waf template form-protection¶
Web form protection
form-protection Specification¶
Parameter Value Type Configuration Resource Element Name form-protection Element URI /axapi/v3/waf/template/{name}/form-protection Element Attributes form-protection_attributes Partition Visibility shared Schema form-protection schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/waf/template/{name}/form-protection | ||
Get Object | GET | /axapi/v3/waf/template/{name}/form-protection | ||
Modify Object | POST | /axapi/v3/waf/template/{name}/form-protection | ||
Replace Object | PUT | /axapi/v3/waf/template/{name}/form-protection | ||
Delete Object | DELETE | /axapi/v3/waf/template/{name}/form-protection |
form-protection attributes¶
csrf-check
Description Tag the form to protect against Cross-site Request Forgery
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-disable-action
Description ‘enable’: Enable web form protections (default); ‘disable’: Disable web form protections;
Type: string
Supported Values: enable, disable
Default: enable
field-consistency-check
Description Form input consistency check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-caching
Description Disable caching for response with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-non-post
Description Check whether POST is used for request with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-non-ssl
Description Check whether SSL is used for request with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-request-non-post
Description Check whether POST is used for request with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-response-non-post
Description Check whether form method POST is used for response with forms
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
form-check-response-non-post-sanitize
Description Change form method GET to POST (Use with caution: make sure server application still work)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
password-check-autocomplete
Description Check to protect against server-generated form which contain password fields that allow autocomplete
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
password-check-non-masked
Description Check forms that have a password field with a textual type, resulting in this field not being masked
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
password-check-non-ssl
Description Check forms that has a password field if the form is not sent over an SSL connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters