waf template

Manage WAF template configuration

template Specification

Parameter Value
Type Collection
Object Key(s) name
Collection Name template-list
Collection URI /axapi/v3/waf/template
Element Name template
Element URI /axapi/v3/waf/template/{name}
Element Attributes template_attributes
Partition Visibility shared
Schema template schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/waf/template

template attributes

Create List

POST

/axapi/v3/waf/template

template attributes

Get Object

GET

/axapi/v3/waf/template/{name}

template attributes

Get List

GET

/axapi/v3/waf/template

template-list

Modify Object

POST

/axapi/v3/waf/template/{name}

template attributes

Replace Object

PUT

/axapi/v3/waf/template/{name}

template attributes

Replace List

PUT

/axapi/v3/waf/template

template-list

Delete Object

DELETE

/axapi/v3/waf/template/{name}

template attributes

template-list

template-list is JSON List of template attributes

template-list : [

template attributes

brute-force-protection

Description: brute-force-protection is a JSON Block. Please see below for brute-force-protection

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/brute-force-protection

cookie-security

Description: cookie-security is a JSON Block. Please see below for cookie-security

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/cookie-security

csp

Description Insert HTTP header Content-Security-Policy if necessary

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

csp-insert-type

Description ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;

Type: string

Supported Values: insert-if-not-exist, insert-always

csp-value

Description CSP header value, e.g., “script-src ‘none’”

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

data-leak-prevention

Description: data-leak-prevention is a JSON Block. Please see below for data-leak-prevention

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/data-leak-prevention

deploy-mode

Description ‘active’: Deploy WAF in active (blocking) mode; ‘passive’: Deploy WAF in passive (log-only) mode; ‘learning’: Deploy WAF in learning mode;

Type: string

Supported Values: active, passive, learning

Default: active

evasion-check

Description: evasion-check is a JSON Block. Please see below for evasion-check

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/evasion-check

form-protection

Description: form-protection is a JSON Block. Please see below for form-protection

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/form-protection

http-limit-check

Description: http-limit-check is a JSON Block. Please see below for http-limit-check

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/http-limit-check

http-protocol-check

Description: http-protocol-check is a JSON Block. Please see below for http-protocol-check

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/http-protocol-check

http-redirect

Description Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

Mutual Exclusion: http-redirect,http-resp-200, reset-conn, and http-resp-403 are mutually exclusive

http-resp-200

Description Send HTTP response with status code 200 OK

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: http-resp-200,http-redirect, reset-conn, and http-resp-403 are mutually exclusive

http-resp-403

Description Send HTTP response with status code 403 Forbidden (default)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: http-resp-403,http-redirect, http-resp-200, and reset-conn are mutually exclusive

json-check

Description: json-check is a JSON Block. Please see below for json-check

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/json-check

learn-pr

Description Enable per-request logs for WAF learning

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-succ-reqs

Description Log successful waf requests

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

logging

Description Logging template (Logging Config name)

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/slb/template/logging

name

Description WAF Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

parent

Description inherit from parent template

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

parent-template-waf

Description WAF template (WAF Config name)

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/waf/template

pcre-match-limit

Description Maximum number of matches allowed (default 30000)

Type: number

Range: 1000-1500000

Default: 30000

pcre-match-recursion-limit

Description Maximum levels of recursive allowed (default 5000)

Type: number

Range: 100-150000

Default: 5000

request-check

Description: request-check is a JSON Block. Please see below for request-check

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/request-check

reset-conn

Description Reset the client connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: reset-conn,http-redirect, http-resp-200, and http-resp-403 are mutually exclusive

resp-url-200

Description Response content to send client when denying request

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

resp-url-403

Description Response content to send client when denying request

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

response-cloaking

Description: response-cloaking is a JSON Block. Please see below for response-cloaking

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/response-cloaking

soap-format-check

Description Check XML document for SOAP format compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

violation-log-mask

Description: violation-log-mask is a JSON Block. Please see below for violation-log-mask

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/violation-log-mask

wsdl-file

Description Specify name of WSDL file for verifying XML body contents

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: wsdl-file and wsdl-resp-val-file are mutually exclusive

wsdl-resp-val-file

Description Specify name of WSDL file for verifying XML body contents

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: wsdl-resp-val-file and wsdl-file are mutually exclusive

xml-check

Description: xml-check is a JSON Block. Please see below for xml-check

Type: Object

Reference Object: /axapi/v3/waf/template/{name}/xml-check

xml-schema-file

Description Specify name of XML-Schema file for verifying XML body contents

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: xml-schema-file and xml-schema-resp-val-file are mutually exclusive

xml-schema-resp-val-file

Description Specify name of XML-Schema file for verifying XML body contents

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: xml-schema-resp-val-file and xml-schema-file are mutually exclusive

violation-log-mask

Specification Value
Type object

query-param-name-equal-type

Description ‘equals’: Mask the query value if the query name equals to the string;

Type: string

Supported Values: equals

query-param-name-value

Description The list of Query parameter names

Type: string

Format: string-rlx

Maximum Length: 1031 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

data-leak-prevention

Specification Value
Type object

ccn-mask

Description Mask credit card numbers in response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

keep-end

Description Number of unmasked characters at the end (default: 0)

Type: number

Range: 0-65535

keep-start

Description Number of unmasked characters at the beginning (default: 0)

Type: number

Range: 0-65535

mask

Description Character to mask the matched pattern (default: X)

Type: string

Format: string-rlx

Maximum Length: 1 characters

Maximum Length: 1 characters

pcre-mask

Description Mask matched PCRE pattern in response

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssn-mask

Description Mask US Social Security numbers in response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

brute-force-protection

Specification Value
Type object

brute-force-challenge-limit

Description Maximum brute-force events before sending challenge (default 2) (Maximum brute-force events before locking out client (default 2))

Type: number

Range: 0-65535

Default: 2

brute-force-global

Description Brute-force triggers apply globally instead of per-client (Apply brute-force triggers globally)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

brute-force-lockout-limit

Description Maximum brute-force events before locking out client (default 5)

Type: number

Range: 0-65535

Default: 5

brute-force-lockout-period

Description Number of seconds client should be locked out (default 600)

Type: number

Range: 0-1800

Default: 600

brute-force-resp-codes

Description Trigger brute-force check on HTTP response code

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

brute-force-resp-codes-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

brute-force-resp-headers

Description Trigger brute-force check on HTTP response header names

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

brute-force-resp-headers-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

brute-force-resp-string

Description Trigger brute-force check on HTTP response reason phrase

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

brute-force-resp-string-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

brute-force-test-period

Description Number of seconds for brute-force event counting (default 60)

Type: number

Range: 0-600

Default: 60

challenge-action-captcha

Description Initiate a Captcha to verify client can respond

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

challenge-action-cookie

Description Use Set-Cookie to determine if client allows cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

challenge-action-javascript

Description Add JavaScript to response to test if client allows JavaScript

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-disable-action

Description ‘enable’: Enable brute force protections; ‘disable’: Disable brute force protections (default);

Type: string

Supported Values: enable, disable

Default: disable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

request-check

Specification Value
Type object

bot-check

Description Check User-Agent for known bots

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

bot-check-policy-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

command-injection-check

Description Check to protect against command injection attacks

Type: string

Format: enum-list

command-injection-check-policy-file

Description Name of WAF policy command injection list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

lifetime

Description Session lifetime in minutes (default 10)

Type: number

Range: 1-1440

Default: 10

redirect-whitelist

Description Check Redirect URL against list of previously learned redirects

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

referer-check

Description Check referer to protect against CSRF attacks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

referer-domain-list

Description List of referer domains allowed

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

Mutual Exclusion: referer-domain-list and referer-domain-list-only are mutually exclusive

referer-domain-list-only

Description List of referer domains allowed

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

Mutual Exclusion: referer-domain-list-only and referer-domain-list are mutually exclusive

referer-safe-url

Description Safe URL to redirect to if referer is missing

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

session-check

Description Enable session checking via session cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sqlia-check

Description ‘reject’: Reject requests with SQLIA patterns;

Type: string

Supported Values: reject

sqlia-check-policy-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

url-blacklist

Description specify name of WAF policy list file to blacklist

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

url-learned-list

Description Check URL against list of previously learned URLs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

url-whitelist

Description specify name of WAF policy list file to whitelist

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

waf-blacklist-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

waf-whitelist-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

xss-check

Description ‘reject’: Reject requests with bad cookies;

Type: string

Supported Values: reject

xss-check-policy-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

response-cloaking

Specification Value
Type object

filter-headers

Description Removes web server’s identifying headers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hide-status-codes

Description Hides response status codes that are not allowed (default 4xx, 5xx)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hide-status-codes-file

Description Name of WAF policy list file

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

json-check

Specification Value
Type object

format-check

Description Check HTTP body for JSON format compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-array-values

Description Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))

Type: number

Range: 0-4096

Default: 256

max-depth

Description Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))

Type: number

Range: 0-4096

Default: 16

max-object-members

Description Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))

Type: number

Range: 0-4096

Default: 256

max-string-length

Description Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))

Type: number

Range: 0-4096

Default: 64

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

http-protocol-check

Specification Value
Type object

allowed-headers

Description Enable allowed-headers check (default disabled)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allowed-headers-list

Description Allowed HTTP headers. Default “Host Referer User-Agent Accept Accept-Encoding …” (see docs for full list) (Allowed HTTP headers (default “Host Referer User-Agent Accept Accept-Encoding …” (see docs for full list)))

Type: string

Format: string-rlx

Maximum Length: 1023 characters

Maximum Length: 1 characters

Default: Host Referer User-Agent Accept Accept-Encoding Accept-Language Accept-Language Authorization Cache-Control Content-Length

allowed-methods

Description Enable allowed-methods check (default disabled)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allowed-methods-list

Description List of allowed HTTP methods. Default is “GET POST”. (List of HTTP methods allowed (default “GET POST”))

Type: string

Format: string-rlx

Maximum Length: 1023 characters

Maximum Length: 1 characters

Default: GET POST

allowed-versions

Description Enable allowed-versions check (default disabled)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allowed-versions-list

Description List of allowed HTTP versions (default “1.0 1.1 2”)

Type: string

Format: enum-list

Default: 1.0,1.1,2

bad-multipart-request

Description Check for bad multipart/form-data request body

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

body-without-content-type

Description Check for Body request without Content-Type header in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

disable

Description Disable all checks for HTTP protocol compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

get-with-content

Description Check for GET request with Content-Length headers in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

head-with-content

Description Check for HEAD request with Content-Length headers in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

host-header-with-ip

Description Check for Host header with IP address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

invalid-url-encoding

Description Check for invalid URL encoding in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malformed-content-length

Description Check for malformed content-length in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malformed-header

Description Check for malformed HTTP header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malformed-parameter

Description Check for malformed HTTP query/POST parameter

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malformed-request

Description Check for malformed HTTP request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malformed-request-line

Description Check for malformed HTTP request line

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

missing-header-value

Description Check for missing header value in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

missing-host-header

Description Check for missing Host header in HTTP/1.1 request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

multiple-content-length

Description Check for multiple Content-Length headers in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

non-ssl-cookie-prefix

Description Check for Bad __Secure- or __Host- Cookie Name prefixes in non-ssl request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

post-with-0-content

Description Check for POST request with Content-Length 0

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

post-without-content

Description Check for POST request without Content-Length/Chunked Encoding headers in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

post-without-content-type

Description Check for POST request without Content-Type header in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

xml-check

Specification Value
Type object

disable

Description Disable all checks for XML limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

format

Description Check HTTP body for XML format compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-attr

Description Maximum number of attributes of an XML element (default 256)

Type: number

Range: 0-256

Default: 256

max-attr-name-len

Description Maximum length of an attribute name (default 128)

Type: number

Range: 0-2048

Default: 128

max-attr-value-len

Description Maximum length of an attribute text value (default 128)

Type: number

Range: 0-4096

Default: 128

max-cdata-len

Description Maximum length of an CDATA section of an element (default 65535)

Type: number

Range: 0-65535

Default: 65535

max-elem

Description Maximum number of XML elements (default 1024)

Type: number

Range: 0-8192

Default: 1024

max-elem-child

Description Maximum number of children of an XML element (default 1024)

Type: number

Range: 0-4096

Default: 1024

max-elem-depth

Description Maximum recursion level for element definition (default 256)

Type: number

Range: 0-4096

Default: 256

max-elem-name-len

Description Maximum length for an element name (default 128)

Type: number

Range: 0-65535

Default: 128

max-entity-decl

Description Maximum number of entity declarations (default 1024)

Type: number

Range: 0-1024

Default: 1024

max-entity-depth

Description Maximum depth of entities (default 32)

Type: number

Range: 0-32

Default: 32

max-entity-exp

Description Maximum number of entity expansions (default 1024)

Type: number

Range: 0-1024

Default: 1024

max-entity-exp-depth

Description Maximum nested depth of entity expansions (default 32)

Type: number

Range: 0-32

Default: 32

max-namespace

Description Maximum number of namespace declarations (default 16)

Type: number

Range: 0-256

Default: 16

max-namespace-uri-len

Description Maximum length of a namespace URI (default 256)

Type: number

Range: 0-1024

Default: 256

sqlia

Description Check XML data against SQLIA policy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

xss

Description Check XML data against XSS policy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

http-limit-check

Specification Value
Type object

disable

Description Disable all checks for HTTP limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-content-length

Description Max length of content (Maximum length of content allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-content-length-value

Description Max length of content (default 4096) (Maximum length of content allowed (default 4096))

Type: number

Range: 0-2147483647

Default: 4096

max-cookie-header-length

Description Max Cookie header length allowed in request (Maximum length of cookie header allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-cookie-header-length-value

Description Max Cookie header length allowed in request (default 4096) (Maximum length of cookie header allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-cookie-name-length

Description Max Cookie name length allowed in request (Maximum length of cookie name allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-cookie-name-length-value

Description Max Cookie name length allowed in request (default 64) (Maximum length of cookie name allowed (default 64))

Type: number

Range: 0-65535

Default: 64

max-cookie-value-length

Description Max Cookie value length allowed in request (Maximum length of cookie value allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-cookie-value-length-value

Description Max Cookie value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-cookies

Description Max Cookies allowed in request (Maximum number of cookie allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-cookies-length

Description Total Cookies length allowed in request (Maximum length of all cookies in request)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-cookies-length-value

Description Total Cookies length allowed in request (default 4096) (Maximum length of all cookies in request (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-cookies-value

Description Max Cookies allowed in request (default 20) (Maximum number of cookie allowed (default 20))

Type: number

Range: 0-1023

Default: 20

max-data-parse

Description Max data to be parsed for Web Application Firewall

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-data-parse-value

Description Max data to be parsed for Web Application Firewall (default 262144)

Type: number

Range: 0-2097152

Default: 262144

max-entities

Description Maximum number of MIME entities allowed in request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-entities-value

Description Maximum number of MIME entities allowed in request (default 10)

Type: number

Range: 0-512

Default: 10

max-header-length

Description Max header length allowed in request (Maximum length of header allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-header-length-value

Description Max header length allowed in request (default 4096) (Maximum length of header allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-header-name-length

Description Max header name length allowed in request (Maximum length of header name allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-header-name-length-value

Description Max header name length allowed in request (default 64) (Maximum length of header name allowed (default 64))

Type: number

Range: 0-65535

Default: 64

max-header-value-length

Description Max header value length allowed in request (Maximum length of header value allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-header-value-length-value

Description Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-headers

Description Total number of headers allowed in request (Maximum number of headers in request)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-headers-length

Description Total headers length allowed in request (Maximum length of all headers in request)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-headers-length-value

Description Total headers length allowed in request (default 4096) (Maximum length of all headers in request (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-headers-value

Description Total number of headers allowed in request (default 64) (Maximum number of headers in request (default 64))

Type: number

Range: 0-255

Default: 64

max-param-name-length

Description Max query/POST parameter name length allowed in request (Maximum length of query/POST parameter names allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-param-name-length-value

Description Max query/POST parameter name length allowed in request (default 256) (Maximum length of query/POST parameter names allowed (default 256))

Type: number

Range: 0-65535

Default: 256

max-param-value-length

Description Max query/POST parameter value length allowed in request (Maximum length of query/POST parameter value allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-param-value-length-value

Description Max query/POST parameter value length allowed in request (default 4096) (Maximum length of query/POST parameter value allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-params

Description Total query/POST parameters allowed in request (Maximum number of query/POST parameters in request)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-params-length

Description Total query/POST parameters length allowed in request (Maximum length of all params in request)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-params-length-value

Description Total query/POST parameters length allowed in request (default 4096) (Maximum length of all params in request (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-params-value

Description Total query/POST parameters allowed in request (default 64) (Maximum number of query/POST parameters in request (default 64))

Type: number

Range: 0-1024

Default: 64

max-post-length

Description Maximum content length allowed in POST request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-post-length-value

Description Maximum content length allowed in POST request (default 20480)

Type: number

Range: 0-2147483647

Default: 20480

max-query-length

Description Max length of query string (Maximum length of query string allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-query-length-value

Description Max length of query string (default 4096) (Maximum length of query string allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-request-length

Description Max length of request (Maximum length of request allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-request-length-value

Description Max length of request (default 20480) (Maximum length of request allowed (default 20480))

Type: number

Range: 0-2147483647

Default: 20480

max-request-line-length

Description Max length of request line (Maximum length of request line)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-request-line-length-value

Description Max length of request line (default 4096) (Maximum length of request line (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-url-length

Description Max length of url (Maximum length of url allowed)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-url-length-value

Description Max length of url (default 4096) (Maximum length of url allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

evasion-check

Specification Value
Type object

apache-whitespace

Description Check for whitespace characters in URL

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-entities

Description Decode entities in internal url (default on)

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

decode-escaped-chars

Description Decode escaped characters such as r n ” xXX u00YY in internal url (default on)

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

decode-plus-chars

Description Decode ‘+’ as space in URL (default on)

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

decode-unicode-chars

Description Check for evasion attempt using %u encoding of Unicode chars to bypass (default on)

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

dir-traversal

Description Check for directory traversal attempt (default on)

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

high-ascii-bytes

Description Check for evasion attempt using ASCII bytes with values

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

invalid-hex-encoding

Description Check for evasion attempt using invalid hex characters (not in 0-9,a-f)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-levels

Description Max levels of encoding allowed in request (default 2)

Type: number

Range: 0-64

Default: 2

multiple-encoding-levels

Description Check for evasion attempt using multiple levels of encoding

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

multiple-slashes

Description Check for evasion attempt using multiple slashes/backslashes

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

remove-comments

Description Remove comments from internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

remove-spaces

Description Remove spaces from internal url (default on)

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

form-protection

Specification Value
Type object

csrf-check

Description Tag the form to protect against Cross-site Request Forgery

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-disable-action

Description ‘enable’: Enable web form protections (default); ‘disable’: Disable web form protections;

Type: string

Supported Values: enable, disable

Default: enable

field-consistency-check

Description Form input consistency check

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-check-caching

Description Disable caching for response with forms

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-check-non-post

Description Check whether POST is used for request with forms

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-check-non-ssl

Description Check whether SSL is used for request with forms

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-check-request-non-post

Description Check whether POST is used for request with forms

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-check-response-non-post

Description Check whether form method POST is used for response with forms

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-check-response-non-post-sanitize

Description Change form method GET to POST (Use with caution: make sure server application still work)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

password-check-autocomplete

Description Check to protect against server-generated form which contain password fields that allow autocomplete

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

password-check-non-masked

Description Check forms that have a password field with a textual type, resulting in this field not being masked

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

password-check-non-ssl

Description Check forms that has a password field if the form is not sent over an SSL connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters