waf template

WAF template

template Specification

Type Collection
Object Key(s) name
Collection Name template-list
Collection URI /axapi/v3/waf/template/
Element Name template
Element URI /axapi/v3/waf/template/{name}
Element Attributes template_attributes
Schema template schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/waf/template/

template Attributes

Create List

POST

/axapi/v3/waf/template/

template Attributes

Get Object

GET

/axapi/v3/waf/template/{name}

template Attributes

Get List

GET

/axapi/v3/waf/template/

template-list

Modify Object

POST

/axapi/v3/waf/template/{name}

template Attributes

Replace Object

PUT

/axapi/v3/waf/template/{name}

template Attributes

Replace List

PUT

/axapi/v3/waf/template/

template-list

Delete Object

DELETE

/axapi/v3/waf/template/{name}

template Attributes

template-list

template-list is JSON List of template Attributes

template-list : [

template Attributes

allowed-http-methods

Description: The Allowed HTTP Methods Check ensures that HTTP requests contain only the HTTP methods that are allowed by the WAF template. By default, only the following methods are allowed: GET, POST.

Type: string

Format: string-rlx

Default: GET POST

bot-check

Description: The WAF bot check option uses the “bot_defs” policy file for search definitions of known bot agents. If bot checking is enabled in the WAF template and a match is found with the “bot_defs” policy file, the request is denied automatically.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

bot-check-policy-file

Description: Name of a Bot Check policy file that has been uploaded onto the ACOS device.

Type: string

ccn-mask

Description: The CCN mask examines strings of outbound replies from the Web server for patterns of numerical characters that resemble credit card numbers (CCN). If the WAF identifies a credit card number, the WAF replaces all but the last four digits of credit card numbers with “x” characters.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cookie-encryption-secret

Description: Sets the specified secret-passphrase string to encrypt and decrypt cookies in server to client communication.

Type: string

Format: password

cookie-name

Description: The name of a cookie or PCRE expression. This option encrypts cookies by a specific name or for all cookies that match a PCRE expression.

Type: string

Format: string-rlx

csrf-check

Description: Tags fields of a web form to protect against cross-site request forgery (CSRF).

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-entities

Description: Enables decoding of entities, such as < &#xx; &#ddd; &xXX, in an internal URL.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-escaped-chars

Description: Enables decoding of escaped characters, such as r n ” xXX, in internal URLs.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decode-hex-chars

Description: Enables decoding of hexadecimal characters, such as %xx and %u00y, in an internal URL.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny-non-masked-passwords

Description: Enable this option to prevent “should surfing” by denying the web server’s attempt to send a form through the WAF unless the field type for the password field has been set to “password.”

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny-non-ssl-passwords

Description: Enable this option to deny user passwords that are sent over a non-encrypted connection.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny-password-autocomplete

Description: Enable this option to deny web server attempts to transmit the form if one of the form fields type is set to “password” and if the “autocomplete” attribute is set to “on.”

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deploy-mode

Description: The WAF supports the following operational modes:

  • Active : This is the standard operational mode. You must use Active Mode if you want the WAF to sanitize or drop traffic based on the configured WAF policies.
  • Passive : Passive Mode provides passive WAF operation. All enabled WAF checks are applied, but no WAF action is performed upon matching traffic. This mode is useful in staging environments to identify false positives for filtering.
  • Learning : Learning Mode provides a way to initially set the thresholds for certain WAF checks based on known, valid traffic.

Type: string

Supported Values: active, passive, learning

Default: active

disable

Description: Disables a previously configured WAF policy template.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-resp-hdrs

Description: Specify this option to remove the Web server’s identifying headers in outgoing responses.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-consistency-check

Description: This option checks to ensure that the user input to a form field conforms to the form field tag and is consistent with the intended format.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-deny-non-post

Description: Deny HTTP requests containing forms if the method used is anything other than POST.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-deny-non-ssl

Description: Deny HTTP requests containing forms if the transmission protocol used is anything other than SSL (TLS).

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

form-set-no-cache

Description: Enabling this option adds “no-cache directives” if the HTTP response contains <form> tags. The “no-cache” behavior is enforced by adding the following headers: (1) Cache-Control: no-cache, no-store, must-revalidate, (2) Pragma: no-cache, (3) Expires: 0.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hide-resp-codes

Description: When this option is enabled, the ACOS device, cloaks response codes for outbound responses from the Web server.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hide-resp-codes-file

Description: Specify which response codes should be hidden.

Type: string

http-check

Description: Checks that user requests are compliant with HTTP protocols.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

http-redirect

Description: Redirects a client to the specified URL.

Type: string

Format: string-rlx

Mutual Exclusion: http-redirect http-resp-200, reset-conn and http-resp-403 are mutually exclusive

http-resp-200

Description: Sends a 200 OK response to the client with the specified resp-string. The default string returns a generic “Request Denied!” page to the client.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: http-resp-200 http-redirect, reset-conn and http-resp-403 are mutually exclusive

http-resp-403

Description: Sends a 403 Forbidden response to the client. The default string returns a generic “Request Denied!” page to the client.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: http-resp-403 http-redirect, http-resp-200 and reset-conn are mutually exclusive

json-format-check

Description: Examines the format of incoming JSON requests, checks for compliance with RFC 4627, and blocks requests if the JSON con­tent is not well-formed.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

keep-end

Description: Sets the number of unmasked characters at the end of the string.

Type: number

Range: 0-65535

keep-start

Description: Sets the number of unmasked characters at the beginning of the string.

Type: number

Range: 0-65535

lifetime

Description: This option determines the lifetime for the session-tracking ID.

Type: number

Range: 1-1440

log-succ-reqs

Description: Specify whether to log a message when the request is allowed through the WAF.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

logging

Description: Select the name of a configured logging template to direct WAF logging activity.

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/template/logging

mask

Description: Character to mask the matched pattern (default: X)

Type: string

Format: string-rlx

max-array-value-count

Description: Limits the maximum number of values within a single JSON array.

Type: number

Range: 0-4096

Default: 256

max-attr

Description: Limits the maximum number of attributes each individual element is allowed to have.

Type: number

Range: 0-256

Default: 256

max-attr-name-len

Description: Limits the maximum length of each attribute name.

Type: number

Range: 0-2048

Default: 128

max-attr-value-len

Description: Limits the maximum length of each attribute value.

Type: number

Range: 0-4096

Default: 128

max-cdata-len

Description: Limits the length of the CDATA section for each element.

Type: number

Range: 0-65535

Default: 65535

max-cookie-len

Description: Specify the maximum total length for all cookies in a request.

Type: number

Range: 0-65535

Default: 4096

max-cookie-name-len

Description: Specify the maximum length for cookie names allowed in a request.

Type: number

Range: 0-65535

Default: 64

max-cookie-value-len

Description: Specify the maximum value length for cookie values allowed in a request.

Type: number

Range: 0-65535

Default: 4096

max-cookies

Description: Specify the maximum total number of cookies a request can contain.

Type: number

Range: 0-63

Default: 20

max-cookies-len

Description: Specify the maximum length for cookies, cookie names, and/or cookie values allowed in a request.

Type: number

Range: 0-65535

Default: 4096

max-data-parse

Description: Specify the maximum amount of data that can be parsed in a request.

Type: number

Range: 0-262144

Default: 65536

max-depth

Description: Limits the maximum depth in a JSON value to a maximum recursion depth ranging.

Type: number

Range: 0-4096

Default: 16

max-elem

Description: Limits the maximum number of any one type of element per XML document.

Type: number

Range: 0-8192

Default: 1024

max-elem-child

Description: Limits the maximum number of children each element is allowed, and includes other elements, character information, and comments.

Type: number

Range: 0-4096

Default: 1024

max-elem-depth

Description: Limits the maximum number of nested levels in each element.

Type: number

Range: 0-4096

Default: 256

max-elem-name-len

Description: Limits the maximum length of name of each element.

Type: number

Range: 0-65535

Default: 128

max-entities

Description: Specify the maximum number of MIME entities allowed in a request.

Type: number

Range: 0-512

Default: 10

max-entity-exp

Description: Limits the number of entity expansions allowed.

Type: number

Range: 0-1024

Default: 1024

max-entity-exp-depth

Description: Limits the number of entity expansions allowed.

Type: number

Range: 0-32

Default: 32

max-hdr-name-len

Description: Specify the maximum header length for header names allowed in requests.

Type: number

Range: 0-63

Default: 63

max-hdr-value-len

Description: Specify the maximum header length for header values allowed in requests.

Type: number

Range: 0-65535

Default: 4096

max-hdrs

Description: Specify the maximum total number of headers a request can contain.

Type: number

Range: 0-255

Default: 20

max-hdrs-len

Description: Specify the maximum header length for headers, header names, and/or header values allowed in requests.

Type: number

Range: 0-65535

Default: 4096

max-line-len

Description: Specify the maximum line length allowed in requests.

Type: number

Range: 0-16127

Default: 1024

max-namespace

Description: Limits the number of namespace declarations in XML document.

Type: number

Range: 0-256

Default: 16

max-namespace-uri-len

Description: Limits the URL length for each namespace declaration.

Type: number

Range: 0-1024

Default: 256

max-object-member-count

Description: Limits the number of members allowed in a JSON object.

Type: number

Range: 0-4096

Default: 256

max-parameter-name-len

Description: Specify the maximum HTML parameter length allowed for the parameter names.

Type: number

Range: 0-1024

Default: 256

max-parameter-total-len

Description: Specify the maximum HTML parameter length allowed for the total parameters.

Type: number

Range: 0-102400000

Default: 4096

max-parameter-value-len

Description: Specify the maximum HTML parameter length allowed for parameter values.

Type: number

Range: 0-102400000

Default: 4096

max-parameters

Description: Specify the maximum total number of HTML parameters.

Type: number

Range: 0-1024

Default: 64

max-post-size

Description: Specify the maximum content amount allowed in HTTP POST requests.

Type: number

Range: 0-2147483647

Default: 20480

max-query-len

Description: Specify the maximum length for queries allowed in requests.

Type: number

Range: 0-16127

Default: 1024

max-string

Description: Limits the length of a string (in bytes) in a JSON request for a name or a value.

Type: number

Range: 0-4096

Default: 64

max-url-len

Description: Specify the maximum URL length allowed in requests.

Type: number

Range: 0-16127

Default: 1024

name

Description: Name for the WAF template.

Type: string

Format: string-rlx

Required: Yes

pcre-mask

Description: Masks patterns in a response that match the specified PCRE pattern.

  • Note: You can configure PCRE patterns to match only on string of fixed length. For this reason, wild-card characters that can mask excessively long strings (* and +) are not supported.
  • If either the asterisk (*) or plus symbol (+) is detected during the syntax check, the syntax check will automatically fail. To use an expression that matches an actual “*” or “+” character, use an escape character () before the matched symbol. For exam­ple, to search for the actual asterisk (*) or plus character (+), enter “*” or “+”.

Type: string

Format: string-rlx

redirect-wlist

Description: This option enables protection against unvalidated redirects, which can occur if a hacker uses social networking to trick unsuspecting users into clicking on a malicious hyperlink.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

referer-check

Description: Validates that the referer header in a request con­tains Web form data from the specified Web server, rather than from an out­side Web site. This check pro­tects against CSRF attacks.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

referer-domain-list

Description: A list of domains which are to be used as referers.

Type: string

Format: string-rlx

Mutual Exclusion: referer-domain-list and referer-domain-list-only are mutually exclusive

referer-domain-list-only

Description: A list of referer domains that are specified for the user and can be validated.

Type: string

Format: string-rlx

Mutual Exclusion: referer-domain-list-only and referer-domain-list are mutually exclusive

referer-safe-url

Description: Specify a safe URL to which to redirect if the referer is missing.

Type: string

Format: string-rlx

remove-comments

Description: Enables removal of comments from an internal URL.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

remove-selfref

Description: Enables removal of self-references, such as / ./ and /path/../ from internal URLs.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

remove-spaces

Description: Enables removal of spaces from an internal URL.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset-conn

Description: Sends a TCP RST to the client to end the connection.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: reset-conn http-redirect, http-resp-200 and http-resp-403 are mutually exclusive

resp-url-200

Description: Response content to send client when denying request

Type: string

Format: string-rlx

resp-url-403

Description: Response content to send client when denying request

Type: string

Format: string-rlx

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

secret-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

session-check

Description: Enabling this option creates an ID for a client request and inserts it in a cookie in the response. Future requests from the same client are validated against the session cookie. If the ID or IP do not match, then the request will be rejected.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

soap-format-check

Description: When this option is enabled, incoming client requests are checked to insure that the Simple Object Access Protocol (SOAP) requests are well-formed.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sqlia-check

Description: Checks for SQL strings to protect against SQL injection attacks.

Type: string

Supported Values: reject, sanitize

sqlia-check-policy-file

Description: Name of the WAF policy file listing the defined SQL commands in the “sqlia_defs”.

Type: string

ssn-mask

Description: This check scans HTTP responses for strings that resemble US Social Security numbers and masks all but the last four digits of the string with “x” characters in a response.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uri-blist-check

Description: Specify whether to enable URI black list check.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uri-wlist-check

Description: Specify whether to enable URI white list check.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

url-check

Description: The URL Check allows users to only access Web pages by clicking a hyperlink on your protected Web site.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

waf-blist-file

Description: A URI Black List specifies exclusion criteria for incoming requests. If the URI of an incoming request matches a rule in the URI Black List, the request is automatically blocked. The URI Black List takes priority over a URI White List. That is, even if a URI matches acceptance criteria within the URI White List, a connection is blocked automatically if it meets a rule in the separate URI Black List.

Type: string

waf-wlist-file

Description: Name of WAF policy list file. A URI White List check compares the URI of an incoming request with the expressions contained in the URI Whitelist policy file. Connection requests are accepted only if the request matches a criterion in the URI White List.

Type: string

wsdl-file

Description: Specify name of WSDL file for verifying XML body contents.

Type: string

Mutual Exclusion: wsdl-file and wsdl-resp-val-file are mutually exclusive

wsdl-resp-val-file

Description: Specify name of WSDL file for verifying XML body contents

Type: string

Mutual Exclusion: wsdl-resp-val-file and wsdl-file are mutually exclusive

xml-format-check

Description: When this option is enabled, HTTP body will be checked for XML format compliance.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

xml-schema-file

Description: Specify name of XML-Schema file for verifying XML body contents

Type: string

Mutual Exclusion: xml-schema-file and xml-schema-resp-val-file are mutually exclusive

xml-schema-resp-val-file

Description: Specify name of XML-Schema file for verifying XML body contents

Type: string

Mutual Exclusion: xml-schema-resp-val-file and xml-schema-file are mutually exclusive

xml-sqlia-check

Description: Checks XML data to protect against SQL injection attacks.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

xml-xss-check

Description: When this option is enabled, XML data is checked against XSS policy. The XML cross-site scripting check examines the headers and bodies of incoming XML requests for Javascript keywords that might indicate possible cross-site scripting attacks and blocks those requests.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

xss-check

Description: Checks for potential HTML XSS scripts to protect against cross-site scripting attacks.

Type: string

Supported Values: reject, sanitize

xss-check-policy-file

Description: The XSS check uses the list of defined Javascript commands in the “jscript_defs” WAF policy file.

Type: string

sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘total_req’: Total Requests; ‘req_allowed’: Requests Allowed; ‘req_denied’: Requests Denied; ‘bot_check_succ’: Botnet Check Success; ‘bot_check_fail’: Botnet Check Failure; ‘form_consistency_succ’: Form Consistency Success; ‘form_consistency_fail’: Form Consistency Failure; ‘form_csrf_tag_succ’: Form CSRF tag Success; ‘form_csrf_tag_fail’: Form CSRF tag Failure; ‘url_check_succ’: URL Check Success; ‘url_check_fail’: URL Check Failure; ‘url_check_learn’: URL Check Learn; ‘buf_ovf_url_len_fail’: Buffer Overflow - URL Length Failure; ‘buf_ovf_cookie_len_fail’: Buffer Overflow - Cookie Length Failure; ‘buf_ovf_hdrs_len_fail’: Buffer Overflow - Headers length Failure; ‘buf_ovf_post_size_fail’: Buffer Overflow - Post size Failure; ‘max_cookies_fail’: Max Cookies Failure; ‘max_hdrs_fail’: Max Headers Failure; ‘http_method_check_succ’: Http Method Check Success; ‘http_method_check_fail’: Http Method Check Failure; ‘http_check_succ’: Http Check Success; ‘http_check_fail’: Http Check Failure; ‘referer_check_succ’: Referer Check Success; ‘referer_check_fail’: Referer Check Failure; ‘referer_check_redirect’: Referer Check Redirect; ‘uri_wlist_succ’: URI White List Success; ‘uri_wlist_fail’: URI White List Failure; ‘uri_blist_succ’: URI Black List Success; ‘uri_blist_fail’: URI Black List Failure; ‘post_form_check_succ’: Post Form Check Success; ‘post_form_check_sanitize’: Post Form Check Sanitized; ‘post_form_check_reject’: Post Form Check Rejected; ‘ccn_mask_amex’: Credit Card Number Mask Amex; ‘ccn_mask_diners’: Credit Card Number Mask Diners; ‘ccn_mask_visa’: Credit Card Number Mask Visa; ‘ccn_mask_mastercard’: Credit Card Number Mask Mastercard; ‘ccn_mask_discover’: Credit Card Number Mask Discover; ‘ccn_mask_jcb’: Credit Card Number Mask Jcb; ‘ssn_mask’: Social Security Number Mask; ‘pcre_mask’: PCRE Mask; ‘cookie_encrypt_succ’: Cookie Encrypt Success; ‘cookie_encrypt_fail’: Cookie Encrypt Failure; ‘cookie_encrypt_limit_exceeded’: Cookie Encrypt Limit Exceeded; ‘cookie_encrypt_skip_rcache’: Cookie Encrypt Skip RCache; ‘cookie_decrypt_succ’: Cookie Decrypt Success; ‘cookie_decrypt_fail’: Cookie Decrypt Failure; ‘sqlia_chk_url_succ’: SQLIA Check URL Success; ‘sqlia_chk_url_sanitize’: SQLIA Check URL Sanitized; ‘sqlia_chk_url_reject’: SQLIA Check URL Rejected; ‘sqlia_chk_post_succ’: SQLIA Check Post Success; ‘sqlia_chk_post_sanitize’: SQLIA Check Post Sanitized; ‘sqlia_chk_post_reject’: SQLIA Check Post Rejected; ‘xss_chk_cookie_succ’: XSS Check Cookie Success; ‘xss_chk_cookie_sanitize’: XSS Check Cookie Sanitized; ‘xss_chk_cookie_reject’: XSS Check Cookie Rejected; ‘xss_chk_url_succ’: XSS Check URL Success; ‘xss_chk_url_sanitize’: XSS Check URL Sanitized; ‘xss_chk_url_reject’: XSS Check URL Rejected; ‘xss_chk_post_succ’: XSS Check Post Success; ‘xss_chk_post_sanitize’: XSS Check Post Sanitized; ‘xss_chk_post_reject’: XSS Check Post Rejected; ‘resp_code_hidden’: Response Code Hidden; ‘resp_hdrs_filtered’: Response Headers Filtered; ‘learn_updates’: Learning Updates; ‘num_drops’: Number Drops; ‘num_resets’: Number Resets; ‘form_non_ssl_reject’: Form Non SSL Rejected; ‘form_non_post_reject’: Form Non Post Rejected; ‘sess_check_none’: Session Check None; ‘sess_check_succ’: Session Check Success; ‘sess_check_fail’: Session Check Failure; ‘soap_check_succ’: Soap Check Success; ‘soap_check_failure’: Soap Check Failure; ‘wsdl_fail’: WSDL Failure; ‘wsdl_succ’: WSDL Success; ‘xml_schema_fail’: XML Schema Failure; ‘xml_schema_succ’: XML Schema Success; ‘xml_sqlia_chk_fail’: XML Sqlia Check Failure; ‘xml_sqlia_chk_succ’: XML Sqlia Check Success; ‘xml_xss_chk_fail’: XML XSS Check Failure; ‘xml_xss_chk_succ’: XML XSS Check Success; ‘json_check_failure’: JSON Check Failure; ‘json_check_succ’: JSON Check Success; ‘xml_check_failure’: XML Check Failure; ‘xml_check_succ’: XML Check Success; ‘buf_ovf_cookie_value_len_fail’: Buffer Overflow - Cookie Value Length Failure; ‘buf_ovf_cookies_len_fail’: Buffer Overflow - Cookies Length Failure; ‘buf_ovf_hdr_name_len_fail’: Buffer Overflow - Header Name Length Failure; ‘buf_ovf_hdr_value_len_fail’: Buffer Overflow - Header Value Length Failure; ‘buf_ovf_max_data_parse_fail’: Buffer Overflow - Max Data Parse Failure; ‘buf_ovf_line_len_fail’: Buffer Overflow - Line Length Failure; ‘buf_ovf_parameter_name_len_fail’: Buffer Overflow - HTML Parameter Name Length Failure; ‘buf_ovf_parameter_value_len_fail’: Buffer Overflow - HTML Parameter Value Length Failure; ‘buf_ovf_parameter_total_len_fail’: Buffer Overflow - HTML Parameter Total Length Failure; ‘buf_ovf_query_len_fail’: Buffer Overflow - Query Length Failure; ‘max_entities_fail’: Max Entities Failure; ‘max_parameters_fail’: Max Parameters Failure; ‘buf_ovf_cookie_name_len_fail’: Buffer Overflow - Cookie Name Length Failure; ‘xml_limit_attr’: XML Limit Attribue; ‘xml_limit_attr_name_len’: XML Limit Name Length; ‘xml_limit_attr_value_len’: XML Limit Value Length; ‘xml_limit_cdata_len’: XML Limit CData Length; ‘xml_limit_elem’: XML Limit Element; ‘xml_limit_elem_child’: XML Limit Element Child; ‘xml_limit_elem_depth’: XML Limit Element Depth; ‘xml_limit_elem_name_len’: XML Limit Element Name Length; ‘xml_limit_entity_exp’: XML Limit Entity Exp; ‘xml_limit_entity_exp_depth’: XML Limit Entity Exp Depth; ‘xml_limit_namespace’: XML Limit Namespace; ‘xml_limit_namespace_uri_len’: XML Limit Namespace URI Length; ‘json_limit_array_value_count’: JSON Limit Array Value Count; ‘json_limit_depth’: JSON Limit Depth; ‘json_limit_object_member_count’: JSON Limit Object Number Count; ‘json_limit_string’: JSON Limit String; ‘form_non_masked_password’: Form Non Masked Password; ‘form_non_ssl_password’: Form Non SSL Password; ‘form_password_autocomplete’: Form Password Autocomplete; ‘redirect_wlist_succ’: Redirect Whitelist Success; ‘redirect_wlist_fail’: Redirect Whitelist Failure; ‘redirect_wlist_learn’: Redirect Whitelist Learn; ‘form_set_no_cache’: Form Set No Cache; ‘resp_denied’: Responses Denied;

Type: string

Supported Values: all, total_req, req_allowed, req_denied, bot_check_succ, bot_check_fail, form_consistency_succ, form_consistency_fail, form_csrf_tag_succ, form_csrf_tag_fail, url_check_succ, url_check_fail, url_check_learn, buf_ovf_url_len_fail, buf_ovf_cookie_len_fail, buf_ovf_hdrs_len_fail, buf_ovf_post_size_fail, max_cookies_fail, max_hdrs_fail, http_method_check_succ, http_method_check_fail, http_check_succ, http_check_fail, referer_check_succ, referer_check_fail, referer_check_redirect, uri_wlist_succ, uri_wlist_fail, uri_blist_succ, uri_blist_fail, post_form_check_succ, post_form_check_sanitize, post_form_check_reject, ccn_mask_amex, ccn_mask_diners, ccn_mask_visa, ccn_mask_mastercard, ccn_mask_discover, ccn_mask_jcb, ssn_mask, pcre_mask, cookie_encrypt_succ, cookie_encrypt_fail, cookie_encrypt_limit_exceeded, cookie_encrypt_skip_rcache, cookie_decrypt_succ, cookie_decrypt_fail, sqlia_chk_url_succ, sqlia_chk_url_sanitize, sqlia_chk_url_reject, sqlia_chk_post_succ, sqlia_chk_post_sanitize, sqlia_chk_post_reject, xss_chk_cookie_succ, xss_chk_cookie_sanitize, xss_chk_cookie_reject, xss_chk_url_succ, xss_chk_url_sanitize, xss_chk_url_reject, xss_chk_post_succ, xss_chk_post_sanitize, xss_chk_post_reject, resp_code_hidden, resp_hdrs_filtered, learn_updates, num_drops, num_resets, form_non_ssl_reject, form_non_post_reject, sess_check_none, sess_check_succ, sess_check_fail, soap_check_succ, soap_check_failure, wsdl_fail, wsdl_succ, xml_schema_fail, xml_schema_succ, xml_sqlia_chk_fail, xml_sqlia_chk_succ, xml_xss_chk_fail, xml_xss_chk_succ, json_check_failure, json_check_succ, xml_check_failure, xml_check_succ, buf_ovf_cookie_value_len_fail, buf_ovf_cookies_len_fail, buf_ovf_hdr_name_len_fail, buf_ovf_hdr_value_len_fail, buf_ovf_max_data_parse_fail, buf_ovf_line_len_fail, buf_ovf_parameter_name_len_fail, buf_ovf_parameter_value_len_fail, buf_ovf_parameter_total_len_fail, buf_ovf_query_len_fail, max_entities_fail, max_parameters_fail, buf_ovf_cookie_name_len_fail, xml_limit_attr, xml_limit_attr_name_len, xml_limit_attr_value_len, xml_limit_cdata_len, xml_limit_elem, xml_limit_elem_child, xml_limit_elem_depth, xml_limit_elem_name_len, xml_limit_entity_exp, xml_limit_entity_exp_depth, xml_limit_namespace, xml_limit_namespace_uri_len, json_limit_array_value_count, json_limit_depth, json_limit_object_member_count, json_limit_string, form_non_masked_password, form_non_ssl_password, form_password_autocomplete, redirect_wlist_succ, redirect_wlist_fail, redirect_wlist_learn, form_set_no_cache, resp_denied

stats data

Counter Size Description
redirect_wlist_fail 2 Redirect Whitelist Failure
cookie_encrypt_limit_exceeded 2 Cookie Encrypt Limit Exceeded
wsdl_succ 2 WSDL Success
sqlia_chk_url_succ 2 SQLIA Check URL Success
bot_check_succ 2 Botnet Check Success
buf_ovf_cookie_name_len_fail 2 Buffer Overflow - Cookie Name Length Failure
redirect_wlist_learn 2 Redirect Whitelist Learn
xml_limit_elem_child 2 XML Limit Element Child
buf_ovf_parameter_value_len_fail 2 Buffer Overflow - HTML Parameter Value Length Failure
ccn_mask_visa 2 Credit Card Number Mask Visa
xss_chk_cookie_succ 2 XSS Check Cookie Success
buf_ovf_cookies_len_fail 2 Buffer Overflow - Cookies Length Failure
redirect_wlist_succ 2 Redirect Whitelist Success
json_check_failure 2 JSON Check Failure
xss_chk_post_reject 2 XSS Check Post Rejected
xss_chk_url_reject 2 XSS Check URL Rejected
form_consistency_succ 2 Form Consistency Success
xml_limit_cdata_len 2 XML Limit CData Length
xml_check_failure 2 XML Check Failure
num_resets 2 Number Resets
referer_check_succ 2 Referer Check Success
sqlia_chk_post_succ 2 SQLIA Check Post Success
xss_chk_url_sanitize 2 XSS Check URL Sanitized
cookie_encrypt_succ 2 Cookie Encrypt Success
buf_ovf_parameter_total_len_fail 2 Buffer Overflow - HTML Parameter Total Length Failure
soap_check_succ 2 Soap Check Success
max_cookies_fail 2 Max Cookies Failure
json_limit_array_value_count 2 JSON Limit Array Value Count
xml_limit_entity_exp_depth 2 XML Limit Entity Exp Depth
json_check_succ 2 JSON Check Success
resp_code_hidden 2 Response Code Hidden
xml_sqlia_chk_fail 2 XML Sqlia Check Failure
xss_chk_post_succ 2 XSS Check Post Success
form_consistency_fail 2 Form Consistency Failure
http_check_fail 2 Http Check Failure
url_check_succ 2 URL Check Success
sqlia_chk_url_sanitize 2 SQLIA Check URL Sanitized
xss_chk_cookie_reject 2 XSS Check Cookie Rejected
max_entities_fail 2 Max Entities Failure
xml_limit_attr 2 XML Limit Attribue
http_method_check_fail 2 Http Method Check Failure
form_non_ssl_reject 2 Form Non SSL Rejected
xss_chk_post_sanitize 2 XSS Check Post Sanitized
form_set_no_cache 2 Form Set No Cache
xml_schema_succ 2 XML Schema Success
sqlia_chk_url_reject 2 SQLIA Check URL Rejected
xml_check_succ 2 XML Check Success
sess_check_none 2 Session Check None
xml_limit_namespace 2 XML Limit Namespace
wsdl_fail 2 WSDL Failure
post_form_check_succ 2 Post Form Check Success
buf_ovf_query_len_fail 2 Buffer Overflow - Query Length Failure
sqlia_chk_post_reject 2 SQLIA Check Post Rejected
form_password_autocomplete 2 Form Password Autocomplete
xml_xss_chk_fail 2 XML XSS Check Failure
buf_ovf_url_len_fail 2 Buffer Overflow - URL Length Failure
buf_ovf_cookie_len_fail 2 Buffer Overflow - Cookie Length Failure
form_csrf_tag_succ 2 Form CSRF tag Success
xss_chk_cookie_sanitize 2 XSS Check Cookie Sanitized
xml_limit_entity_exp 2 XML Limit Entity Exp
ccn_mask_diners 2 Credit Card Number Mask Diners
sess_check_succ 2 Session Check Success
json_limit_depth 2 JSON Limit Depth
cookie_encrypt_skip_rcache 2 Cookie Encrypt Skip RCache
learn_updates 2 Learning Updates
req_denied 2 Requests Denied
http_check_succ 2 Http Check Success
req_allowed 2 Requests Allowed
json_limit_object_member_count 2 JSON Limit Object Number Count
bot_check_fail 2 Botnet Check Failure
uri_wlist_fail 2 URI White List Failure
uri_blist_fail 2 URI Black List Failure
xml_limit_namespace_uri_len 2 XML Limit Namespace URI Length
sqlia_chk_post_sanitize 2 SQLIA Check Post Sanitized
ccn_mask_amex 2 Credit Card Number Mask Amex
num_drops 2 Number Drops
referer_check_fail 2 Referer Check Failure
post_form_check_sanitize 2 Post Form Check Sanitized
cookie_decrypt_succ 2 Cookie Decrypt Success
max_parameters_fail 2 Max Parameters Failure
url_check_fail 2 URL Check Failure
xml_schema_fail 2 XML Schema Failure
form_non_post_reject 2 Form Non Post Rejected
buf_ovf_hdrs_len_fail 2 Buffer Overflow - Headers length Failure
uri_wlist_succ 2 URI White List Success
form_non_masked_password 2 Form Non Masked Password
buf_ovf_line_len_fail 2 Buffer Overflow - Line Length Failure
ccn_mask_discover 2 Credit Card Number Mask Discover
ssn_mask 2 Social Security Number Mask
json_limit_string 2 JSON Limit String
resp_hdrs_filtered 2 Response Headers Filtered
ccn_mask_mastercard 2 Credit Card Number Mask Mastercard
xml_sqlia_chk_succ 2 XML Sqlia Check Success
max_hdrs_fail 2 Max Headers Failure
xml_limit_attr_name_len 2 XML Limit Name Length
form_non_ssl_password 2 Form Non SSL Password
buf_ovf_hdr_value_len_fail 2 Buffer Overflow - Header Value Length Failure
uri_blist_succ 2 URI Black List Success
sess_check_fail 2 Session Check Failure
buf_ovf_hdr_name_len_fail 2 Buffer Overflow - Header Name Length Failure
resp_denied 2 Responses Denied
pcre_mask 2 PCRE Mask
xml_limit_elem 2 XML Limit Element
buf_ovf_parameter_name_len_fail 2 Buffer Overflow - HTML Parameter Name Length Failure
xml_limit_attr_value_len 2 XML Limit Value Length
xml_limit_elem_depth 2 XML Limit Element Depth
ccn_mask_jcb 2 Credit Card Number Mask Jcb
cookie_decrypt_fail 2 Cookie Decrypt Failure
buf_ovf_cookie_value_len_fail 2 Buffer Overflow - Cookie Value Length Failure
buf_ovf_max_data_parse_fail 2 Buffer Overflow - Max Data Parse Failure
total_req 2 Total Requests
xml_limit_elem_name_len 2 XML Limit Element Name Length
url_check_learn 2 URL Check Learn
http_method_check_succ 2 Http Method Check Success
xss_chk_url_succ 2 XSS Check URL Success
referer_check_redirect 2 Referer Check Redirect
post_form_check_reject 2 Post Form Check Rejected
cookie_encrypt_fail 2 Cookie Encrypt Failure
soap_check_failure 2 Soap Check Failure
form_csrf_tag_fail 2 Form CSRF tag Failure
xml_xss_chk_succ 2 XML XSS Check Success
buf_ovf_post_size_fail 2 Buffer Overflow - Post size Failure