Avi WafCRS Object API
CLI ``` - configure wafcrs - show wafcrs ```
Version: 22.1.5
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html
Access
- HTTP Basic Authentication
[ Jump to Models ]
Table of Contents
get /wafcrspost /wafcrsdelete /wafcrs/{uuid}get /wafcrs/{uuid}patch /wafcrs/{uuid}put /wafcrs/{uuid}
(wafcrsGet)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"next" : "aeiou",
"count" : 123,
"results" : [ {
"integrity" : "aeiou",
"release_date" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"description" : "aeiou",
"groups" : [ {
"enable" : true,
"name" : "aeiou",
"index" : 123,
"rules" : [ {
"mode" : "aeiou",
"phase" : "aeiou",
"rule_id" : "aeiou",
"enable" : true,
"is_sensitive" : true,
"name" : "aeiou",
"index" : 123,
"rule" : "aeiou",
"exclude_list" : [ "" ],
"paranoia_level" : "aeiou",
"tags" : [ "aeiou" ]
} ],
"exclude_list" : [ {
"client_subnet" : {
"ip_addr" : {
"addr" : "aeiou",
"type" : "aeiou"
},
"mask" : 123
},
"match_element" : "aeiou",
"uri_path" : "aeiou",
"uri_match_criteria" : "",
"match_element_criteria" : {
"match_op" : "aeiou",
"match_case" : "aeiou"
},
"description" : "aeiou"
} ]
} ],
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"uuid" : "aeiou",
"version" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou"
} ]
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
WafCRSApiResponse
401
log in failed
(wafcrsPost)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — WafCRS object creation
Return type
Example data
Content-Type: application/json
{
"integrity" : "aeiou",
"release_date" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"description" : "aeiou",
"groups" : [ {
"enable" : true,
"name" : "aeiou",
"index" : 123,
"rules" : [ {
"mode" : "aeiou",
"phase" : "aeiou",
"rule_id" : "aeiou",
"enable" : true,
"is_sensitive" : true,
"name" : "aeiou",
"index" : 123,
"rule" : "aeiou",
"exclude_list" : [ "" ],
"paranoia_level" : "aeiou",
"tags" : [ "aeiou" ]
} ],
"exclude_list" : [ {
"client_subnet" : {
"ip_addr" : {
"addr" : "aeiou",
"type" : "aeiou"
},
"mask" : 123
},
"match_element" : "aeiou",
"uri_path" : "aeiou",
"uri_match_criteria" : "",
"match_element_criteria" : {
"match_op" : "aeiou",
"match_case" : "aeiou"
},
"description" : "aeiou"
} ]
} ],
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"uuid" : "aeiou",
"version" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
WafCRS
401
log in failed
(wafcrsUuidDelete)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
Return type
String
Example data
Content-Type: application/json
"aeiou"
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
204
object deleted
String
404
not found
(wafcrsUuidGet)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"integrity" : "aeiou",
"release_date" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"description" : "aeiou",
"groups" : [ {
"enable" : true,
"name" : "aeiou",
"index" : 123,
"rules" : [ {
"mode" : "aeiou",
"phase" : "aeiou",
"rule_id" : "aeiou",
"enable" : true,
"is_sensitive" : true,
"name" : "aeiou",
"index" : 123,
"rule" : "aeiou",
"exclude_list" : [ "" ],
"paranoia_level" : "aeiou",
"tags" : [ "aeiou" ]
} ],
"exclude_list" : [ {
"client_subnet" : {
"ip_addr" : {
"addr" : "aeiou",
"type" : "aeiou"
},
"mask" : 123
},
"match_element" : "aeiou",
"uri_path" : "aeiou",
"uri_match_criteria" : "",
"match_element_criteria" : {
"match_op" : "aeiou",
"match_case" : "aeiou"
},
"description" : "aeiou"
} ]
} ],
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"uuid" : "aeiou",
"version" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
WafCRS
401
log in failed
(wafcrsUuidPatch)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — WafCRS object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"integrity" : "aeiou",
"release_date" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"description" : "aeiou",
"groups" : [ {
"enable" : true,
"name" : "aeiou",
"index" : 123,
"rules" : [ {
"mode" : "aeiou",
"phase" : "aeiou",
"rule_id" : "aeiou",
"enable" : true,
"is_sensitive" : true,
"name" : "aeiou",
"index" : 123,
"rule" : "aeiou",
"exclude_list" : [ "" ],
"paranoia_level" : "aeiou",
"tags" : [ "aeiou" ]
} ],
"exclude_list" : [ {
"client_subnet" : {
"ip_addr" : {
"addr" : "aeiou",
"type" : "aeiou"
},
"mask" : 123
},
"match_element" : "aeiou",
"uri_path" : "aeiou",
"uri_match_criteria" : "",
"match_element_criteria" : {
"match_op" : "aeiou",
"match_case" : "aeiou"
},
"description" : "aeiou"
} ]
} ],
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"uuid" : "aeiou",
"version" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
WafCRS
401
log in failed
(wafcrsUuidPut)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — WafCRS object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"integrity" : "aeiou",
"release_date" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"description" : "aeiou",
"groups" : [ {
"enable" : true,
"name" : "aeiou",
"index" : 123,
"rules" : [ {
"mode" : "aeiou",
"phase" : "aeiou",
"rule_id" : "aeiou",
"enable" : true,
"is_sensitive" : true,
"name" : "aeiou",
"index" : 123,
"rule" : "aeiou",
"exclude_list" : [ "" ],
"paranoia_level" : "aeiou",
"tags" : [ "aeiou" ]
} ],
"exclude_list" : [ {
"client_subnet" : {
"ip_addr" : {
"addr" : "aeiou",
"type" : "aeiou"
},
"mask" : 123
},
"match_element" : "aeiou",
"uri_path" : "aeiou",
"uri_match_criteria" : "",
"match_element_criteria" : {
"match_op" : "aeiou",
"match_case" : "aeiou"
},
"description" : "aeiou"
} ]
} ],
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"uuid" : "aeiou",
"version" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
WafCRS
401
log in failed
[ Jump to Methods ]
Table of Contents
ConfigPbAttributesIpAddrIpAddrPrefixRoleFilterMatchLabelWafCRSWafCRSApiResponseWafExcludeListEntryWafExclusionTypeWafRuleWafRuleGroup
version (optional)
Integer Protobuf version number. Gets incremented if there is se Diff of federated diff in config pbs.This field will be a monotonically increasing number indicating the number of Config Update operations. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition. format: int32
addr
String IP address. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
type
String Enum options - V4, DNS, V6. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
ip_addr
IpAddr Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
mask
Integer Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
key
String Key for filter match. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
values (optional)
array[String] Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = * if this field is empty. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
configpb_attributes (optional)
ConfigPbAttributes Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
description
String A short description of this ruleset. Field introduced in 18.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
groups (optional)
array[WafRuleGroup] WAF Rules are sorted in groups based on their characterization. Field introduced in 18.1.1. Maximum of 64 items allowed. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
integrity
String Integrity protection value. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
markers (optional)
array[RoleFilterMatchLabel] List of labels to be used for granular RBAC. Field introduced in 20.1.6. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
name
String The name of this ruleset object. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
release_date
String The release date of this version in RFC 3339 / ISO 8601 format. Field introduced in 18.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tenant_ref (optional)
String Tenant that this object belongs to. It is a reference to an object of type Tenant. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
url (optional)
uuid (optional)
String Field introduced in 18.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
version
String The version of this ruleset object. Field introduced in 18.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
count
results
next (optional)
client_subnet (optional)
IpAddrPrefix Client IP Subnet to exclude for WAF rules. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
description (optional)
String Free-text comment about this exclusion. Field introduced in 18.2.6. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
match_element (optional)
String The match_element can be 'ARGS xxx', 'ARGS_GET xxx', 'ARGS_POST xxx', 'ARGS_NAMES xxx', 'FILES xxx', 'QUERY_STRING', 'REQUEST_BASENAME', 'REQUEST_BODY', 'REQUEST_URI', 'REQUEST_URI_RAW', 'REQUEST_COOKIES xxx', 'REQUEST_COOKIES_NAMES xxx', 'REQUEST_HEADERS xxx', 'REQUEST_HEADERS_NAMES xxx', 'RESPONSE_HEADERS xxx' or XML xxx. These match_elements in the HTTP Transaction (if present) will be excluded when executing WAF Rules. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
match_element_criteria (optional)
WafExclusionType Criteria for match_element matching. Field introduced in 18.2.2. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
uri_match_criteria (optional)
WafExclusionType Criteria for URI matching. Field introduced in 17.2.8. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
uri_path (optional)
String URI Path to exclude for WAF rules. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
match_case
String Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE. Field introduced in 17.2.8. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
match_op
String String Operation to use for matching the Exclusion. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Field introduced in 17.2.8. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
enable
Boolean Enable or disable WAF Rule Group. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
exclude_list (optional)
array[WafExcludeListEntry] Exclude list for the WAF rule. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Field introduced in 17.2.3. Maximum of 64 items allowed. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
index
Integer Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
is_sensitive (optional)
Boolean The rule field is sensitive and will not be displayed. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
mode (optional)
String WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 18.1.5, 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
name (optional)
String User-friendly optional name for a rule. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
paranoia_level (optional)
String WAF rule paranoia level. This field is informative, like rule_id and tags, it is generated by the system from the rule text. This field is filled for CRS rules. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 22.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
phase (optional)
String The execution phase where this rule will be executed. Enum options - WAF_PHASE_CONNECTION, WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY, WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY, WAF_PHASE_LOGGING. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
rule
String Rule as per Modsec language. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
rule_id (optional)
String Identifier (id) for a rule per Modsec language. All SecRule and SecAction directives require an id. It is extracted from the id action in a Modsec rule. Rules within a single WAF Policy are required to have unique rule_ids. Field introduced in 17.2.2. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tags (optional)
array[String] Tags for WAF rule as per Modsec language. They are extracted from the tag action in a ModSec rule. Field introduced in 18.1.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
enable
Boolean Enable or disable WAF Rule Group. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
exclude_list (optional)
array[WafExcludeListEntry] Exclude list for the WAF rule group. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Field introduced in 17.2.1. Maximum of 64 items allowed. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
index
Integer Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
name
String Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
rules (optional)
array[WafRule] Rules as per Modsec language. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.