waf

Additional security is provided for your Web servers with the Web Application Firewall (WAF) feature. The WAF filters communication between users and Web applications to protect Web servers and sites from unauthorized access and malicious programs. This new layer of security examines incoming user requests, output from Web servers, and access to Web site content to safeguard against Web attacks and protect sensitive information hosted on Web servers.

The WAF protects against the following main threats to Web servers:

  • Unauthorized access and control of the Web server - There are various attacks designed to grant an attacker access to and control of a Web server. If an attack is successful, the unauthorized user can deface existing Web pages, provide SMTP services to send spam, or launch distributed denial-of-service (DDoS) attacks.

In addition, the attacker can use the compromised server to host content directly, or act as a proxy for content hosted on another server. This type of attack can enable unauthorized users to host illegal, online activities using your Web server resources.

  • Unauthorized retrieval of sensitive information - These attacks are intended to provide unauthorized retrieval or leakage of sensitive information from your Web sites or back-end databases.

The WAF is configured via a WAF template, which includes built-in basic and policy-based security checks for convenient and quick deployment. Within the WAF template, you can enforce security checks to immediately provide a foundational level of protection against common threats.

Web sites are further protected from attack through checks that are defined by customizable WAF policy files. You can configure WAF policy files for advanced counter-measures to common to attacks such as SQL injection attacks or bots.

waf Specification

Type Intermediate Resource
Element Name waf
Element URI /axapi/v3/waf
Element Attributes waf_attributes
Schema waf schema

Operations Allowed:

Operation Method URI Payload

Get Object

GET

/axapi/v3/waf

waf_attributes

waf Attributes

global

Description: global is a JSON Block . Please see below for global

Type: Object

Reference Object: /axapi/v3/waf/global

policy

Description: policy is a JSON Block . Please see below for policy

Type: Object

Reference Object: /axapi/v3/waf/policy

template-list

Description: template-list is a JSON List . Please see below for template-list

Type: List

Reference Object: /axapi/v3/waf/template/{name}

wsdl

Description: wsdl is a JSON Block . Please see below for wsdl

Type: Object

Reference Object: /axapi/v3/waf/wsdl

xml-schema

Description: xml-schema is a JSON Block . Please see below for xml-schema

Type: Object

Reference Object: /axapi/v3/waf/xml-schema

policy

Specification
Type object

max-filesize

Description: Set maximum WAF policy file size (Maximum file size in KBytes, default is 32K)

Type: number

Range: 16-256

Default: 32

uuid

Description: uuid of the object

Type: string

wsdl

Specification
Type object

max-filesize

Description: Set maximum WSDL file size (Maximum file size in KBytes, default is 32K)

Type: number

Range: 16-256

Default: 32

uuid

Description: uuid of the object

Type: string

global

Specification
Type object

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l65_sampling-enable

Type: List

uuid

Description: uuid of the object

Type: string

global.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘total_req’: Total Requests; ‘req_allowed’: Requests Allowed; ‘req_denied’: Requests Denied; ‘bot_check_succ’: Botnet Check Success; ‘bot_check_fail’: Botnet Check Failure; ‘form_consistency_succ’: Form Consistency Success; ‘form_consistency_fail’: Form Consistency Failure; ‘form_csrf_tag_succ’: Form CSRF tag Success; ‘form_csrf_tag_fail’: Form CSRF tag Failure; ‘url_check_succ’: URL Check Success; ‘url_check_fail’: URL Check Failure; ‘url_check_learn’: URL Check Learn; ‘buf_ovf_url_len_fail’: Buffer Overflow - URL Length Failure; ‘buf_ovf_cookie_len_fail’: Buffer Overflow - Cookie Length Failure; ‘buf_ovf_hdrs_len_fail’: Buffer Overflow - Headers length Failure; ‘buf_ovf_post_size_fail’: Buffer Overflow - Post size Failure; ‘max_cookies_fail’: Max Cookies Failure; ‘max_hdrs_fail’: Max Headers Failure; ‘http_method_check_succ’: Http Method Check Success; ‘http_method_check_fail’: Http Method Check Failure; ‘http_check_succ’: Http Check Success; ‘http_check_fail’: Http Check Failure; ‘referer_check_succ’: Referer Check Success; ‘referer_check_fail’: Referer Check Failure; ‘referer_check_redirect’: Referer Check Redirect; ‘uri_wlist_succ’: URI White List Success; ‘uri_wlist_fail’: URI White List Failure; ‘uri_blist_succ’: URI Black List Success; ‘uri_blist_fail’: URI Black List Failure; ‘post_form_check_succ’: Post Form Check Success; ‘post_form_check_sanitize’: Post Form Check Sanitized; ‘post_form_check_reject’: Post Form Check Rejected; ‘ccn_mask_amex’: Credit Card Number Mask Amex; ‘ccn_mask_diners’: Credit Card Number Mask Diners; ‘ccn_mask_visa’: Credit Card Number Mask Visa; ‘ccn_mask_mastercard’: Credit Card Number Mask Mastercard; ‘ccn_mask_discover’: Credit Card Number Mask Discover; ‘ccn_mask_jcb’: Credit Card Number Mask Jcb; ‘ssn_mask’: Social Security Number Mask; ‘pcre_mask’: PCRE Mask; ‘cookie_encrypt_succ’: Cookie Encrypt Success; ‘cookie_encrypt_fail’: Cookie Encrypt Failure; ‘cookie_encrypt_limit_exceeded’: Cookie Encrypt Limit Exceeded; ‘cookie_encrypt_skip_rcache’: Cookie Encrypt Skip RCache; ‘cookie_decrypt_succ’: Cookie Decrypt Success; ‘cookie_decrypt_fail’: Cookie Decrypt Failure; ‘sqlia_chk_url_succ’: SQLIA Check URL Success; ‘sqlia_chk_url_sanitize’: SQLIA Check URL Sanitized; ‘sqlia_chk_url_reject’: SQLIA Check URL Rejected; ‘sqlia_chk_post_succ’: SQLIA Check Post Success; ‘sqlia_chk_post_sanitize’: SQLIA Check Post Sanitized; ‘sqlia_chk_post_reject’: SQLIA Check Post Rejected; ‘xss_chk_cookie_succ’: XSS Check Cookie Success; ‘xss_chk_cookie_sanitize’: XSS Check Cookie Sanitized; ‘xss_chk_cookie_reject’: XSS Check Cookie Rejected; ‘xss_chk_url_succ’: XSS Check URL Success; ‘xss_chk_url_sanitize’: XSS Check URL Sanitized; ‘xss_chk_url_reject’: XSS Check URL Rejected; ‘xss_chk_post_succ’: XSS Check Post Success; ‘xss_chk_post_sanitize’: XSS Check Post Sanitized; ‘xss_chk_post_reject’: XSS Check Post Rejected; ‘resp_code_hidden’: Response Code Hidden; ‘resp_hdrs_filtered’: Response Headers Filtered; ‘learn_updates’: Learning Updates; ‘num_drops’: Number Drops; ‘num_resets’: Number Resets; ‘form_non_ssl_reject’: Form Non SSL Rejected; ‘form_non_post_reject’: Form Non Post Rejected; ‘sess_check_none’: Session Check None; ‘sess_check_succ’: Session Check Success; ‘sess_check_fail’: Session Check Failure; ‘soap_check_succ’: Soap Check Success; ‘soap_check_failure’: Soap Check Failure; ‘wsdl_fail’: WSDL Failure; ‘wsdl_succ’: WSDL Success; ‘xml_schema_fail’: XML Schema Failure; ‘xml_schema_succ’: XML Schema Success; ‘xml_sqlia_chk_fail’: XML Sqlia Check Failure; ‘xml_sqlia_chk_succ’: XML Sqlia Check Success; ‘xml_xss_chk_fail’: XML XSS Check Failure; ‘xml_xss_chk_succ’: XML XSS Check Success; ‘json_check_failure’: JSON Check Failure; ‘json_check_succ’: JSON Check Success; ‘xml_check_failure’: XML Check Failure; ‘xml_check_succ’: XML Check Success; ‘buf_ovf_cookie_value_len_fail’: Buffer Overflow - Cookie Value Length Failure; ‘buf_ovf_cookies_len_fail’: Buffer Overflow - Cookies Length Failure; ‘buf_ovf_hdr_name_len_fail’: Buffer Overflow - Header Name Length Failure; ‘buf_ovf_hdr_value_len_fail’: Buffer Overflow - Header Value Length Failure; ‘buf_ovf_max_data_parse_fail’: Buffer Overflow - Max Data Parse Failure; ‘buf_ovf_line_len_fail’: Buffer Overflow - Line Length Failure; ‘buf_ovf_parameter_name_len_fail’: Buffer Overflow - HTML Parameter Name Length Failure; ‘buf_ovf_parameter_value_len_fail’: Buffer Overflow - HTML Parameter Value Length Failure; ‘buf_ovf_parameter_total_len_fail’: Buffer Overflow - HTML Parameter Total Length Failure; ‘buf_ovf_query_len_fail’: Buffer Overflow - Query Length Failure; ‘max_entities_fail’: Max Entities Failure; ‘max_parameters_fail’: Max Parameters Failure; ‘buf_ovf_cookie_name_len_fail’: Buffer Overflow - Cookie Name Length Failure; ‘xml_limit_attr’: XML Limit Attribue; ‘xml_limit_attr_name_len’: XML Limit Name Length; ‘xml_limit_attr_value_len’: XML Limit Value Length; ‘xml_limit_cdata_len’: XML Limit CData Length; ‘xml_limit_elem’: XML Limit Element; ‘xml_limit_elem_child’: XML Limit Element Child; ‘xml_limit_elem_depth’: XML Limit Element Depth; ‘xml_limit_elem_name_len’: XML Limit Element Name Length; ‘xml_limit_entity_exp’: XML Limit Entity Exp; ‘xml_limit_entity_exp_depth’: XML Limit Entity Exp Depth; ‘xml_limit_namespace’: XML Limit Namespace; ‘xml_limit_namespace_uri_len’: XML Limit Namespace URI Length; ‘json_limit_array_value_count’: JSON Limit Array Value Count; ‘json_limit_depth’: JSON Limit Depth; ‘json_limit_object_member_count’: JSON Limit Object Number Count; ‘json_limit_string’: JSON Limit String; ‘form_non_masked_password’: Form Non Masked Password; ‘form_non_ssl_password’: Form Non SSL Password; ‘form_password_autocomplete’: Form Password Autocomplete; ‘redirect_wlist_succ’: Redirect Whitelist Success; ‘redirect_wlist_fail’: Redirect Whitelist Failure; ‘redirect_wlist_learn’: Redirect Whitelist Learn; ‘form_set_no_cache’: Form Set No Cache; ‘resp_denied’: Responses Denied;

Type: string

Supported Values: all, total_req, req_allowed, req_denied, bot_check_succ, bot_check_fail, form_consistency_succ, form_consistency_fail, form_csrf_tag_succ, form_csrf_tag_fail, url_check_succ, url_check_fail, url_check_learn, buf_ovf_url_len_fail, buf_ovf_cookie_len_fail, buf_ovf_hdrs_len_fail, buf_ovf_post_size_fail, max_cookies_fail, max_hdrs_fail, http_method_check_succ, http_method_check_fail, http_check_succ, http_check_fail, referer_check_succ, referer_check_fail, referer_check_redirect, uri_wlist_succ, uri_wlist_fail, uri_blist_succ, uri_blist_fail, post_form_check_succ, post_form_check_sanitize, post_form_check_reject, ccn_mask_amex, ccn_mask_diners, ccn_mask_visa, ccn_mask_mastercard, ccn_mask_discover, ccn_mask_jcb, ssn_mask, pcre_mask, cookie_encrypt_succ, cookie_encrypt_fail, cookie_encrypt_limit_exceeded, cookie_encrypt_skip_rcache, cookie_decrypt_succ, cookie_decrypt_fail, sqlia_chk_url_succ, sqlia_chk_url_sanitize, sqlia_chk_url_reject, sqlia_chk_post_succ, sqlia_chk_post_sanitize, sqlia_chk_post_reject, xss_chk_cookie_succ, xss_chk_cookie_sanitize, xss_chk_cookie_reject, xss_chk_url_succ, xss_chk_url_sanitize, xss_chk_url_reject, xss_chk_post_succ, xss_chk_post_sanitize, xss_chk_post_reject, resp_code_hidden, resp_hdrs_filtered, learn_updates, num_drops, num_resets, form_non_ssl_reject, form_non_post_reject, sess_check_none, sess_check_succ, sess_check_fail, soap_check_succ, soap_check_failure, wsdl_fail, wsdl_succ, xml_schema_fail, xml_schema_succ, xml_sqlia_chk_fail, xml_sqlia_chk_succ, xml_xss_chk_fail, xml_xss_chk_succ, json_check_failure, json_check_succ, xml_check_failure, xml_check_succ, buf_ovf_cookie_value_len_fail, buf_ovf_cookies_len_fail, buf_ovf_hdr_name_len_fail, buf_ovf_hdr_value_len_fail, buf_ovf_max_data_parse_fail, buf_ovf_line_len_fail, buf_ovf_parameter_name_len_fail, buf_ovf_parameter_value_len_fail, buf_ovf_parameter_total_len_fail, buf_ovf_query_len_fail, max_entities_fail, max_parameters_fail, buf_ovf_cookie_name_len_fail, xml_limit_attr, xml_limit_attr_name_len, xml_limit_attr_value_len, xml_limit_cdata_len, xml_limit_elem, xml_limit_elem_child, xml_limit_elem_depth, xml_limit_elem_name_len, xml_limit_entity_exp, xml_limit_entity_exp_depth, xml_limit_namespace, xml_limit_namespace_uri_len, json_limit_array_value_count, json_limit_depth, json_limit_object_member_count, json_limit_string, form_non_masked_password, form_non_ssl_password, form_password_autocomplete, redirect_wlist_succ, redirect_wlist_fail, redirect_wlist_learn, form_set_no_cache, resp_denied

template-list

Specification
Type list
Block object keys

allowed-http-methods

Description: List of allowed HTTP methods. Default is “GET POST”. (List of HTTP methods allowed (default “GET POST”))

Type: string

Format: string-rlx

Default: GET POST

bot-check

Description: Check User-Agent for known bots

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

bot-check-policy-file

Description: Name of WAF policy list file

Type: string

ccn-mask

Description: Mask credit card numbers in response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cookie-encryption-secret

Description: Cookie encryption secret

Type: string

Format: password

cookie-name

Description: Cookie name (simple string or PCRE pattern)

Type: string

Format: string-rlx

csrf-check

Description: Tag the form to protect against Cross-site Request Forgery

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-entities

Description: Decode entities in internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-escaped-chars

Description: Decode escaped characters such as r n ” xXX u00YY in internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-hex-chars

Description: Decode hex chars such as %xx and %u00yy in internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny-non-masked-passwords

Description: Denies forms that have a password field with a textual type, resulting in this field not being masked

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny-non-ssl-passwords

Description: Denies any form that has a password field if the form is not sent over an SSL connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny-password-autocomplete

Description: Check to protect against server-generated form which contain password fields that allow autocomplete

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deploy-mode

Description: ‘active’: Deploy WAF in active (blocking) mode; ‘passive’: Deploy WAF in passive (log-only) mode; ‘learning’: Deploy WAF in learning mode;

Type: string

Supported Values: active, passive, learning

Default: active

disable

Description: Disable buffer overflow protection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-resp-hdrs

Description: Removes web server’s identifying headers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-consistency-check

Description: Form input consistency check

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-deny-non-post

Description: Deny request with forms if the method is not POST

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-deny-non-ssl

Description: Deny request with forms if the protocol is not SSL

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-set-no-cache

Description: Disable caching of form-containing responses

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hide-resp-codes

Description: Hides response codes that are not allowed (default 4xx, 5xx)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hide-resp-codes-file

Description: Name of WAF policy list file

Type: string

http-check

Description: Check request for HTTP protocol compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

http-redirect

Description: Send HTTP redirect response (302 Found) to specifed URL (URL to redirect to when denying request)

Type: string

Format: string-rlx

Mutual Exclusion: http-redirect http-resp-200, reset-conn and http-resp-403 are mutually exclusive

http-resp-200

Description: Send HTTP response with status code 200 OK

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: http-resp-200 http-redirect, reset-conn and http-resp-403 are mutually exclusive

http-resp-403

Description: Send HTTP response with status code 403 Forbidden (default)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: http-resp-403 http-redirect, http-resp-200 and reset-conn are mutually exclusive

json-format-check

Description: Check HTTP body for JSON format compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

keep-end

Description: Number of unmasked characters at the end (default: 0)

Type: number

Range: 0-65535

keep-start

Description: Number of unmasked characters at the beginning (default: 0)

Type: number

Range: 0-65535

lifetime

Description: Session lifetime in minutes (default 10)

Type: number

Range: 1-1440

log-succ-reqs

Description: Log successful waf requests

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

logging

Description: Logging template (Logging Config name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/template/logging

mask

Description: Character to mask the matched pattern (default: X)

Type: string

Format: string-rlx

max-array-value-count

Description: Maximum number of values in an array in a JSON request body (default 256) (Maximum number of values in a JSON array (default 256))

Type: number

Range: 0-4096

Default: 256

max-attr

Description: Maximum number of attributes of an XML element (default 256)

Type: number

Range: 0-256

Default: 256

max-attr-name-len

Description: Maximum length of an attribute name (default 128)

Type: number

Range: 0-2048

Default: 128

max-attr-value-len

Description: Maximum length of an attribute text value (default 128)

Type: number

Range: 0-4096

Default: 128

max-cdata-len

Description: Maximum length of an CDATA section of an element (default 65535)

Type: number

Range: 0-65535

Default: 65535

max-cookie-len

Description: Max Cookie length allowed in request (default 4096) (Maximum length of cookie allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-cookie-name-len

Description: Max Cookie Name length allowed in request (default 64) ( Maximum length of cookie name allowed (default 64))

Type: number

Range: 0-65535

Default: 64

max-cookie-value-len

Description: Max Cookie Value length allowed in request (default 4096) (Maximum length of cookie value allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-cookies

Description: Maximum number of cookies allowed in request (default 20)

Type: number

Range: 0-63

Default: 20

max-cookies-len

Description: Max Total Cookies length allowed in request (default 4096) (Maximum total length of cookies allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-data-parse

Description: Max data parsed for Web Application Firewall (default 65536) (Maximum data parsed for Web Application Firewall (default 65536))

Type: number

Range: 0-262144

Default: 65536

max-depth

Description: Maximum recursion depth in a value in a JSON requesnt body (default 16) (Maximum recursion depth in a JSON value (default 16))

Type: number

Range: 0-4096

Default: 16

max-elem

Description: Maximum number of XML elements (default 1024)

Type: number

Range: 0-8192

Default: 1024

max-elem-child

Description: Maximum number of children of an XML element (default 1024)

Type: number

Range: 0-4096

Default: 1024

max-elem-depth

Description: Maximum recursion level for element definition (default 256)

Type: number

Range: 0-4096

Default: 256

max-elem-name-len

Description: Maximum length for an element name (default 128)

Type: number

Range: 0-65535

Default: 128

max-entities

Description: Maximum number of MIME entities allowed in request (default 10)

Type: number

Range: 0-512

Default: 10

max-entity-exp

Description: Maximum number of entity expansions (default 1024)

Type: number

Range: 0-1024

Default: 1024

max-entity-exp-depth

Description: Maximum nested depth of entity expansion (default 32)

Type: number

Range: 0-32

Default: 32

max-hdr-name-len

Description: Max header name length allowed in request (default 63) (Maximum length of header name allowed (default 63))

Type: number

Range: 0-63

Default: 63

max-hdr-value-len

Description: Max header value length allowed in request (default 4096) (Maximum length of header value allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-hdrs

Description: Maximum number of headers allowed in request (default 20)

Type: number

Range: 0-255

Default: 20

max-hdrs-len

Description: Max headers length allowed in request (default 4096) (Maximum length of headers allowed (default 4096))

Type: number

Range: 0-65535

Default: 4096

max-line-len

Description: Max Line length allowed in request (default 1024) (Maximum length of Request line allowed (default 1024))

Type: number

Range: 0-16127

Default: 1024

max-namespace

Description: Maximum number of namespace declarations (default 16)

Type: number

Range: 0-256

Default: 16

max-namespace-uri-len

Description: Maximum length of a namespace URI (default 256)

Type: number

Range: 0-1024

Default: 256

max-object-member-count

Description: Maximum number of members in an object in a JSON request body (default 256) (Maximum number of members in a JSON object (default 256))

Type: number

Range: 0-4096

Default: 256

max-parameter-name-len

Description: Max HTML parameter name length in an HTTP request (default 256) (Maximum HTML parameter name length in an HTTP request (default 256))

Type: number

Range: 0-1024

Default: 256

max-parameter-total-len

Description: Max HTML parameter tatal length in an HTTP request (default 4096) (Maximum HTML parameter total length in an HTTP request (default 4096))

Type: number

Range: 0-102400000

Default: 4096

max-parameter-value-len

Description: Max HTML parameter value length in an HTTP request (default 4096) (Maximum HTML parameter value in an HTTP request (default 4096))

Type: number

Range: 0-102400000

Default: 4096

max-parameters

Description: Maximum number of HTML parameters allowed in request (default 64)

Type: number

Range: 0-1024

Default: 64

max-post-size

Description: Max content length allowed in POST request (default 20480) (Maximum size allowed content in an HTTP POST request (default 20480))

Type: number

Range: 0-2147483647

Default: 20480

max-query-len

Description: Max Query length allowed in request (default 1024) (Maximum length of Request query allowed (default 1024))

Type: number

Range: 0-16127

Default: 1024

max-string

Description: Maximum length of a string in a JSON request body (default 64) (Maximum length of a JSON string (default 64))

Type: number

Range: 0-4096

Default: 64

max-url-len

Description: Max URL length allowed in request (default 1024) (Maximum length of URL allowed (default 1024))

Type: number

Range: 0-16127

Default: 1024

name

Description: WAF Template Name

Type: string

Format: string-rlx

pcre-mask

Description: Mask matched PCRE pattern in response

Type: string

Format: string-rlx

redirect-wlist

Description: Check Redirect URL against list of previously learned redirects

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

referer-check

Description: Check referer to protect against CSRF attacks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

referer-domain-list

Description: List of referer domains allowed

Type: string

Format: string-rlx

Mutual Exclusion: referer-domain-list and referer-domain-list-only are mutually exclusive

referer-domain-list-only

Description: List of referer domains allowed

Type: string

Format: string-rlx

Mutual Exclusion: referer-domain-list-only and referer-domain-list are mutually exclusive

referer-safe-url

Description: Safe URL to redirect to if referer is missing

Type: string

Format: string-rlx

remove-comments

Description: Remove comments from internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

remove-selfref

Description: Remove self-references such as /./ and /path/../ from internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

remove-spaces

Description: Remove spaces from internal url

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset-conn

Description: Reset the client connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: reset-conn http-redirect, http-resp-200 and http-resp-403 are mutually exclusive

resp-url-200

Description: Response content to send client when denying request

Type: string

Format: string-rlx

resp-url-403

Description: Response content to send client when denying request

Type: string

Format: string-rlx

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l65_sampling-enable

Type: List

secret-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

session-check

Description: Enable session checking via session cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

soap-format-check

Description: Check XML document for SOAP format compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sqlia-check

Description: ‘reject’: Reject requests with SQLIA patterns; ‘sanitize’: Remove bad SQL from request;

Type: string

Supported Values: reject, sanitize

sqlia-check-policy-file

Description: Name of WAF policy list file

Type: string

ssn-mask

Description: Mask US Social Security numbers in response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uri-blist-check

Description: specify name of WAF policy list file to blacklist

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uri-wlist-check

Description: specify name of WAF policy list file to whitelist

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

url-check

Description: Check URL against list of previously learned URLs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

waf-blist-file

Description: Name of WAF policy list file

Type: string

waf-wlist-file

Description: Name of WAF policy list file

Type: string

wsdl-file

Description: Specify name of WSDL file for verifying XML body contents

Type: string

Mutual Exclusion: wsdl-file and wsdl-resp-val-file are mutually exclusive

wsdl-resp-val-file

Description: Specify name of WSDL file for verifying XML body contents

Type: string

Mutual Exclusion: wsdl-resp-val-file and wsdl-file are mutually exclusive

xml-format-check

Description: Check HTTP body for XML format compliance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

xml-schema-file

Description: Specify name of XML-Schema file for verifying XML body contents

Type: string

Mutual Exclusion: xml-schema-file and xml-schema-resp-val-file are mutually exclusive

xml-schema-resp-val-file

Description: Specify name of XML-Schema file for verifying XML body contents

Type: string

Mutual Exclusion: xml-schema-resp-val-file and xml-schema-file are mutually exclusive

xml-sqlia-check

Description: Check XML data against SQLIA policy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

xml-xss-check

Description: Check XML data against XSS policy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

xss-check

Description: ‘reject’: Reject requests with bad cookies; ‘sanitize’: Remove bad cookies from request;

Type: string

Supported Values: reject, sanitize

xss-check-policy-file

Description: Name of WAF policy list file

Type: string

template-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘total_req’: Total Requests; ‘req_allowed’: Requests Allowed; ‘req_denied’: Requests Denied; ‘bot_check_succ’: Botnet Check Success; ‘bot_check_fail’: Botnet Check Failure; ‘form_consistency_succ’: Form Consistency Success; ‘form_consistency_fail’: Form Consistency Failure; ‘form_csrf_tag_succ’: Form CSRF tag Success; ‘form_csrf_tag_fail’: Form CSRF tag Failure; ‘url_check_succ’: URL Check Success; ‘url_check_fail’: URL Check Failure; ‘url_check_learn’: URL Check Learn; ‘buf_ovf_url_len_fail’: Buffer Overflow - URL Length Failure; ‘buf_ovf_cookie_len_fail’: Buffer Overflow - Cookie Length Failure; ‘buf_ovf_hdrs_len_fail’: Buffer Overflow - Headers length Failure; ‘buf_ovf_post_size_fail’: Buffer Overflow - Post size Failure; ‘max_cookies_fail’: Max Cookies Failure; ‘max_hdrs_fail’: Max Headers Failure; ‘http_method_check_succ’: Http Method Check Success; ‘http_method_check_fail’: Http Method Check Failure; ‘http_check_succ’: Http Check Success; ‘http_check_fail’: Http Check Failure; ‘referer_check_succ’: Referer Check Success; ‘referer_check_fail’: Referer Check Failure; ‘referer_check_redirect’: Referer Check Redirect; ‘uri_wlist_succ’: URI White List Success; ‘uri_wlist_fail’: URI White List Failure; ‘uri_blist_succ’: URI Black List Success; ‘uri_blist_fail’: URI Black List Failure; ‘post_form_check_succ’: Post Form Check Success; ‘post_form_check_sanitize’: Post Form Check Sanitized; ‘post_form_check_reject’: Post Form Check Rejected; ‘ccn_mask_amex’: Credit Card Number Mask Amex; ‘ccn_mask_diners’: Credit Card Number Mask Diners; ‘ccn_mask_visa’: Credit Card Number Mask Visa; ‘ccn_mask_mastercard’: Credit Card Number Mask Mastercard; ‘ccn_mask_discover’: Credit Card Number Mask Discover; ‘ccn_mask_jcb’: Credit Card Number Mask Jcb; ‘ssn_mask’: Social Security Number Mask; ‘pcre_mask’: PCRE Mask; ‘cookie_encrypt_succ’: Cookie Encrypt Success; ‘cookie_encrypt_fail’: Cookie Encrypt Failure; ‘cookie_encrypt_limit_exceeded’: Cookie Encrypt Limit Exceeded; ‘cookie_encrypt_skip_rcache’: Cookie Encrypt Skip RCache; ‘cookie_decrypt_succ’: Cookie Decrypt Success; ‘cookie_decrypt_fail’: Cookie Decrypt Failure; ‘sqlia_chk_url_succ’: SQLIA Check URL Success; ‘sqlia_chk_url_sanitize’: SQLIA Check URL Sanitized; ‘sqlia_chk_url_reject’: SQLIA Check URL Rejected; ‘sqlia_chk_post_succ’: SQLIA Check Post Success; ‘sqlia_chk_post_sanitize’: SQLIA Check Post Sanitized; ‘sqlia_chk_post_reject’: SQLIA Check Post Rejected; ‘xss_chk_cookie_succ’: XSS Check Cookie Success; ‘xss_chk_cookie_sanitize’: XSS Check Cookie Sanitized; ‘xss_chk_cookie_reject’: XSS Check Cookie Rejected; ‘xss_chk_url_succ’: XSS Check URL Success; ‘xss_chk_url_sanitize’: XSS Check URL Sanitized; ‘xss_chk_url_reject’: XSS Check URL Rejected; ‘xss_chk_post_succ’: XSS Check Post Success; ‘xss_chk_post_sanitize’: XSS Check Post Sanitized; ‘xss_chk_post_reject’: XSS Check Post Rejected; ‘resp_code_hidden’: Response Code Hidden; ‘resp_hdrs_filtered’: Response Headers Filtered; ‘learn_updates’: Learning Updates; ‘num_drops’: Number Drops; ‘num_resets’: Number Resets; ‘form_non_ssl_reject’: Form Non SSL Rejected; ‘form_non_post_reject’: Form Non Post Rejected; ‘sess_check_none’: Session Check None; ‘sess_check_succ’: Session Check Success; ‘sess_check_fail’: Session Check Failure; ‘soap_check_succ’: Soap Check Success; ‘soap_check_failure’: Soap Check Failure; ‘wsdl_fail’: WSDL Failure; ‘wsdl_succ’: WSDL Success; ‘xml_schema_fail’: XML Schema Failure; ‘xml_schema_succ’: XML Schema Success; ‘xml_sqlia_chk_fail’: XML Sqlia Check Failure; ‘xml_sqlia_chk_succ’: XML Sqlia Check Success; ‘xml_xss_chk_fail’: XML XSS Check Failure; ‘xml_xss_chk_succ’: XML XSS Check Success; ‘json_check_failure’: JSON Check Failure; ‘json_check_succ’: JSON Check Success; ‘xml_check_failure’: XML Check Failure; ‘xml_check_succ’: XML Check Success; ‘buf_ovf_cookie_value_len_fail’: Buffer Overflow - Cookie Value Length Failure; ‘buf_ovf_cookies_len_fail’: Buffer Overflow - Cookies Length Failure; ‘buf_ovf_hdr_name_len_fail’: Buffer Overflow - Header Name Length Failure; ‘buf_ovf_hdr_value_len_fail’: Buffer Overflow - Header Value Length Failure; ‘buf_ovf_max_data_parse_fail’: Buffer Overflow - Max Data Parse Failure; ‘buf_ovf_line_len_fail’: Buffer Overflow - Line Length Failure; ‘buf_ovf_parameter_name_len_fail’: Buffer Overflow - HTML Parameter Name Length Failure; ‘buf_ovf_parameter_value_len_fail’: Buffer Overflow - HTML Parameter Value Length Failure; ‘buf_ovf_parameter_total_len_fail’: Buffer Overflow - HTML Parameter Total Length Failure; ‘buf_ovf_query_len_fail’: Buffer Overflow - Query Length Failure; ‘max_entities_fail’: Max Entities Failure; ‘max_parameters_fail’: Max Parameters Failure; ‘buf_ovf_cookie_name_len_fail’: Buffer Overflow - Cookie Name Length Failure; ‘xml_limit_attr’: XML Limit Attribue; ‘xml_limit_attr_name_len’: XML Limit Name Length; ‘xml_limit_attr_value_len’: XML Limit Value Length; ‘xml_limit_cdata_len’: XML Limit CData Length; ‘xml_limit_elem’: XML Limit Element; ‘xml_limit_elem_child’: XML Limit Element Child; ‘xml_limit_elem_depth’: XML Limit Element Depth; ‘xml_limit_elem_name_len’: XML Limit Element Name Length; ‘xml_limit_entity_exp’: XML Limit Entity Exp; ‘xml_limit_entity_exp_depth’: XML Limit Entity Exp Depth; ‘xml_limit_namespace’: XML Limit Namespace; ‘xml_limit_namespace_uri_len’: XML Limit Namespace URI Length; ‘json_limit_array_value_count’: JSON Limit Array Value Count; ‘json_limit_depth’: JSON Limit Depth; ‘json_limit_object_member_count’: JSON Limit Object Number Count; ‘json_limit_string’: JSON Limit String; ‘form_non_masked_password’: Form Non Masked Password; ‘form_non_ssl_password’: Form Non SSL Password; ‘form_password_autocomplete’: Form Password Autocomplete; ‘redirect_wlist_succ’: Redirect Whitelist Success; ‘redirect_wlist_fail’: Redirect Whitelist Failure; ‘redirect_wlist_learn’: Redirect Whitelist Learn; ‘form_set_no_cache’: Form Set No Cache; ‘resp_denied’: Responses Denied;

Type: string

Supported Values: all, total_req, req_allowed, req_denied, bot_check_succ, bot_check_fail, form_consistency_succ, form_consistency_fail, form_csrf_tag_succ, form_csrf_tag_fail, url_check_succ, url_check_fail, url_check_learn, buf_ovf_url_len_fail, buf_ovf_cookie_len_fail, buf_ovf_hdrs_len_fail, buf_ovf_post_size_fail, max_cookies_fail, max_hdrs_fail, http_method_check_succ, http_method_check_fail, http_check_succ, http_check_fail, referer_check_succ, referer_check_fail, referer_check_redirect, uri_wlist_succ, uri_wlist_fail, uri_blist_succ, uri_blist_fail, post_form_check_succ, post_form_check_sanitize, post_form_check_reject, ccn_mask_amex, ccn_mask_diners, ccn_mask_visa, ccn_mask_mastercard, ccn_mask_discover, ccn_mask_jcb, ssn_mask, pcre_mask, cookie_encrypt_succ, cookie_encrypt_fail, cookie_encrypt_limit_exceeded, cookie_encrypt_skip_rcache, cookie_decrypt_succ, cookie_decrypt_fail, sqlia_chk_url_succ, sqlia_chk_url_sanitize, sqlia_chk_url_reject, sqlia_chk_post_succ, sqlia_chk_post_sanitize, sqlia_chk_post_reject, xss_chk_cookie_succ, xss_chk_cookie_sanitize, xss_chk_cookie_reject, xss_chk_url_succ, xss_chk_url_sanitize, xss_chk_url_reject, xss_chk_post_succ, xss_chk_post_sanitize, xss_chk_post_reject, resp_code_hidden, resp_hdrs_filtered, learn_updates, num_drops, num_resets, form_non_ssl_reject, form_non_post_reject, sess_check_none, sess_check_succ, sess_check_fail, soap_check_succ, soap_check_failure, wsdl_fail, wsdl_succ, xml_schema_fail, xml_schema_succ, xml_sqlia_chk_fail, xml_sqlia_chk_succ, xml_xss_chk_fail, xml_xss_chk_succ, json_check_failure, json_check_succ, xml_check_failure, xml_check_succ, buf_ovf_cookie_value_len_fail, buf_ovf_cookies_len_fail, buf_ovf_hdr_name_len_fail, buf_ovf_hdr_value_len_fail, buf_ovf_max_data_parse_fail, buf_ovf_line_len_fail, buf_ovf_parameter_name_len_fail, buf_ovf_parameter_value_len_fail, buf_ovf_parameter_total_len_fail, buf_ovf_query_len_fail, max_entities_fail, max_parameters_fail, buf_ovf_cookie_name_len_fail, xml_limit_attr, xml_limit_attr_name_len, xml_limit_attr_value_len, xml_limit_cdata_len, xml_limit_elem, xml_limit_elem_child, xml_limit_elem_depth, xml_limit_elem_name_len, xml_limit_entity_exp, xml_limit_entity_exp_depth, xml_limit_namespace, xml_limit_namespace_uri_len, json_limit_array_value_count, json_limit_depth, json_limit_object_member_count, json_limit_string, form_non_masked_password, form_non_ssl_password, form_password_autocomplete, redirect_wlist_succ, redirect_wlist_fail, redirect_wlist_learn, form_set_no_cache, resp_denied

xml-schema

Specification
Type object

max-filesize

Description: Set maximum XML-Schema file size (Maximum file size in KBytes, default is 32K)

Type: number

Range: 16-256

Default: 32

uuid

Description: uuid of the object

Type: string