Avi WafPolicy Object API

CLI ``` - configure wafpolicy - show wafpolicy ```
More information: https://avinetworks.com/contact-us
Contact Info: support@avinetworks.com
Version: 20.1.9
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html

Access

  1. HTTP Basic Authentication

Methods

[ Jump to Models ]

Table of Contents

  1. get /wafpolicy
  2. post /wafpolicy
  3. delete /wafpolicy/{uuid}
  4. get /wafpolicy/{uuid}
  5. patch /wafpolicy/{uuid}
  6. put /wafpolicy/{uuid}
Up
get /wafpolicy
(wafpolicyGet)

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

WafPolicyApiResponse

Example data

Content-Type: application/json
{
  "next" : "aeiou",
  "count" : 123,
  "results" : [ {
    "resolved_crs_groups" : [ "" ],
    "description" : "aeiou",
    "learning" : {
      "arg_summarization_threshold" : 123,
      "enable" : true,
      "confidence" : 123,
      "sampling_percent" : 123,
      "path_summarization_threshold" : 123
    },
    "allow_mode_delegation" : true,
    "uuid" : "aeiou",
    "_last_modified" : "aeiou",
    "allowlist" : {
      "rules" : [ {
        "enable" : true,
        "sampling_percent" : 123,
        "match" : {
          "path" : {
            "match_criteria" : "aeiou",
            "string_group_refs" : [ "aeiou" ],
            "match_str" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "protocol" : {
            "match_criteria" : "aeiou",
            "protocols" : "aeiou"
          },
          "cookie" : {
            "match_criteria" : "aeiou",
            "name" : "aeiou",
            "value" : "aeiou",
            "match_case" : "aeiou"
          },
          "method" : {
            "match_criteria" : "aeiou",
            "methods" : [ "aeiou" ]
          },
          "host_hdr" : {
            "match_criteria" : "aeiou",
            "value" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "ip_reputation_type" : {
            "reputation_types" : [ "aeiou" ],
            "match_operation" : "aeiou"
          },
          "query" : {
            "match_criteria" : "aeiou",
            "string_group_refs" : [ "aeiou" ],
            "match_str" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "vs_port" : {
            "match_criteria" : "aeiou",
            "ports" : [ "" ]
          },
          "client_ip" : {
            "group_refs" : [ "aeiou" ],
            "match_criteria" : "aeiou",
            "prefixes" : [ {
              "ip_addr" : "",
              "mask" : 123
            } ],
            "ranges" : [ {
              "end" : "",
              "begin" : ""
            } ],
            "addrs" : [ {
              "addr" : "aeiou",
              "type" : "aeiou"
            } ]
          },
          "hdrs" : [ {
            "match_criteria" : "aeiou",
            "hdr" : "aeiou",
            "value" : [ "aeiou" ],
            "match_case" : "aeiou"
          } ],
          "version" : {
            "match_criteria" : "aeiou",
            "versions" : [ "aeiou" ]
          }
        },
        "name" : "aeiou",
        "description" : "aeiou",
        "index" : 123,
        "actions" : [ "aeiou" ]
      } ]
    },
    "mode" : "aeiou",
    "learning_params" : {
      "enable_per_uri_learning" : true,
      "min_hits_to_learn" : 123456789,
      "max_uris" : 123,
      "update_interval" : 123,
      "sampling_percent" : 123,
      "max_params" : 123
    },
    "post_crs_groups" : [ "" ],
    "min_confidence" : "aeiou",
    "crs_overrides" : [ {
      "mode" : "aeiou",
      "enable" : true,
      "name" : "aeiou",
      "rule_overrides" : [ "" ],
      "exclude_list" : [ "" ]
    } ],
    "waf_crs_ref" : "aeiou",
    "failure_mode" : "aeiou",
    "waf_profile_ref" : "aeiou",
    "positive_security_model" : {
      "group_refs" : [ "aeiou" ]
    },
    "pre_crs_groups" : [ "" ],
    "enable_auto_rule_updates" : true,
    "application_signatures" : {
      "resolved_rules" : [ {
        "mode" : "aeiou",
        "phase" : "aeiou",
        "rule_id" : "aeiou",
        "force_detection" : true,
        "enable" : true,
        "is_sensitive" : true,
        "name" : "aeiou",
        "index" : 123,
        "rule" : "aeiou",
        "exclude_list" : [ {
          "client_subnet" : "",
          "match_element" : "aeiou",
          "uri_path" : "aeiou",
          "uri_match_criteria" : "",
          "match_element_criteria" : {
            "match_op" : "aeiou",
            "match_case" : "aeiou"
          },
          "description" : "aeiou"
        } ],
        "tags" : [ "aeiou" ]
      } ],
      "ruleset_version" : "aeiou",
      "rules" : [ "" ],
      "rule_overrides" : [ {
        "mode" : "aeiou",
        "rule_id" : "aeiou",
        "enable" : true,
        "exclude_list" : [ "" ]
      } ],
      "provider_ref" : "aeiou",
      "selected_applications" : [ "aeiou" ]
    },
    "whitelist" : {
      "rules" : [ {
        "enable" : true,
        "sampling_percent" : 123,
        "match" : "",
        "name" : "aeiou",
        "description" : "aeiou",
        "index" : 123,
        "actions" : [ "aeiou" ]
      } ]
    },
    "created_by" : "aeiou",
    "confidence_override" : {
      "confid_probable_value" : 123,
      "confid_low_value" : 123,
      "confid_very_high_value" : 123,
      "confid_high_value" : 123
    },
    "url" : "aeiou",
    "enable_regex_learning" : true,
    "labels" : [ {
      "value" : "aeiou",
      "key" : "aeiou"
    } ],
    "tenant_ref" : "aeiou",
    "name" : "aeiou",
    "crs_groups" : [ {
      "force_detection" : true,
      "enable" : true,
      "name" : "aeiou",
      "index" : 123,
      "rules" : [ "" ],
      "exclude_list" : [ "" ]
    } ],
    "markers" : [ {
      "values" : [ "aeiou" ],
      "key" : "aeiou"
    } ],
    "enable_app_learning" : true,
    "paranoia_level" : "aeiou"
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicyApiResponse

401

log in failed

Up
post /wafpolicy
(wafpolicyPost)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — WafPolicy object creation

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "resolved_crs_groups" : [ "" ],
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "allow_mode_delegation" : true,
  "uuid" : "aeiou",
  "_last_modified" : "aeiou",
  "allowlist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "ip_reputation_type" : {
          "reputation_types" : [ "aeiou" ],
          "match_operation" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ {
            "ip_addr" : "",
            "mask" : 123
          } ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ {
            "addr" : "aeiou",
            "type" : "aeiou"
          } ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "mode" : "aeiou",
  "learning_params" : {
    "enable_per_uri_learning" : true,
    "min_hits_to_learn" : 123456789,
    "max_uris" : 123,
    "update_interval" : 123,
    "sampling_percent" : 123,
    "max_params" : 123
  },
  "post_crs_groups" : [ "" ],
  "min_confidence" : "aeiou",
  "crs_overrides" : [ {
    "mode" : "aeiou",
    "enable" : true,
    "name" : "aeiou",
    "rule_overrides" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "waf_crs_ref" : "aeiou",
  "failure_mode" : "aeiou",
  "waf_profile_ref" : "aeiou",
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "enable_auto_rule_updates" : true,
  "application_signatures" : {
    "resolved_rules" : [ {
      "mode" : "aeiou",
      "phase" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "is_sensitive" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ {
        "client_subnet" : "",
        "match_element" : "aeiou",
        "uri_path" : "aeiou",
        "uri_match_criteria" : "",
        "match_element_criteria" : {
          "match_op" : "aeiou",
          "match_case" : "aeiou"
        },
        "description" : "aeiou"
      } ],
      "tags" : [ "aeiou" ]
    } ],
    "ruleset_version" : "aeiou",
    "rules" : [ "" ],
    "rule_overrides" : [ {
      "mode" : "aeiou",
      "rule_id" : "aeiou",
      "enable" : true,
      "exclude_list" : [ "" ]
    } ],
    "provider_ref" : "aeiou",
    "selected_applications" : [ "aeiou" ]
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : "",
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "created_by" : "aeiou",
  "confidence_override" : {
    "confid_probable_value" : 123,
    "confid_low_value" : 123,
    "confid_very_high_value" : 123,
    "confid_high_value" : 123
  },
  "url" : "aeiou",
  "enable_regex_learning" : true,
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "enable_app_learning" : true,
  "paranoia_level" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up
delete /wafpolicy/{uuid}
(wafpolicyUuidDelete)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name

Return type

String

Example data

Content-Type: application/json
"aeiou"

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

204

object deleted String

404

not found

Up
get /wafpolicy/{uuid}
(wafpolicyUuidGet)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "resolved_crs_groups" : [ "" ],
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "allow_mode_delegation" : true,
  "uuid" : "aeiou",
  "_last_modified" : "aeiou",
  "allowlist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "ip_reputation_type" : {
          "reputation_types" : [ "aeiou" ],
          "match_operation" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ {
            "ip_addr" : "",
            "mask" : 123
          } ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ {
            "addr" : "aeiou",
            "type" : "aeiou"
          } ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "mode" : "aeiou",
  "learning_params" : {
    "enable_per_uri_learning" : true,
    "min_hits_to_learn" : 123456789,
    "max_uris" : 123,
    "update_interval" : 123,
    "sampling_percent" : 123,
    "max_params" : 123
  },
  "post_crs_groups" : [ "" ],
  "min_confidence" : "aeiou",
  "crs_overrides" : [ {
    "mode" : "aeiou",
    "enable" : true,
    "name" : "aeiou",
    "rule_overrides" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "waf_crs_ref" : "aeiou",
  "failure_mode" : "aeiou",
  "waf_profile_ref" : "aeiou",
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "enable_auto_rule_updates" : true,
  "application_signatures" : {
    "resolved_rules" : [ {
      "mode" : "aeiou",
      "phase" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "is_sensitive" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ {
        "client_subnet" : "",
        "match_element" : "aeiou",
        "uri_path" : "aeiou",
        "uri_match_criteria" : "",
        "match_element_criteria" : {
          "match_op" : "aeiou",
          "match_case" : "aeiou"
        },
        "description" : "aeiou"
      } ],
      "tags" : [ "aeiou" ]
    } ],
    "ruleset_version" : "aeiou",
    "rules" : [ "" ],
    "rule_overrides" : [ {
      "mode" : "aeiou",
      "rule_id" : "aeiou",
      "enable" : true,
      "exclude_list" : [ "" ]
    } ],
    "provider_ref" : "aeiou",
    "selected_applications" : [ "aeiou" ]
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : "",
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "created_by" : "aeiou",
  "confidence_override" : {
    "confid_probable_value" : 123,
    "confid_low_value" : 123,
    "confid_very_high_value" : 123,
    "confid_high_value" : 123
  },
  "url" : "aeiou",
  "enable_regex_learning" : true,
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "enable_app_learning" : true,
  "paranoia_level" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up
patch /wafpolicy/{uuid}
(wafpolicyUuidPatch)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — WafPolicy object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "resolved_crs_groups" : [ "" ],
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "allow_mode_delegation" : true,
  "uuid" : "aeiou",
  "_last_modified" : "aeiou",
  "allowlist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "ip_reputation_type" : {
          "reputation_types" : [ "aeiou" ],
          "match_operation" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ {
            "ip_addr" : "",
            "mask" : 123
          } ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ {
            "addr" : "aeiou",
            "type" : "aeiou"
          } ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "mode" : "aeiou",
  "learning_params" : {
    "enable_per_uri_learning" : true,
    "min_hits_to_learn" : 123456789,
    "max_uris" : 123,
    "update_interval" : 123,
    "sampling_percent" : 123,
    "max_params" : 123
  },
  "post_crs_groups" : [ "" ],
  "min_confidence" : "aeiou",
  "crs_overrides" : [ {
    "mode" : "aeiou",
    "enable" : true,
    "name" : "aeiou",
    "rule_overrides" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "waf_crs_ref" : "aeiou",
  "failure_mode" : "aeiou",
  "waf_profile_ref" : "aeiou",
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "enable_auto_rule_updates" : true,
  "application_signatures" : {
    "resolved_rules" : [ {
      "mode" : "aeiou",
      "phase" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "is_sensitive" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ {
        "client_subnet" : "",
        "match_element" : "aeiou",
        "uri_path" : "aeiou",
        "uri_match_criteria" : "",
        "match_element_criteria" : {
          "match_op" : "aeiou",
          "match_case" : "aeiou"
        },
        "description" : "aeiou"
      } ],
      "tags" : [ "aeiou" ]
    } ],
    "ruleset_version" : "aeiou",
    "rules" : [ "" ],
    "rule_overrides" : [ {
      "mode" : "aeiou",
      "rule_id" : "aeiou",
      "enable" : true,
      "exclude_list" : [ "" ]
    } ],
    "provider_ref" : "aeiou",
    "selected_applications" : [ "aeiou" ]
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : "",
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "created_by" : "aeiou",
  "confidence_override" : {
    "confid_probable_value" : 123,
    "confid_low_value" : 123,
    "confid_very_high_value" : 123,
    "confid_high_value" : 123
  },
  "url" : "aeiou",
  "enable_regex_learning" : true,
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "enable_app_learning" : true,
  "paranoia_level" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up
put /wafpolicy/{uuid}
(wafpolicyUuidPut)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — WafPolicy object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "resolved_crs_groups" : [ "" ],
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "allow_mode_delegation" : true,
  "uuid" : "aeiou",
  "_last_modified" : "aeiou",
  "allowlist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "ip_reputation_type" : {
          "reputation_types" : [ "aeiou" ],
          "match_operation" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ {
            "ip_addr" : "",
            "mask" : 123
          } ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ {
            "addr" : "aeiou",
            "type" : "aeiou"
          } ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "mode" : "aeiou",
  "learning_params" : {
    "enable_per_uri_learning" : true,
    "min_hits_to_learn" : 123456789,
    "max_uris" : 123,
    "update_interval" : 123,
    "sampling_percent" : 123,
    "max_params" : 123
  },
  "post_crs_groups" : [ "" ],
  "min_confidence" : "aeiou",
  "crs_overrides" : [ {
    "mode" : "aeiou",
    "enable" : true,
    "name" : "aeiou",
    "rule_overrides" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "waf_crs_ref" : "aeiou",
  "failure_mode" : "aeiou",
  "waf_profile_ref" : "aeiou",
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "enable_auto_rule_updates" : true,
  "application_signatures" : {
    "resolved_rules" : [ {
      "mode" : "aeiou",
      "phase" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "is_sensitive" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ {
        "client_subnet" : "",
        "match_element" : "aeiou",
        "uri_path" : "aeiou",
        "uri_match_criteria" : "",
        "match_element_criteria" : {
          "match_op" : "aeiou",
          "match_case" : "aeiou"
        },
        "description" : "aeiou"
      } ],
      "tags" : [ "aeiou" ]
    } ],
    "ruleset_version" : "aeiou",
    "rules" : [ "" ],
    "rule_overrides" : [ {
      "mode" : "aeiou",
      "rule_id" : "aeiou",
      "enable" : true,
      "exclude_list" : [ "" ]
    } ],
    "provider_ref" : "aeiou",
    "selected_applications" : [ "aeiou" ]
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : "",
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "created_by" : "aeiou",
  "confidence_override" : {
    "confid_probable_value" : 123,
    "confid_low_value" : 123,
    "confid_very_high_value" : 123,
    "confid_high_value" : 123
  },
  "url" : "aeiou",
  "enable_regex_learning" : true,
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "enable_app_learning" : true,
  "paranoia_level" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up

Models

[ Jump to Methods ]

Table of Contents

  1. AppLearningConfidenceOverride
  2. AppLearningParams
  3. CookieMatch
  4. HTTPVersionMatch
  5. HdrMatch
  6. HostHdrMatch
  7. IPReputationTypeMatch
  8. IpAddr
  9. IpAddrMatch
  10. IpAddrPrefix
  11. IpAddrRange
  12. KeyValue
  13. MatchTarget
  14. MethodMatch
  15. PathMatch
  16. PortMatch
  17. ProtocolMatch
  18. QueryMatch
  19. RoleFilterMatchLabel
  20. WafApplicationSignatures
  21. WafExcludeListEntry
  22. WafExclusionType
  23. WafLearning
  24. WafPolicy
  25. WafPolicyAllowlist
  26. WafPolicyAllowlistRule
  27. WafPolicyApiResponse
  28. WafPolicyWhitelist
  29. WafPolicyWhitelistRule
  30. WafPositiveSecurityModel
  31. WafRule
  32. WafRuleGroup
  33. WafRuleGroupOverrides
  34. WafRuleOverrides

AppLearningConfidenceOverride Up

confid_high_value (optional)
Integer Confidence threshold for label CONFIDENCE_HIGH. Field introduced in 18.2.3. format: int32
confid_low_value (optional)
Integer Confidence threshold for label CONFIDENCE_LOW. Field introduced in 18.2.3. format: int32
confid_probable_value (optional)
Integer Confidence threshold for label CONFIDENCE_PROBABLE. Field introduced in 18.2.3. format: int32
confid_very_high_value (optional)
Integer Confidence threshold for label CONFIDENCE_VERY_HIGH. Field introduced in 18.2.3. format: int32

AppLearningParams Up

enable_per_uri_learning (optional)
Boolean Learn the params per URI path. Field introduced in 18.2.3.
max_params (optional)
Integer Maximum number of params to learn for an application. Allowed values are 10-1000. Field introduced in 18.2.3. format: int32
max_uris (optional)
Integer Maximum number of URI paths to learn for an application. Allowed values are 10-10000. Field introduced in 18.2.3. format: int32
min_hits_to_learn (optional)
Long Minimum number of occurances required for a Param to qualify for learning. Field introduced in 18.2.5. format: int64
sampling_percent (optional)
Integer Percent of the requests subjected to Application learning. Allowed values are 1-100. Field introduced in 18.2.3. Unit is PERCENT. format: int32
update_interval (optional)
Integer Frequency with which SE publishes Application learning data to controller. Allowed values are 1-60. Field introduced in 18.2.3. Unit is MIN. format: int32

CookieMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching the cookie in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL.
name
String Name of the cookie.
value (optional)
String String value in the cookie.

HTTPVersionMatch Up

match_criteria
String Criterion to use for HTTP version matching the version used in the HTTP request. Enum options - IS_IN, IS_NOT_IN.
versions (optional)
array[String] HTTP protocol version. Enum options - ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO. Minimum of 1 items required. Maximum of 8 items allowed. Allowed in Basic(Allowed values- ONE_ZERO,ONE_ONE) edition, Essentials(Allowed values- ONE_ZERO,ONE_ONE) edition, Enterprise edition.

HdrMatch Up

hdr
String Name of the HTTP header whose value is to be matched.
match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching headers in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL.
value (optional)
array[String] String values to match in the HTTP header.

HostHdrMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for the host header value match. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL.
value (optional)
array[String] String value(s) in the host header.

IPReputationTypeMatch Up

match_operation
String Match criteria. Enum options - IS_IN, IS_NOT_IN. Field introduced in 20.1.1.
reputation_types (optional)
array[String] IP reputation type. Enum options - IP_REPUTATION_TYPE_SPAM_SOURCE, IP_REPUTATION_TYPE_WINDOWS_EXPLOITS, IP_REPUTATION_TYPE_WEB_ATTACKS, IP_REPUTATION_TYPE_BOTNETS, IP_REPUTATION_TYPE_SCANNERS, IP_REPUTATION_TYPE_DOS, IP_REPUTATION_TYPE_REPUTATION, IP_REPUTATION_TYPE_PHISHING, IP_REPUTATION_TYPE_PROXY, IP_REPUTATION_TYPE_NETWORK, IP_REPUTATION_TYPE_CLOUD, IP_REPUTATION_TYPE_MOBILE_THREATS, IP_REPUTATION_TYPE_TOR, IP_REPUTATION_TYPE_ALL. Field introduced in 20.1.1. Minimum of 1 items required.

IpAddr Up

addr
String IP address.
type
String Enum options - V4, DNS, V6.

IpAddrMatch Up

addrs (optional)
array[IpAddr] IP address(es).
group_refs (optional)
array[String] UUID of IP address group(s). It is a reference to an object of type IpAddrGroup.
match_criteria
String Criterion to use for IP address matching the HTTP request. Enum options - IS_IN, IS_NOT_IN.
prefixes (optional)
array[IpAddrPrefix] IP address prefix(es).
ranges (optional)
array[IpAddrRange] IP address range(s).

IpAddrPrefix Up

ip_addr
IpAddr Placeholder for description of property ip_addr of obj type IpAddrPrefix field type str type object
mask
Integer Number of mask. format: int32

IpAddrRange Up

begin
IpAddr Starting IP address of the range.
end
IpAddr Ending IP address of the range.

KeyValue Up

key
String Key.
value (optional)
String Value.

MatchTarget Up

client_ip (optional)
IpAddrMatch Configure client ip addresses.
cookie (optional)
CookieMatch Configure HTTP cookie(s).
hdrs (optional)
array[HdrMatch] Configure HTTP header(s).
host_hdr (optional)
HostHdrMatch Configure the host header.
ip_reputation_type (optional)
IPReputationTypeMatch Configure IP reputation. Field introduced in 20.1.3.
method (optional)
MethodMatch Configure HTTP methods.
path (optional)
PathMatch Configure request paths.
protocol (optional)
ProtocolMatch Configure the type of HTTP protocol.
query (optional)
QueryMatch Configure request query.
version (optional)
HTTPVersionMatch Configure versions of the HTTP protocol.
vs_port (optional)
PortMatch Configure virtual service ports.

MethodMatch Up

match_criteria
String Criterion to use for HTTP method matching the method in the HTTP request. Enum options - IS_IN, IS_NOT_IN.
methods (optional)
array[String] Configure HTTP method(s). Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK. Minimum of 1 items required. Maximum of 16 items allowed. Allowed in Basic(Allowed values- HTTP_METHOD_GET,HTTP_METHOD_PUT,HTTP_METHOD_POST,HTTP_METHOD_HEAD,HTTP_METHOD_OPTIONS) edition, Essentials(Allowed values- HTTP_METHOD_GET,HTTP_METHOD_PUT,HTTP_METHOD_POST,HTTP_METHOD_HEAD,HTTP_METHOD_OPTIONS) edition, Enterprise edition.

PathMatch Up

match_case (optional)
String Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching the path in the HTTP request URI. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Allowed in Basic(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL) edition, Essentials(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL) edition, Enterprise edition.
match_str (optional)
array[String] String values.
string_group_refs (optional)
array[String] UUID of the string group(s). It is a reference to an object of type StringGroup.

PortMatch Up

match_criteria
String Criterion to use for port matching the HTTP request. Enum options - IS_IN, IS_NOT_IN.
ports (optional)
array[Integer] Listening TCP port(s). Allowed values are 1-65535. Minimum of 1 items required.

ProtocolMatch Up

match_criteria
String Criterion to use for protocol matching the HTTP request. Enum options - IS_IN, IS_NOT_IN.
protocols
String HTTP or HTTPS protocol. Enum options - HTTP, HTTPS.

QueryMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching the query in HTTP request URI. Enum options - QUERY_MATCH_CONTAINS.
match_str (optional)
array[String] String value(s).
string_group_refs (optional)
array[String] UUID of the string group(s). It is a reference to an object of type StringGroup.

RoleFilterMatchLabel Up

key
String Key for filter match. Field introduced in 20.1.3.
values (optional)
array[String] Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = * if this field is empty. Field introduced in 20.1.3.

WafApplicationSignatures Up

provider_ref
String The external provide for the rules. It is a reference to an object of type WafApplicationSignatureProvider. Field introduced in 20.1.1.
resolved_rules (optional)
array[WafRule] A resolved version of the active application specific rules together with the overrides. Field introduced in 20.1.6.
rule_overrides (optional)
array[WafRuleOverrides] Override attributes of application signature rules. Field introduced in 20.1.6.
rules (optional)
array[WafRule] This entry is deprecated. If you want to deactivate a certain rule, please use the rule_overrides field instead. Field deprecated in 20.1.6. Field introduced in 20.1.1.
ruleset_version (optional)
String The version in use of the provided ruleset. Field introduced in 20.1.1.
selected_applications (optional)
array[String] List of applications for which we use the rules from the WafApplicationSignatureProvider. Field introduced in 20.1.1. Maximum of 8 items allowed.

WafExcludeListEntry Up

client_subnet (optional)
IpAddrPrefix Client IP Subnet to exclude for WAF rules. Field introduced in 17.2.1.
description (optional)
String Free-text comment about this exclusion. Field introduced in 18.2.6.
match_element (optional)
String The match_element can be 'ARGS xxx', 'ARGS_GET xxx', 'ARGS_POST xxx', 'ARGS_NAMES xxx', 'FILES xxx', 'QUERY_STRING', 'REQUEST_BASENAME', 'REQUEST_BODY', 'REQUEST_URI', 'REQUEST_URI_RAW', 'REQUEST_COOKIES xxx', 'REQUEST_HEADERS xxx', 'RESPONSE_HEADERS xxx' or XML xxx. These match_elements in the HTTP Transaction (if present) will be excluded when executing WAF Rules. Field introduced in 17.2.1.
match_element_criteria (optional)
WafExclusionType Criteria for match_element matching. Field introduced in 18.2.2.
uri_match_criteria (optional)
WafExclusionType Criteria for URI matching. Field introduced in 17.2.8.
uri_path (optional)
String URI Path to exclude for WAF rules. Field introduced in 17.2.1.

WafExclusionType Up

match_case
String Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE. Field introduced in 17.2.8.
match_op
String String Operation to use for matching the Exclusion. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Field introduced in 17.2.8.

WafLearning Up

arg_summarization_threshold (optional)
Integer Suffix Summarization threshold used to compress args. Allowed values are 3-255. Field deprecated in 18.2.3. Field introduced in 18.1.2. format: int32
confidence (optional)
Integer Confidence level used to derive rules from the WAF learning. Allowed values are 60-100. Field deprecated in 18.2.3. Field introduced in 18.1.2. Unit is PERCENT. format: int32
enable (optional)
Boolean Enable Learning for WAF policy. Field deprecated in 18.2.3. Field introduced in 18.1.2.
path_summarization_threshold (optional)
Integer Suffix Summarization threshold used to compress paths. Allowed values are 3-255. Field deprecated in 18.2.3. Field introduced in 18.1.2. format: int32
sampling_percent (optional)
Integer Sampling percent of the requests subjected to WAF learning. Allowed values are 1-100. Field deprecated in 18.2.3. Field introduced in 18.1.2. Unit is PERCENT. format: int32

WafPolicy Up

_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
allow_mode_delegation (optional)
Boolean Allow Rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1.
allowlist (optional)
WafPolicyAllowlist A set of rules which describe conditions under which the request will bypass the WAF. This will be processed in the request header phase before any other WAF related code. Field introduced in 20.1.3.
application_signatures (optional)
WafApplicationSignatures Application Specific Signatures. Field introduced in 20.1.1.
confidence_override (optional)
AppLearningConfidenceOverride Configure thresholds for confidence labels. Field introduced in 20.1.1.
created_by (optional)
String Creator name. Field introduced in 17.2.4.
crs_groups (optional)
array[WafRuleGroup] This entry is deprecated. If you want to change the property of a CRS group or rule (enabled, mode, exclusions), please use the crs_overrides field instead. Field deprecated in 20.1.6. Field introduced in 17.2.1.
crs_overrides (optional)
array[WafRuleGroupOverrides] Override attributes for CRS rules. Field introduced in 20.1.6.
description (optional)
String Field introduced in 17.2.1.
enable_app_learning (optional)
Boolean Enable Application Learning for this WAF policy. Field introduced in 18.2.3.
enable_auto_rule_updates (optional)
Boolean Enable Application Learning based rule updates on the WAF Profile. Rules will be programmed in dedicated WAF learning group. Field introduced in 20.1.1.
enable_regex_learning (optional)
Boolean Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1.
failure_mode (optional)
String WAF Policy failure mode. This can be 'Open' or 'Closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2.
labels (optional)
array[KeyValue] Key value pairs for granular object access control. Also allows for classification and tagging of similar objects. Field deprecated in 20.1.5. Field introduced in 20.1.2. Maximum of 4 items allowed.
learning (optional)
WafLearning Configure parameters for WAF learning. Field deprecated in 18.2.3. Field introduced in 18.1.2.
learning_params (optional)
AppLearningParams Parameters for tuning Application learning. Field introduced in 20.1.1.
markers (optional)
array[RoleFilterMatchLabel] List of labels to be used for granular RBAC. Field introduced in 20.1.5. Allowed in Basic edition, Essentials edition, Enterprise edition.
min_confidence (optional)
String Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1.
mode
String WAF Policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1.
name
String Field introduced in 17.2.1.
paranoia_level (optional)
String WAF Ruleset paranoia mode. This is used to select Rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1.
positive_security_model (optional)
WafPositiveSecurityModel The Positive Security Model. This is used to describe how the request or parts of the request should look like. It is executed in the Request Body Phase of Avi WAF. Field introduced in 18.2.3.
post_crs_groups (optional)
array[WafRuleGroup] WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the CRS groups. Field introduced in 17.2.1.
pre_crs_groups (optional)
array[WafRuleGroup] WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the CRS groups. Field introduced in 17.2.1.
resolved_crs_groups (optional)
array[WafRuleGroup] A resolved version of waf_crs_ref with waf_crs_overrides applied. Field introduced in 20.1.6.
tenant_ref (optional)
String It is a reference to an object of type Tenant. Field introduced in 17.2.1.
url (optional)
String url
uuid (optional)
String Field introduced in 17.2.1.
waf_crs_ref (optional)
String WAF core ruleset used for the CRS part of this Policy. It is a reference to an object of type WafCRS. Field introduced in 18.1.1.
waf_profile_ref
String WAF Profile for WAF policy. It is a reference to an object of type WafProfile. Field introduced in 17.2.1.
whitelist (optional)
WafPolicyWhitelist A set of rules which describe conditions under which the request will bypass the WAF. This will be executed in the request header phase before any other WAF related code. Field deprecated in 20.1.3. Field introduced in 18.2.3.

WafPolicyAllowlist Up

rules (optional)
array[WafPolicyAllowlistRule] Rules to bypass WAF. Field introduced in 20.1.3. Maximum of 1024 items allowed.

WafPolicyAllowlistRule Up

actions (optional)
array[String] Actions to be performed upon successful matching. Enum options - WAF_POLICY_ALLOWLIST_ACTION_BYPASS, WAF_POLICY_ALLOWLIST_ACTION_DETECTION_MODE, WAF_POLICY_ALLOWLIST_ACTION_CONTINUE. Field introduced in 20.1.3. Minimum of 1 items required. Maximum of 1 items allowed.
description (optional)
String Description of this rule. Field introduced in 20.1.3.
enable (optional)
Boolean Enable or deactivate the rule. Field introduced in 20.1.3.
index
Integer Rules are processed in order of this index field. Field introduced in 20.1.3. format: int32
match
MatchTarget Match criteria describing requests to which this rule should be applied. Field introduced in 20.1.3.
name
String A name describing the rule in a short form. Field introduced in 20.1.3.
sampling_percent (optional)
Integer Percentage of traffic that is sampled. Allowed values are 0-100. Field introduced in 20.1.3. Unit is PERCENT. format: int32

WafPolicyApiResponse Up

count
Integer format: int32
results
next (optional)

WafPolicyWhitelist Up

rules (optional)
array[WafPolicyWhitelistRule] Rules to bypass WAF. Field deprecated in 20.1.3. Field introduced in 18.2.3. Maximum of 1024 items allowed.

WafPolicyWhitelistRule Up

actions (optional)
array[String] Actions to be performed upon successful matching. Enum options - WAF_POLICY_WHITELIST_ACTION_ALLOW, WAF_POLICY_WHITELIST_ACTION_DETECTION_MODE, WAF_POLICY_WHITELIST_ACTION_CONTINUE. Field deprecated in 20.1.3. Field introduced in 18.2.3. Minimum of 1 items required. Maximum of 1 items allowed.
description (optional)
String Description of this rule. Field deprecated in 20.1.3. Field introduced in 18.2.3.
enable (optional)
Boolean Enable or disable the rule. Field deprecated in 20.1.3. Field introduced in 18.2.3.
index
Integer Rules are executed in order of this index field. Field deprecated in 20.1.3. Field introduced in 18.2.3. format: int32
match
MatchTarget Match criteria describing requests to which this rule should be applied. Field deprecated in 20.1.3. Field introduced in 18.2.3.
name
String A name describing the rule in a short form. Field deprecated in 20.1.3. Field introduced in 18.2.3.
sampling_percent (optional)
Integer Percentage of traffic that is sampled. Allowed values are 0-100. Field deprecated in 20.1.3. Field introduced in 20.1.1. Unit is PERCENT. format: int32

WafPositiveSecurityModel Up

group_refs (optional)
array[String] These groups should be used to separate different levels of concern. The order of the groups matters, one group may mark parts of the request as valid, so that subsequent groups will not check these parts. It is a reference to an object of type WafPolicyPSMGroup. Field introduced in 18.2.3. Maximum of 64 items allowed.

WafRule Up

enable
Boolean Enable or disable WAF Rule Group. Field introduced in 17.2.1.
exclude_list (optional)
array[WafExcludeListEntry] Exclude list for the WAF rule. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Field introduced in 17.2.3. Maximum of 64 items allowed.
force_detection (optional)
Boolean When set to 'true', this rule will not cause 'deny' or 'redirect' actions to run, even if WAF Policy is set to enforcement mode. The behavior would be as if this rule operated in detection mode regardless of WAF Policy setting. Field deprecated in 18.1.5. Field introduced in 18.1.4.
index
Integer Field introduced in 17.2.1. format: int32
is_sensitive (optional)
Boolean The rule field is sensitive and will not be displayed. Field introduced in 20.1.1.
mode (optional)
String WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 18.1.5, 18.2.1.
name (optional)
String User-friendly optional name for a rule. Field introduced in 17.2.1.
phase (optional)
String The execution phase where this rule will be executed. Enum options - WAF_PHASE_CONNECTION, WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY, WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY, WAF_PHASE_LOGGING. Field introduced in 20.1.1.
rule
String Rule as per Modsec language. Field introduced in 17.2.1.
rule_id (optional)
String Identifier (id) for a rule per Modsec language. All SecRule and SecAction directives require an id. It is extracted from the id action in a Modsec rule. Rules within a single WAF Policy are required to have unique rule_ids. Field introduced in 17.2.2.
tags (optional)
array[String] Tags for WAF rule as per Modsec language. They are extracted from the tag actions in a Modsec rule. This field is generated from the rule itself and cannot be set by the user. Field introduced in 18.1.3. Maximum of 64 items allowed.

WafRuleGroup Up

enable
Boolean Enable or disable WAF Rule Group. Field introduced in 17.2.1.
exclude_list (optional)
array[WafExcludeListEntry] Exclude list for the WAF rule group. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Field introduced in 17.2.1. Maximum of 64 items allowed.
force_detection (optional)
Boolean When set to 'true', any rule in this group will not cause 'deny' or 'redirect' actions to run, even if WAF Policy is set to enforcement mode. The behavior would be as if this rule operated in detection mode regardless of WAF Policy setting. Field deprecated in 18.1.5. Field introduced in 18.1.4.
index
Integer Field introduced in 17.2.1. format: int32
name
String Field introduced in 17.2.1.
rules (optional)
array[WafRule] Rules as per Modsec language. Field introduced in 17.2.1. Maximum of 1024 items allowed.

WafRuleGroupOverrides Up

enable (optional)
Boolean Override the enable flag for this group. Field introduced in 20.1.6.
exclude_list (optional)
array[WafExcludeListEntry] Replace the exclude list for this group. Field introduced in 20.1.6. Maximum of 64 items allowed.
mode (optional)
String Override the waf mode for this group.. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 20.1.6.
name
String The name of the group where attributes or rules are overridden. Field introduced in 20.1.6.
rule_overrides (optional)
array[WafRuleOverrides] Rule specific overrides. Field introduced in 20.1.6. Maximum of 1024 items allowed.

WafRuleOverrides Up

enable (optional)
Boolean Override the enable flag for this rule. Field introduced in 20.1.6.
exclude_list (optional)
array[WafExcludeListEntry] Replace the exclude list for this rule. Field introduced in 20.1.6. Maximum of 64 items allowed.
mode (optional)
String Override the waf mode for this rule. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 20.1.6.
rule_id
String The rule_id of the rule where attributes are overridden. Field introduced in 20.1.6.