitelist violation; ‘request_check_redirect_wlist_learn’: Redirect Whitelist Learn; ‘request_check_referer_success’: Referer Check passed; ‘request_check_referer_violation’: Referer Check violation; ‘request_check_referer_redirect’: Referer Check Redirect; ‘request_check_session_check_none’: Session Created; ‘request_check_session_check_success’: Session Check passed; ‘request_check_session_check_violation’: Session Check violation; ‘request_check_sqlia_url_success’: SQLIA Check URL passed; ‘request_check_sqlia_url_violation’: SQLIA Check URL violation; ‘request_check_sqlia_url_sanitize’: SQLIA Check URL Sanitized; ‘request_check_sqlia_post_body_success’: SQLIA Check Post passed; ‘request_check_sqlia_post_body_violation’: SQLIA Check Post violation; ‘request_check_sqlia_post_body_sanitize’: SQLIA Check Post Sanitized; ‘request_check_url_list_success’: URL Check passed; ‘request_check_url_list_violation’: URL Check violation; ‘request_check_url_list_learn’: URL Check Learn; ‘request_check_url_whitelist_success’: URI White List passed; ‘request_check_url_whitelist_violation’: URI White List violation; ‘request_check_url_blacklist_success’: URI Black List passed; ‘request_check_url_blacklist_violation’: URI Black List violation; ‘request_check_xss_cookie_success’: XSS Check Cookie passed; ‘request_check_xss_cookie_violation’: XSS Check Cookie violation; ‘request_check_xss_cookie_sanitize’: XSS Check Cookie Sanitized; ‘request_check_xss_url_success’: XSS Check URL passed; ‘request_check_xss_url_violation’: XSS Check URL violation; ‘request_check_xss_url_sanitize’: XSS Check URL Sanitized; ‘request_check_xss_post_body_success’: XSS Check Post passed; ‘request_check_xss_post_body_violation’: XSS Check Post violation; ‘request_check_xss_post_body_sanitize’: XSS Check Post Sanitized; ‘response_cloaking_hide_status_code_success’: Response Hide Code check passed; ‘response_cloaking_hide_status_code_violation’: Response Hide Code violation; ‘response_cloaking_filter_headers_success’: Response Headers Filter check passed; ‘response_cloaking_filter_headers_violation’: Response Headers Filter violation; ‘soap_check_success’: Soap Check passed; ‘soap_check_violation’: Soap Check violation; ‘xml_check_format_success’: XML Check passed; ‘xml_check_format_violation’: XML Check violation; ‘xml_check_max_attr_success’: XML Limit Attribute check passed; ‘xml_check_max_attr_violation’: XML Limit Attribute violation; ‘xml_check_max_attr_name_len_success’: XML Limit Name Length check passed; ‘xml_check_max_attr_name_len_violation’: XML Limit Name Length violation; ‘xml_check_max_attr_value_len_success’: XML Limit Value Length check passed; ‘xml_check_max_attr_value_len_violation’: XML Limit Value Length violation; ‘xml_check_max_cdata_len_success’: XML Limit CData Length check passed; ‘xml_check_max_cdata_len_violation’: XML Limit CData Length violation; ‘xml_check_max_elem_success’: XML Limit Element check passed; ‘xml_check_max_elem_violation’: XML Limit Element violation; ‘xml_check_max_elem_child_success’: XML Limit Element Child check passed; ‘xml_check_max_elem_child_violation’: XML Limit Element Child violation; ‘xml_check_max_elem_depth_success’: XML Limit Element Depth check passed; ‘xml_check_max_elem_depth_violation’: XML Limit Element Depth violation; ‘xml_check_max_elem_name_len_success’: XML Limit Element Name Length check passed; ‘xml_check_max_elem_name_len_violation’: XML Limit Element Name Length violation; ‘xml_check_max_entity_exp_success’: XML Limit Entity Expansions check passed; ‘xml_check_max_entity_exp_violation’: XML Limit Entity Expansions violation; ‘xml_check_max_entity_exp_depth_success’: XML Limit Entities Depth check passed; ‘xml_check_max_entity_exp_depth_violation’: XML Limit Entities Depth violation; ‘xml_check_max_namespace_success’: XML Limit Namespace check passed; ‘xml_check_max_namespace_violation’: XML Limit Namespace violation; ‘xml_check_namespace_uri_len_success’: XML Limit Namespace URI Length check passed; ‘xml_check_namespace_uri_len_violation’: XML Limit Namespace URI Length violation; ‘xml_check_sqlia_success’: XML Sqlia Check passed; ‘xml_check_sqlia_violation’: XML Sqlia Check violation; ‘xml_check_xss_success’: XML XSS Check passed; ‘xml_check_xss_violation’: XML XSS Check violation; ‘xml_content_check_schema_success’: XML Schema passed; ‘xml_content_check_schema_violation’: XML Schema violation; ‘xml_content_check_wsdl_success’: WSDL passed; ‘xml_content_check_wsdl_violation’: WSDL violation; ‘learning_list_full’: Learning list is full; ‘action_allow’: Request Action allowed; ‘action_deny_200’: Request Deny with 200; ‘action_deny_403’: Request Deny with 403; ‘action_deny_redirect’: Request Deny with Redirect; ‘action_deny_reset’: Request Deny with Resets; ‘action_drop’: Number of Dropped Requests; ‘action_deny_custom_response’: Request Deny with custom response; ‘action_learn’: Request Learning Updates; ‘action_log’: Log request violation; ‘policy_limit_exceeded’: Policy limit exceeded; ‘sessions_alloc’: Sessions allocated; ‘sessions_freed’: Sessions freed; ‘out_of_sessions’: Out of sessions; ‘too_many_sessions’: Too many sessions consumed; ‘regex_violation’: Regular expression failure; ‘request_check_command_injection_cookies_success’: Command Injection Check cookies passed; ‘request_check_command_injection_cookies_violation’: Command Injection Check cookies violation; ‘request_check_command_injection_headers_success’: Command Injection Check headers passed; ‘request_check_command_injection_headers_violation’: Command Injection Check headers violation; ‘request_check_command_injection_uri_query_success’: Command Injection Check url query arguments passed; ‘request_check_command_injection_uri_query_violation’: Command Injection Check url query arguments violation; ‘request_check_command_injection_form_body_success’: Command Injection Check form body arguments passed; ‘request_check_command_injection_form_body_violation’: Command Injection Check form body arguments violation; ‘cookie_security_decrypt_in_grace_period_violation’: Cookie Decrypt violation but in grace period; ‘form_response_non_post_success’: Response form method was POST; ‘form_response_non_post_violation’: Response form method was not POST; ‘form_response_non_post_sanitize’: Changed response form method to POST; ‘xml_check_max_entity_decl_success’: XML Limit Entity Decl check passed; ‘xml_check_max_entity_decl_violation’: XML Limit Entity Decl violation; ‘xml_check_max_entity_depth_success’: XML Limit Entity Depth check passed; ‘xml_check_max_entity_depth_violation’: XML Limit Entity Depth violation; ‘action_response_allow’: Response Action allowed; ‘action_response_deny_200’: Response Deny with 200;
Type: string
Supported Values: json_check_format_violation, json_check_max_array_value_count_success, json_check_max_array_value_count_violation, json_check_max_depth_success, json_check_max_depth_violation, json_check_max_object_member_count_success, json_check_max_object_member_count_violation, json_check_max_string_success, json_check_max_string_violation, request_check_bot_success, request_check_bot_violation, request_check_redirect_wlist_success, request_check_redirect_wlist_violation, request_check_redirect_wlist_learn, request_check_referer_success, request_check_referer_violation, request_check_referer_redirect, request_check_session_check_none, request_check_session_check_success, request_check_session_check_violation, request_check_sqlia_url_success, request_check_sqlia_url_violation, request_check_sqlia_url_sanitize, request_check_sqlia_post_body_success, request_check_sqlia_post_body_violation, request_check_sqlia_post_body_sanitize, request_check_url_list_success, request_check_url_list_violation, request_check_url_list_learn, request_check_url_whitelist_success, request_check_url_whitelist_violation, request_check_url_blacklist_success, request_check_url_blacklist_violation, request_check_xss_cookie_success, request_check_xss_cookie_violation, request_check_xss_cookie_sanitize, request_check_xss_url_success, request_check_xss_url_violation, request_check_xss_url_sanitize, request_check_xss_post_body_success, request_check_xss_post_body_violation, request_check_xss_post_body_sanitize, response_cloaking_hide_status_code_success, response_cloaking_hide_status_code_violation, response_cloaking_filter_headers_success, response_cloaking_filter_headers_violation, soap_check_success, soap_check_violation, xml_check_format_success, xml_check_format_violation, xml_check_max_attr_success, xml_check_max_attr_violation, xml_check_max_attr_name_len_success, xml_check_max_attr_name_len_violation, xml_check_max_attr_value_len_success, xml_check_max_attr_value_len_violation, xml_check_max_cdata_len_success, xml_check_max_cdata_len_violation, xml_check_max_elem_success, xml_check_max_elem_violation, xml_check_max_elem_child_success, xml_check_max_elem_child_violation, xml_check_max_elem_depth_success, xml_check_max_elem_depth_violation, xml_check_max_elem_name_len_success, xml_check_max_elem_name_len_violation, xml_check_max_entity_exp_success, xml_check_max_entity_exp_violation, xml_check_max_entity_exp_depth_success, xml_check_max_entity_exp_depth_violation, xml_check_max_namespace_success, xml_check_max_namespace_violation, xml_check_namespace_uri_len_success, xml_check_namespace_uri_len_violation, xml_check_sqlia_success, xml_check_sqlia_violation, xml_check_xss_success, xml_check_xss_violation, xml_content_check_schema_success, xml_content_check_schema_violation, xml_content_check_wsdl_success, xml_content_check_wsdl_violation, learning_list_full, action_allow, action_deny_200, action_deny_403, action_deny_redirect, action_deny_reset, action_drop, action_deny_custom_response, action_learn, action_log, policy_limit_exceeded, sessions_alloc, sessions_freed, out_of_sessions, too_many_sessions, regex_violation, request_check_command_injection_cookies_success, request_check_command_injection_cookies_violation, request_check_command_injection_headers_success, request_check_command_injection_headers_violation, request_check_command_injection_uri_query_success, request_check_command_injection_uri_query_violation, request_check_command_injection_form_body_success, request_check_command_injection_form_body_violation, cookie_security_decrypt_in_grace_period_violation, form_response_non_post_success, form_response_non_post_violation, form_response_non_post_sanitize, xml_check_max_entity_decl_success, xml_check_max_entity_decl_violation, xml_check_max_entity_depth_success, xml_check_max_entity_depth_violation, action_response_allow, action_response_deny_200
counters4
Description ‘action_response_deny_403’: Response Deny with 403; ‘action_response_deny_redirect’: Response Deny with Redirect; ‘action_response_deny_reset’: Deny with Resets; ‘action_response_drop’: Number of Dropped Responses; ‘action_response_deny_custom_response’: Response Deny with custom response; ‘action_response_learn’: Response Learning Updates; ‘action_response_log’: Log response violation; ‘http_protocol_post_without_content_type_success’: POST without content type check passed; ‘http_protocol_post_without_content_type_violation’: POST without content type check violation; ‘http_protocol_body_without_content_type_success’: Body without content type check passed; ‘http_protocol_body_without_content_type_violation’: Body without content type check violation; ‘http_protocol_non_ssl_cookie_prefix_success’: Cookie Name Prefix check passed; ‘http_protocol_non_ssl_cookie_prefix_violation’: Cookie Name Prefix check violation; ‘cookie_security_add_samesite_success’: Cookie Security - samesite attribute added successfully; ‘cookie_security_add_samesite_violation’: Cookie Security - samesite attribute violation; ‘rule_set_request’: Requests hanlded by WAF rule set; ‘rule_set_response’: Responses hanlded by WAF rule set; ‘phase1_pass’: WAF rule set pass hits in phase 1; ‘phase1_allow’: WAF rule set allow hits in phase 1; ‘phase1_deny’: WAF rule set deny hits in phase 1; ‘phase1_drop’: WAF rule set drop hits in phase 1; ‘phase1_redirect’: WAF rule set redirect hits in phase 1; ‘phase1_other’: WAF rule set other hits in phase 1; ‘phase2_pass’: WAF rule set pass hits in phase 2; ‘phase2_allow’: WAF rule set allow hits in phase 2; ‘phase2_deny’: WAF rule set deny hits in phase 2; ‘phase2_drop’: WAF rule set drop hits in phase 2; ‘phase2_redirect’: WAF rule set redirect hits in phase 2; ‘phase2_other’: WAF rule set other hits in phase 2; ‘phase3_pass’: WAF rule set pass hits in phase 3; ‘phase3_allow’: WAF rule set allow hits in phase 3; ‘phase3_deny’: WAF rule set deny hits in phase 3; ‘phase3_drop’: WAF rule set drop hits in phase 3; ‘phase3_redirect’: WAF rule set redirect hits in phase 3; ‘phase3_other’: WAF rule set other hits in phase 3; ‘phase4_pass’: WAF rule set pass hits in phase 4; ‘phase4_allow’: WAF rule set allow hits in phase 4; ‘phase4_deny’: WAF rule set deny hits in phase 4; ‘phase4_drop’: WAF rule set drop hits in phase 4; ‘phase4_redirect’: WAF rule set redirect hits in phase 4; ‘phase4_other’: WAF rule set other hits in phase 4;
Type: string
Supported Values: action_response_deny_403, action_response_deny_redirect, action_response_deny_reset, action_response_drop, action_response_deny_custom_response, action_response_learn, action_response_log, http_protocol_post_without_content_type_success, http_protocol_post_without_content_type_violation, http_protocol_body_without_content_type_success, http_protocol_body_without_content_type_violation, http_protocol_non_ssl_cookie_prefix_success, http_protocol_non_ssl_cookie_prefix_violation, cookie_security_add_samesite_success, cookie_security_add_samesite_violation, rule_set_request, rule_set_response, phase1_pass, phase1_allow, phase1_deny, phase1_drop, phase1_redirect, phase1_other, phase2_pass, phase2_allow, phase2_deny, phase2_drop, phase2_redirect, phase2_other, phase3_pass, phase3_allow, phase3_deny, phase3_drop, phase3_redirect, phase3_other, phase4_pass, phase4_allow, phase4_deny, phase4_drop, phase4_redirect, phase4_other
template-list¶
Specification Value Type list Block object keys brute-force-protection
Description: brute-force-protection is a JSON Block. Please see below for template-list_brute-force-protection
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/brute-force-protection
cookie-security
Description: cookie-security is a JSON Block. Please see below for template-list_cookie-security
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/cookie-security
csp
Description Insert HTTP header Content-Security-Policy if necessary
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
csp-insert-type
Description ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;
Type: string
Supported Values: insert-if-not-exist, insert-always
csp-value
Description CSP header value, e.g., “script-src ‘none’”
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
data-leak-prevention
Description: data-leak-prevention is a JSON Block. Please see below for template-list_data-leak-prevention
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/data-leak-prevention
deploy-mode
Description ‘active’: Deploy WAF in active (blocking) mode; ‘passive’: Deploy WAF in passive (log-only) mode; ‘learning’: Deploy WAF in learning mode;
Type: string
Supported Values: active, passive, learning
Default: active
evasion-check
Description: evasion-check is a JSON Block. Please see below for template-list_evasion-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/evasion-check
form-protection
Description: form-protection is a JSON Block. Please see below for template-list_form-protection
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/form-protection
http-limit-check
Description: http-limit-check is a JSON Block. Please see below for template-list_http-limit-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/http-limit-check
http-protocol-check
Description: http-protocol-check is a JSON Block. Please see below for template-list_http-protocol-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/http-protocol-check
http-redirect
Description Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: http-redirect,http-resp-200, reset-conn, and http-resp-403 are mutually exclusive
http-resp-200
Description Send HTTP response with status code 200 OK
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: http-resp-200,http-redirect, reset-conn, and http-resp-403 are mutually exclusive
http-resp-403
Description Send HTTP response with status code 403 Forbidden (default)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: http-resp-403,http-redirect, http-resp-200, and reset-conn are mutually exclusive
json-check
Description: json-check is a JSON Block. Please see below for template-list_json-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/json-check
learn-pr
Description Enable per-request logs for WAF learning
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-succ-reqs
Description Log successful waf requests
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
logging
Description Logging template (Logging Config name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/logging
name
Description WAF Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
parent
Description inherit from parent template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
parent-template-waf
Description WAF template (WAF Config name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/waf/template
pcre-match-limit
Description Maximum number of matches allowed (default 30000)
Type: number
Range: 1000-1500000
Default: 30000
pcre-match-recursion-limit
Description Maximum levels of recursive allowed (default 5000)
Type: number
Range: 100-150000
Default: 5000
request-check
Description: request-check is a JSON Block. Please see below for template-list_request-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/request-check
reset-conn
Description Reset the client connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: reset-conn,http-redirect, http-resp-200, and http-resp-403 are mutually exclusive
resp-url-200
Description Response content to send client when denying request
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
resp-url-403
Description Response content to send client when denying request
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
response-cloaking
Description: response-cloaking is a JSON Block. Please see below for template-list_response-cloaking
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/response-cloaking
soap-format-check
Description Check XML document for SOAP format compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation-log-mask
Description: violation-log-mask is a JSON Block. Please see below for template-list_violation-log-mask
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/violation-log-mask
wsdl-file
Description Specify name of WSDL file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: wsdl-file and wsdl-resp-val-file are mutually exclusive
wsdl-resp-val-file
Description Specify name of WSDL file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: wsdl-resp-val-file and wsdl-file are mutually exclusive
xml-check
Description: xml-check is a JSON Block. Please see below for template-list_xml-check
Type: Object
Reference Object: /axapi/v3/waf/template/{name}/xml-check
xml-schema-file
Description Specify name of XML-Schema file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: xml-schema-file and xml-schema-resp-val-file are mutually exclusive
xml-schema-resp-val-file
Description Specify name of XML-Schema file for verifying XML body contents
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: xml-schema-resp-val-file and xml-schema-file are mutually exclusive
template-list_violation-log-mask¶
Specification Value Type object query-param-name-equal-type
Description ‘equals’: Mask the query value if the query name equals to the string;
Type: string
Supported Values: equals
query-param-name-value
Description The list of Query parameter names
Type: string
Format: string-rlx
Maximum Length: 1031 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_data-leak-prevention¶
Specification Value Type object ccn-mask
Description Mask credit card numbers in response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
keep-end
Description Number of unmasked characters at the end (default: 0)
Type: number
Range: 0-65535
keep-start
Description Number of unmasked characters at the beginning (default: 0)
Type: number
Range: 0-65535
mask
Description Character to mask the matched pattern (default: X)
Type: string
Format: string-rlx
Maximum Length: 1 characters
Maximum Length: 1 characters
pcre-mask
Description Mask matched PCRE pattern in response
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssn-mask
Description Mask US Social Security numbers in response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_brute-force-protection¶
Specification Value Type object brute-force-challenge-limit
Description Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2))
Type: number
Range: 0-65535
Default: 2
brute-force-global
Description Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-lockout-limit
Description Maximum brute-force events before locking out client (default 5)
Type: number
Range: 0-65535
Default: 5
brute-force-lockout-period
Description Number of seconds client should be locked out (default 600)
Type: number
Range: 0-1800
Default: 600
brute-force-resp-codes
Description Trigger brute-force check on HTTP response code
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-resp-codes-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-resp-headers
Description Trigger brute-force check on HTTP response header names
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-resp-headers-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-resp-string
Description Trigger brute-force check on HTTP response reason phrase
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
brute-force-resp-string-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
brute-force-test-period
Description Number of seconds for brute-force event counting (default 60)
Type: number
Range: 0-600
Default: 60
challenge-action-captcha
Description Initiate a Captcha to verify client can respond
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-action-cookie
Description Use Set-Cookie to determine if client allows cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-action-javascript
Description Add JavaScript to response to test if client allows JavaScript
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-disable-action
Description ‘enable’: Enable brute force protections; ‘disable’: Disable brute force protections (default);
Type: string
Supported Values: enable, disable
Default: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_request-check¶
Specification Value Type object bot-check
Description Check User-Agent for known bots
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bot-check-policy-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
command-injection-check
Description Check to protect against command injection attacks
Type: string
Format: enum-list
command-injection-check-policy-file
Description Name of WAF policy command injection list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
lifetime
Description Session lifetime in minutes (default 10)
Type: number
Range: 1-1440
Default: 10
redirect-whitelist
Description Check Redirect URL against list of previously learned redirects
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
referer-check
Description Check referer to protect against CSRF attacks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
referer-domain-list
Description List of referer domains allowed
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: referer-domain-list and referer-domain-list-only are mutually exclusive
referer-domain-list-only
Description List of referer domains allowed
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: referer-domain-list-only and referer-domain-list are mutually exclusive
referer-safe-url
Description Safe URL to redirect to if referer is missing
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
session-check
Description Enable session checking via session cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sqlia-check
Description ‘reject’: Reject requests with SQLIA patterns;
Type: string
Supported Values: reject
sqlia-check-policy-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
url-blacklist
Description specify name of WAF policy list file to blacklist
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
url-learned-list
Description Check URL against list of previously learned URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
url-whitelist
Description specify name of WAF policy list file to whitelist
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
waf-blacklist-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
waf-whitelist-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
xss-check
Description ‘reject’: Reject requests with bad cookies;
Type: string
Supported Values: reject
xss-check-policy-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
template-list_cookie-security¶
Specification Value Type object allow-missing-cookie
Description Allow requests with missing cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-unrecognized-cookie
Description Allow requests with unrecognized cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cookie-policy
Type: Listenable-disable-action
Description ‘enable’: Enable cookie security (default); ‘disable’: Disable cookie security;
Type: string
Supported Values: enable, disable
Default: enable
set-cookie-policy
Type: Listtamper-protection-grace-period
Description Allow unrecognized cookies for a period of time after cookie encryption being applied (default 120 minutes)
Type: number
Range: 0-43200
Default: 120
tamper-protection-http-only
Description Add HttpOnly flag to cookies not in set-cookie-policy list (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
tamper-protection-samesite
Description ‘none’: none; ‘lax’: lax; ‘strict’: strict;
Type: string
Supported Values: none, lax, strict
Default: none
tamper-protection-secret
Description Cookie encryption secret
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
tamper-protection-secret-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)tamper-protection-secure
Description Add Secure flag to cookies not in set-cookie-policy list (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
tamper-protection-session-cookie-only
Description Only encrypt session cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tamper-protection-sign
Description Sign cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: tamper-protection-sign and tamper-protection-encrypt are mutually exclusive
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_cookie-security_set-cookie-policy¶
Specification Value Type list Block object keys set-cookie-policy-allow
Description Allow the cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-cookie-policy-disallow
Description Block the cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-cookie-policy-http-only
Description Add HttpOnly flag to cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-cookie-policy-name
Description Name of cookie
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
set-cookie-policy-samesite
Description ‘none’: none; ‘lax’: lax; ‘strict’: strict;
Type: string
Supported Values: none, lax, strict
set-cookie-policy-secret
Description Cookie encryption secret
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
set-cookie-policy-secret-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)set-cookie-policy-secure
Description Add Secure flag to cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-cookie-policy-sign
Description Sign cookies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: set-cookie-policy-sign and set-cookie-policy-encrypt are mutually exclusive
template-list_cookie-security_cookie-policy¶
Specification Value Type list Block object keys cookie-policy-allow
Description Allow the cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cookie-policy-disallow
Description Block the cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cookie-policy-name
Description Name of cookie
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
template-list_response-cloaking¶
Specification Value Type object filter-headers
Description Removes web server’s identifying headers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hide-status-codes
Description Hides response status codes that are not allowed (default 4xx, 5xx)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hide-status-codes-file
Description Name of WAF policy list file
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_json-check¶
Specification Value Type object format-check
Description Check HTTP body for JSON format compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-array-values
Description Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))
Type: number
Range: 0-4096
Default: 256
max-depth
Description Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))
Type: number
Range: 0-4096
Default: 16
max-object-members
Description Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))
Type: number
Range: 0-4096
Default: 256
max-string-length
Description Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))
Type: number
Range: 0-4096
Default: 64
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_http-protocol-check¶
Specification Value Type object allowed-headers
Description Enable allowed-headers check (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allowed-headers-list
Description Allowed HTTP headers. Default “Host Referer User-Agent Accept Accept-Encoding …” (see docs for full list) (Allowed HTTP headers (default “Host Referer User-Agent Accept Accept-Encoding …” (see docs for full list)))
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Default: Host Referer User-Agent Accept Accept-Encoding Accept-Language Accept-Language Authorization Cache-Control Content-Length
allowed-methods
Description Enable allowed-methods check (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allowed-methods-list
Description List of allowed HTTP methods. Default is “GET POST”. (List of HTTP methods allowed (default “GET POST”))
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Default: GET POST
allowed-versions
Description Enable allowed-versions check (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allowed-versions-list
Description List of allowed HTTP versions (default “1.0 1.1 2”)
Type: string
Format: enum-list
Default: 1.0,1.1,2
bad-multipart-request
Description Check for bad multipart/form-data request body
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
body-without-content-type
Description Check for Body request without Content-Type header in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description Disable all checks for HTTP protocol compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
get-with-content
Description Check for GET request with Content-Length headers in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
head-with-content
Description Check for HEAD request with Content-Length headers in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
host-header-with-ip
Description Check for Host header with IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
invalid-url-encoding
Description Check for invalid URL encoding in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-content-length
Description Check for malformed content-length in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-header
Description Check for malformed HTTP header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-parameter
Description Check for malformed HTTP query/POST parameter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-request
Description Check for malformed HTTP request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-request-line
Description Check for malformed HTTP request line
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
missing-header-value
Description Check for missing header value in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
missing-host-header
Description Check for missing Host header in HTTP/1.1 request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multiple-content-length
Description Check for multiple Content-Length headers in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
non-ssl-cookie-prefix
Description Check for Bad __Secure- or __Host- Cookie Name prefixes in non-ssl request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
post-with-0-content
Description Check for POST request with Content-Length 0
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
post-without-content
Description Check for POST request without Content-Length/Chunked Encoding headers in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
post-without-content-type
Description Check for POST request without Content-Type header in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_xml-check¶
Specification Value Type object disable
Description Disable all checks for XML limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
format
Description Check HTTP body for XML format compliance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-attr
Description Maximum number of attributes of an XML element (default 256)
Type: number
Range: 0-256
Default: 256
max-attr-name-len
Description Maximum length of an attribute name (default 128)
Type: number
Range: 0-2048
Default: 128
max-attr-value-len
Description Maximum length of an attribute text value (default 128)
Type: number
Range: 0-4096
Default: 128
max-cdata-len
Description Maximum length of an CDATA section of an element (default 65535)
Type: number
Range: 0-65535
Default: 65535
max-elem
Description Maximum number of XML elements (default 1024)
Type: number
Range: 0-8192
Default: 1024
max-elem-child
Description Maximum number of children of an XML element (default 1024)
Type: number
Range: 0-4096
Default: 1024
max-elem-depth
Description Maximum recursion level for element definition (default 256)
Type: number
Range: 0-4096
Default: 256
max-elem-name-len
Description Maximum length for an element name (default 128)
Type: number
Range: 0-65535
Default: 128
max-entity-decl
Description Maximum number of entity declarations (default 1024)
Type: number
Range: 0-1024
Default: 1024
max-entity-depth
Description Maximum depth of entities (default 32)
Type: number
Range: 0-32
Default: 32
max-entity-exp
Description Maximum number of entity expansions (default 1024)
Type: number
Range: 0-1024
Default: 1024
max-entity-exp-depth
Description Maximum nested depth of entity expansions (default 32)
Type: number
Range: 0-32
Default: 32
max-namespace
Description Maximum number of namespace declarations (default 16)
Type: number
Range: 0-256
Default: 16
max-namespace-uri-len
Description Maximum length of a namespace URI (default 256)
Type: number
Range: 0-1024
Default: 256
sqlia
Description Check XML data against SQLIA policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
xss
Description Check XML data against XSS policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template-list_http-limit-check¶
Specification Value Type object disable
Description Disable all checks for HTTP limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-content-length
Description Max length of content (Maximum length of content allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-content-length-value
Description Max length of content (default 4096) (Maximum length of content allowed (default 4096))
Type: number
Range: 0-2147483647
Default: 4096
max-cookie-header-length
Description Max Cookie header length allowed in request (Maximum length of cookie header allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookie-header-length-value
Description Max Cookie header length allowed in request (default 4096) (Maximum length of cookie header allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-cookie-name-length
Description Max Cookie name length allowed in request (Maximum length of cookie name allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookie-name-length-value
Description Max Cookie name length allowed in request (default 64) (Maximum length of cookie name allowed (default 64))
Type: number
Range: 0-65535
Default: 64
max-cookie-value-length
Description Max Cookie value length allowed in request (Maximum length of cookie value allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookie-value-length-value
Description Max Cookie value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-cookies
Description Max Cookies allowed in request (Maximum number of cookie allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookies-length
Description Total Cookies length allowed in request (Maximum length of all cookies in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-cookies-length-value
Description Total Cookies length allowed in request (default 4096) (Maximum length of all cookies in request (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-cookies-value
Description Max Cookies allowed in request (default 20) (Maximum number of cookie allowed (default 20))
Type: number
Range: 0-1023
Default: 20
max-data-parse
Description Max data to be parsed for Web Application Firewall
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-data-parse-value
Description Max data to be parsed for Web Application Firewall (default 262144)
Type: number
Range: 0-2097152
Default: 262144
max-entities
Description Maximum number of MIME entities allowed in request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-entities-value
Description Maximum number of MIME entities allowed in request (default 10)
Type: number
Range: 0-512
Default: 10
max-header-length
Description Max header length allowed in request (Maximum length of header allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-header-length-value
Description Max header length allowed in request (default 4096) (Maximum length of header allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-header-name-length
Description Max header name length allowed in request (Maximum length of header name allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-header-name-length-value
Description Max header name length allowed in request (default 64) (Maximum length of header name allowed (default 64))
Type: number
Range: 0-65535
Default: 64
max-header-value-length
Description Max header value length allowed in request (Maximum length of header value allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-header-value-length-value
Description Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-headers
Description Total number of headers allowed in request (Maximum number of headers in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-headers-length
Description Total headers length allowed in request (Maximum length of all headers in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-headers-length-value
Description Total headers length allowed in request (default 4096) (Maximum length of all headers in request (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-headers-value
Description Total number of headers allowed in request (default 64) (Maximum number of headers in request (default 64))
Type: number
Range: 0-255
Default: 64
max-param-name-length
Description Max query/POST parameter name length allowed in request (Maximum length of query/POST parameter names allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-param-name-length-value
Description Max query/POST parameter name length allowed in request (default 256) (Maximum length of query/POST parameter names allowed (default 256))
Type: number
Range: 0-65535
Default: 256
max-param-value-length
Description Max query/POST parameter value length allowed in request (Maximum length of query/POST parameter value allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-param-value-length-value
Description Max query/POST parameter value length allowed in request (default 4096) (Maximum length of query/POST parameter value allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-params
Description Total query/POST parameters allowed in request (Maximum number of query/POST parameters in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-params-length
Description Total query/POST parameters length allowed in request (Maximum length of all params in request)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-params-length-value
Description Total query/POST parameters length allowed in request (default 4096) (Maximum length of all params in request (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-params-value
Description Total query/POST parameters allowed in request (default 64) (Maximum number of query/POST parameters in request (default 64))
Type: number
Range: 0-1024
Default: 64
max-post-length
Description Maximum content length allowed in POST request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-post-length-value
Description Maximum content length allowed in POST request (default 20480)
Type: number
Range: 0-2147483647
Default: 20480
max-query-length
Description Max length of query string (Maximum length of query string allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-query-length-value
Description Max length of query string (default 4096) (Maximum length of query string allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-request-length
Description Max length of request (Maximum length of request allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-request-length-value
Description Max length of request (default 20480) (Maximum length of request allowed (default 20480))
Type: number
Range: 0-2147483647
Default: 20480
max-request-line-length
Description Max length of request line (Maximum length of request line)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-request-line-length-value
Description Max length of request line (default 4096) (Maximum length of request line (default 4096))
Type: number
Range: 0-65535
Default: 4096
max-url-length
Description Max length of url (Maximum length of url allowed)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-url-length-value
Description Max length of url (default 4096) (Maximum length of url allowed (default 4096))
Type: number
Range: 0-65535
Default: 4096
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_evasion-check¶
Specification Value Type object apache-whitespace
Description Check for whitespace characters in URL
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
decode-entities
Description Decode entities in internal url (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
decode-escaped-chars
Description Decode escaped characters such as r n ” xXX u00YY in internal url (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
decode-plus-chars
Description Decode ‘+’ as space in URL (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
decode-unicode-chars
Description Check for evasion attempt using %u encoding of Unicode chars to bypass (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
dir-traversal
Description Check for directory traversal attempt (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
high-ascii-bytes
Description Check for evasion attempt using ASCII bytes with values
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
invalid-hex-encoding
Description Check for evasion attempt using invalid hex characters (not in 0-9,a-f)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-levels
Description Max levels of encoding allowed in request (default 2)
Type: number
Range: 0-64
Default: 2
multiple-encoding-levels
Description Check for evasion attempt using multiple levels of encoding
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multiple-slashes
Description Check for evasion attempt using multiple slashes/backslashes
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
remove-comments
Description Remove comments from internal url
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
remove-spaces
Description Remove spaces from internal url (default on)
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_form-protection¶
Specification Value Type object csrf-check
Description Tag the form to protect against Cross-site Request Forgery
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-disable-action
Description ‘enable’: Enable web form protections (default); ‘disable’: Disable web form protections;
Type: string
Supported Values: enable, disable
Default: enable
field-consistency-check
Description Form input consistency check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-caching
Description Disable caching for response with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-non-post
Description Check whether POST is used for request with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-non-ssl
Description Check whether SSL is used for request with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-request-non-post
Description Check whether POST is used for request with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-response-non-post
Description Check whether form method POST is used for response with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-response-non-post-sanitize
Description Change form method GET to POST (Use with caution: make sure server application still work)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
password-check-autocomplete
Description Check to protect against server-generated form which contain password fields that allow autocomplete
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
password-check-non-masked
Description Check forms that have a password field with a textual type, resulting in this field not being masked
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
password-check-non-ssl
Description Check forms that has a password field if the form is not sent over an SSL connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
xml-schema¶
Specification Value Type object max-filesize
Description Set maximum XML-Schema file size (Maximum file size in KBytes, default is 32K)
Type: number
Range: 16-256
Default: 32
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy¶
Specification Value Type object max-filesize
Description Set maximum WAF policy file size (Maximum file size in KBytes, default is 32K)
Type: number
Range: 16-10240
Default: 32
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
wsdl¶
Specification Value Type object max-filesize
Description Set maximum WSDL file size (Maximum file size in KBytes, default is 32K)
Type: number
Range: 16-256
Default: 32
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters