Update RTLD WAF Profile

Updates a RTLD WAF profile.

Request

Update your RTLD WAF profile via the following request:

HTTP Method	Request URI
PUT	https://api.vdms.io/rtld/v1/waf/profiles/ProfileID

Define the following variable when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3).	Description
ProfileID Required	Replace this variable with the ID assigned to your RTLD WAF profile. Reference the items[0].id parameter from the Get All RTLD WAF Profiles endpoint to find out the ID assigned to your RTLD WAF profile.

Description

ProfileID

Required

Replace this variable with the ID assigned to your RTLD WAF profile.

Reference the items[0].id parameter from the Get All RTLD WAF Profiles endpoint to find out the ID assigned to your RTLD WAF profile.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Unlike requests to api.edgecast.com, requests to our API gateway (api.vdms.io) require an access token (OAuth).

Request Body

Pass the following request body parameters:

Name	Data Type	Description
@id	String	Indicates the relative path to the requested endpoint.
@type	String	Set to RtldSetting.
aws_s3 Required	Object	Required when delivery_method is set to aws_s3. Contains the configuration for the AWS S3 log delivery method.
azure_blob_storage Required	Object	Required when delivery_method is set to azure_blob_storage. Contains the configuration for the Azure Blob Storage log delivery method.
datadog Required	Object	Required when delivery_method is set to datadog. Contains the configuration for the Datadog log delivery method.
delivery_method Required	String	Determines the destination (e.g., aws_s3 or azure_blob_storage) to which log data will be delivered. Use the Get Log Delivery Methods endpoint to retrieve the set of valid values for this parameter. You should only configure the delivery method defined by this parameter. For example, if you set this parameter to http_post, you should define the http_post object and then either omit or set the objects for other delivery methods (e.g., aws_s3 or azure_blob_storage) to null.
description	String	Defines the log delivery profile's description. Limit this description to 100 characters.
downsampling_rate	Decimal	Determines the rate at which log data will be downsampled. Omit or set this parameter to null to disable log data downsampling. Use the Get Log Downsampling Rates endpoint to retrieve the set of valid values for this parameter.
enabled	Boolean	Determines whether RTLD will use this profile to deliver log data. Valid values are: true \| false
fields Required	Array of string values	Defines the set of log fields that will be delivered. Use the Get Log Fields (RTLD WAF) endpoint to retrieve the set of valid values for this parameter.
filters	Object	Contains your log data filtering configuration.
gcs Required	Object	Required when delivery_method is set to gcs. Contains the configuration for the Google Cloud Storage log delivery method.
http_post Required	Object	Required when delivery_method is set to http_post. Contains the configuration for the HTTP POST log delivery method.
id Required	Integer	Identifies a RTLD WAF profile by its system-defined ID.
log_format	String	Determines the log data's format. Valid values are: json \| json_array \| json_lines This property may only be defined when delivery_method is set to http_post, aws_s3, azure_blob_storage, or gcs. RTLD uses a default log format when this property is set to a null value. Learn more.
new_relic	Object	Reserved for future use.
profile_name	String	Determines the log delivery profile's name. Limit this unique name to 36 characters.
splunk_enterprise Required	Object	Required when delivery_method is set to splunk_enterprise. Contains the configuration for the Splunk Enterprise log delivery method.
sumo_logic Required	Object	Required when delivery_method is set to sumo_logic. Contains the configuration for the Sumo Logic log delivery method.

aws_s3 Object

The aws_s3 object describes the AWS S3 log delivery method using the following properties:

Name	Data Type	Description
bucket Required	String	Required when delivery_method is set to aws_s3. Determines the AWS S3 bucket to which log data will be delivered.
prefix	String	Defines the prefix that identifies a virtual log file storage location and/or a prefix that will be added to each object added to your bucket. Learn more.
region Required	String	Required when delivery_method is set to aws_s3. Determines the region assigned to the AWS S3 bucket defined by the bucket parameter. Use the Get AWS Regions endpoint to retrieve the set of valid values for this parameter.

Name

Data Type

Description

bucket

Required

String

Required when delivery_method is set to aws_s3.

Determines the AWS S3 bucket to which log data will be delivered.

prefix

String

Defines the prefix that identifies a virtual log file storage location and/or a prefix that will be added to each object added to your bucket.

Learn more.

region

Required

String

Required when delivery_method is set to aws_s3.

Determines the region assigned to the AWS S3 bucket defined by the bucket parameter.

Use the Get AWS Regions endpoint to retrieve the set of valid values for this parameter.

azure_blob_storage Object

The azure_blob_storage object describes the Azure Blob Storage log delivery method using the following properties:

Name	Data Type	Description
access_key Required	String	Required when access_type is set to access_key. Determines the access key through which log data uploads will be authorized.
access_type Required	String	Required when delivery_method is set to azure_blob_storage. Determines whether log data uploads will be authorized via a SAS token or an access key. Use the Get Access Types (Azure Blob Storage) endpoint to retrieve the set of valid values for this parameter.
prefix	String	Defines a virtual log file storage location and/or a prefix that will be added to each log file added to your container. Learn more.
token Required	String	Required when access_type is set to sas_token. Defines the SAS token through which log data uploads will be authorized.
url Required	String	Required when delivery_method is set to azure_blob_storage. Defines a URL that points to the Blob container to which log data will be posted. Learn more.

datadog Object

The datadog object describes the Datadog log delivery method using the following properties:

Name	Data Type	Description
api_key Required	String	Required when delivery_method is set to datadog. Defines the API key through which log data uploads will be authorized.
service_attribute_value Required	String	Required when delivery_method is set to datadog. Defines a value through which uploaded log data will be identified within the Datadog environment.
site Required	String	Required when delivery_method is set to datadog. Determines the Datadog site to which log data will be delivered. Valid values are: us \| eu

Name

Data Type

Description

api_key

Required

String

Required when delivery_method is set to datadog.

Defines the API key through which log data uploads will be authorized.

service_attribute_value

Required

String

Required when delivery_method is set to datadog.

Defines a value through which uploaded log data will be identified within the Datadog environment.

site

Required

String

Required when delivery_method is set to datadog.

Determines the Datadog site to which log data will be delivered. Valid values are:

us | eu

gcs Object

The gcs object describes the Google Cloud Storage log delivery method using the following properties:

Name	Data Type	Description
bucket Required	String	Required when delivery_method is set to gcs. Determines the Google Cloud Storage bucket to which log data will be delivered.
prefix	String	Defines the prefix that identifies a virtual log file storage location and/or a prefix that will be added to each object added to your bucket. Learn more.

Name

Data Type

Description

bucket

Required

String

Required when delivery_method is set to gcs.

Determines the Google Cloud Storage bucket to which log data will be delivered.

prefix

String

Defines the prefix that identifies a virtual log file storage location and/or a prefix that will be added to each object added to your bucket.

Learn more.

filters Object

The filters object describes your log filtering configuration using the following properties:

Name	Data Type	Description
acl_config_name	Array of string values	Defines the set of access rules by which log data will be filtered. Identify each desired access rule by its name. A null value indicates that log data will not be filtered by an access rule.
cnames	Array of string values	Defines the set of edge CNAMEs by which log data will be filtered. A null value indicates that log data will not be filtered by an edge CNAME.
cnames_condition	String	Determines how log data will be filtered by edge CNAME(s). Valid values are: in: Filters log data to only include requests that point to the edge CNAMEs defined within the cnames property. not_in: Filters log data to exclude requests that point to the edge CNAMEs defined within the cnames property.
country_code	Array of string values	Defines the set of countries by which log data will be filtered. Identify each desired country by its ISO 3166 country code. A null value indicates that log data will not be filtered by a country.
country_code_condition	String	Determines how log data will be filtered by country. Valid values are: in: Filters log data to only include requests that originate from the countries defined within the country_code property. not_in: Filters log data to exclude requests that originate from the countries defined within the country_code property.
rules_config_name	Array of string values	Defines the set of custom rules by which log data will be filtered. Identify each desired custom rule by its name. A null value indicates that log data will not be filtered by a custom rule.
scope_config_name	Array of string values	Defines the set of security application manager configurations by which log data will be filtered. Identify each desired security application manager configuration by its name. A null value indicates that log data will not be filtered by a security application manager configuration.
user_agent_regexp	String	Defines a regular expression that identifies user agents by which log data will be filtered. A null value indicates that log data will not be filtered by a user agent.
waf_profile_name	Array of string values	Defines the set of managed rules by which log data will be filtered. Identify each desired managed rule by its name. A null value indicates that log data will not be filtered by a managed rule.

http_post Object

The http_post object describes the HTTP POST log delivery method using the following properties:

Name	Data Type	Description
authentication_type Required	String	Required when delivery_method is set to http_post. Determines how log delivery requests will be authenticated to your web servers. Use the Get HTTP POST Authentication Methods endpoint to retrieve the set of valid values for this parameter.
destination_endpoint Required	String	Required when delivery_method is set to http_post. Defines the absolute URL to which log data will be delivered. Sample value: https://logs.example.com/cdn/
password Required	String	Required when authentication_type is set to http_basic. Defines the password through which requests to your web server will be authenticated. Base-64 encoding will applied to the specified credentials. After which, the encoded value will be passed via the Authorization header.
token Required	String	Required when authentication_type is set to custom_authentication. Defines the token value that will be passed via the Authorization request header whenever log data is delivered to your web servers.
username Required	String	Required when authentication_type is set to http_basic. Determines the user name through which requests to your web server will be authenticated.

Name

Data Type

Description

authentication_type

Required

String

Required when delivery_method is set to http_post.

Determines how log delivery requests will be authenticated to your web servers.

Use the Get HTTP POST Authentication Methods endpoint to retrieve the set of valid values for this parameter.

destination_endpoint

Required

String

Required when delivery_method is set to http_post.

Defines the absolute URL to which log data will be delivered.

Sample value:

https://logs.example.com/cdn/

password

Required

String

Required when authentication_type is set to http_basic.

Defines the password through which requests to your web server will be authenticated.

Base-64 encoding will applied to the specified credentials. After which, the encoded value will be passed via the Authorization header.

token

Required

String

Required when authentication_type is set to custom_authentication.

Defines the token value that will be passed via the Authorization request header whenever log data is delivered to your web servers.

username

Required

String

Required when authentication_type is set to http_basic.

Determines the user name through which requests to your web server will be authenticated.

splunk_enterprise Object

The splunk_enterprise object describes the Splunk Enterprise log delivery method using the following properties:

Name	Data Type	Description
token Required	String	Required when delivery_method is set to splunk_enterprise. Defines the token for the HTTP Event Collector configuration associated with the URL corresponding to the url parameter.
url Required	String	Required when delivery_method is set to splunk_enterprise. Defines a URL that points to your Splunk Enterprise's HTTP Event Collector configuration. Default URL syntax: https://{Splunk-Enterprise-Hostname}Replace this variable with the hostname where your instance of Splunk Enterprise is hosted.:{port}Identifies the port number (e.g., 8088) that the HTTP Event Collector is listening for data. This port number may be configured when defining your HEC's global settings./services/collector/raw

Name

Data Type

Description

token

Required

String

Required when delivery_method is set to splunk_enterprise.

Defines the token for the HTTP Event Collector configuration associated with the URL corresponding to the url parameter.

url

Required

String

Required when delivery_method is set to splunk_enterprise.

Defines a URL that points to your Splunk Enterprise's HTTP Event Collector configuration.

Default URL syntax:

https://:/services/collector/raw

sumo_logic Object

The sumo_logic object describes the Sumo Logic log delivery method using the following properties:

Name	Data Type	Description
url Required	String	Required when delivery_method is set to sumo_logic. Defines a URL that points to the HTTP source defined within Sumo Logic.

Name

Data Type

Description

url

Required

String

Required when delivery_method is set to sumo_logic.

Defines a URL that points to the HTTP source defined within Sumo Logic.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following response elements:

Name	Data Type	Description
@id	String	Indicates the relative path for an endpoint that returns this profile.
@type	String	Returns RtldSetting.
account_number	String	Indicates your customer account number.
aws_s3	Object	Contains the configuration for the AWS S3 log delivery method.
azure_blob_storage	Object	Contains the configuration for the Azure Blob Storage log delivery method.
datadog	Object	Contains the configuration for the Datadog log delivery method.
delivery_method	String	Indicates the destination (e.g., aws_s3 or azure_blob_storage) to which log data will be delivered. Learn more.
description	String	Indicates the log delivery profile's description.
downsampling_rate	Decimal	Indicates the rate at which log data will be downsampled. RTLD will not downsample log data when this property is set to a null value.
enabled	Boolean	Indicates whether RTLD will use this profile to deliver log data. Valid values are: true \| false
fields	Array of string values	Indicates the set of log fields that will be delivered. Learn more.
filters	Object	Contains your log data filtering configuration.
gcs	Object	Contains the configuration for the Google Cloud Storage log delivery method.
http_post	Object	Contains the configuration for the HTTP POST log delivery method.
id	Integer	Indicates the system-defined ID for a RTLD WAF profile.
log_format	String	Indicates the log data's format. Valid values are: json \| json_array \| json_lines RTLD uses a default log format when this property is set to a null value. Learn more.
new_relic	Object	Reserved for future use.
profile_name	String	Indicates the log delivery profile's name.
splunk_enterprise	Object	Contains the configuration for the Splunk Enterprise log delivery method.
sumo_logic	Object	Contains the configuration for the Sumo Logic log delivery method.

aws_s3 Object

The aws_s3 object describes the AWS S3 log delivery method using the following properties:

Name	Data Type	Description
bucket	String	Indicates the AWS S3 bucket to which log data will be delivered.
prefix	String	Indicates the prefix that identifies a virtual log file storage location and/or a prefix that will be added to each object added to your bucket. Learn more.
region	String	Indicates the region assigned to the AWS S3 bucket defined by the bucket parameter. Learn more.

Name

Data Type

Description

bucket

String

Indicates the AWS S3 bucket to which log data will be delivered.

prefix

String

Indicates the prefix that identifies a virtual log file storage location and/or a prefix that will be added to each object added to your bucket.

Learn more.

region

String

Indicates the region assigned to the AWS S3 bucket defined by the bucket parameter.

Learn more.

azure_blob_storage Object

The azure_blob_storage object describes the Azure Blob Storage log delivery method using the following properties:

Name	Data Type	Description
access_key	String	Indicates the access key through which log data uploads will be authorized.
access_type	String	Indicates whether log data uploads will be authorized via a SAS token or an access key.
masked_access_key	String	Indicates a masked value that represents the access key defined within the access_key element.
masked_token	String	Indicates a masked value that represents the SAS token defined within the token element.
prefix	String	Indicates a virtual log file storage location and/or a prefix that will be added to each log file added to your container. Learn more.
token	String	Indicates the SAS token through which log data uploads will be authorized.
url	String	Indicates a URL that points to the Blob container to which log data will be posted. Learn more.

datadog Object

The datadog object describes the Datadog log delivery method using the following properties:

Name	Data Type	Description
api_key	String	Indicates the encrypted API key through which log data uploads will be authorized.
masked_api_key	String	Indicates a masked value that represents the API key defined within the api_key element.
service_attribute_value	String	Indicates a value through which uploaded log data will be identified within the Datadog environment.
site	String	Indicates the Datadog site to which log data will be delivered. Valid values are: us \| eu

gcs Object

The gcs object describes the Google Cloud Storage log delivery method using the following properties:

Name	Data Type	Description
bucket	String	Indicates the Google Cloud Storage bucket to which log data will be delivered.
prefix	String	Indicates the prefix that identifies a virtual log file storage location and/or a prefix that will be added to each object added to your bucket. Learn more.

Name

Data Type

Description

bucket

String

Indicates the Google Cloud Storage bucket to which log data will be delivered.

prefix

String

Indicates the prefix that identifies a virtual log file storage location and/or a prefix that will be added to each object added to your bucket.

Learn more.

filters Object

The filters object describes your log filtering configuration using the following properties:

Name	Data Type	Description
acl_config_name	Array of string values	Indicates the set of access rules by which log data will be filtered. A null value indicates that log data will not be filtered by an access rule.
cnames	Array of string values	Indicates the set of edge CNAMEs by which log data will be filtered. A null value indicates that log data will not be filtered by an edge CNAME.
cnames_condition	String	Indicates how log data will be filtered by edge CNAME(s). Valid values are: in: Filters log data to only include requests that point to the edge CNAMEs defined within the cnames property. not_in: Filters log data to exclude requests that point to the edge CNAMEs defined within the cnames property.
country_code	Array of string values	Indicates the set of countries (ISO 3166 country codes) by which log data will be filtered. A null value indicates that log data will not be filtered by a country.
country_code_condition	String	Indicates how log data will be filtered by country. Valid values are: in: Filters log data to only include requests that originate from the countries defined within the country_code property. not_in: Filters log data to exclude requests that originate from the countries defined within the country_code property.
rules_config_name	Array of string values	Indicates the set of custom rules by which log data will be filtered. A null value indicates that log data will not be filtered by a custom rule.
scope_config_name	Array of string values	Indicates the set of security application manager configurations by which log data will be filtered. A null value indicates that log data will not be filtered by a security application manager configuration.
user_agent_regexp	String	Indicates a regular expression that identifies user agents by which log data will be filtered. A null value indicates that log data will not be filtered by a user agent.
waf_profile_name	Array of string values	Indicates the set of managed rules by which log data will be filtered. A null value indicates that log data will not be filtered by a managed rule.

http_post Object

The http_post object describes the HTTP POST log delivery method using the following properties:

Name	Data Type	Description
authentication_type	String	Indicates how log delivery requests will be authenticated to your web servers. Learn more.
destination_endpoint	String	Indicates the absolute URL to which log data will be delivered.
masked_password	String	Indicates a masked value that represents the password defined within the password element.
masked_token	String	Indicates a masked value that represents the token defined within the token element.
password	String	Indicates the encrypted value of the password through which requests to your web server will be authenticated.
token	String	Indicates the token value that will be passed via the Authorization request header whenever log data is delivered to your web servers.
username	String	Indicates the user name through which requests to your web server will be authenticated.

splunk_enterprise Object

The splunk_enterprise object describes the Splunk Enterprise log delivery method using the following properties:

Name	Data Type	Description
masked_token	String	Indicates a masked value that represents the token defined within the token element.
token	String	Indicates the token for the HTTP Event Collector configuration associated with the URL corresponding to the url parameter.
url	String	Indicates a URL that points to your Splunk Enterprise's HTTP Event Collector configuration.

sumo_logic Object

The sumo_logic object describes the Sumo Logic log delivery method using the following properties:

Name	Data Type	Description
masked_url	String	Indicates a masked value that represents the URL defined within the url element.
url	String	Indicates a URL that points to the HTTP source defined within Sumo Logic.

Errors

The response body for an unsuccessful request will contain an error response that provides additional information.

Sample Request and Response (JSON)

A sample JSON request is shown below.

PUT https://api.vdms.io/rtld/v1/waf/profiles/10011 HTTP/1.1

Authorization: Bearer A1bcbGciOiJSUzI1NiIsImtpZCI6Ij13N1VGQ01z...A1bcbGciOiJSUzI1NiIsImtpZCI6Ij13N1VGQ01zOTIzQjI1MTYzRjU4MU1wQ0I3MUNBRDk3QjAzNkUwQjgiLCJ01XAiOiJKV1QiLCJ4NXQiOiJGMDc4bzVJN0pSWV9XQm9Ndcc5dGw3QTI0TGcifQ.1yJuYmYiOj11NjUzMDgwNzgsImV4cCI6MTU2NTMwODM3OCwiaXNzIjoiacR0ccM6Ly9pZC52ZG1zLmlvIiwiYXVkIjpbImc0dcBzOi8vaWQudmRtcy5pby9yZXNvdXJjZXMiLCJlYy5ydWxlcyJdLCJjbGllbnRfaWQiOiIxNTccOWZmZi04MTQzLTRmOW1tOWY1Yi1jNDgzZWVkNzclM2QiLCJzY29wZSI6WyJlYy5ydWxlcyJdfQ.XQ4TvzDrwLo4bO71cb1TbgYxmtcgTzC46Do0A9F3inAqw1qcr_Nr9IgRDxJDqR4Udc9QR86LVTQC2-ogGWP3pI12GtDtiUQdKYs5fpcuMf2Kbqau6kuU1M5BJm_GOcBNCCAJnU7SrDprVbPlwanGqk3yjcyo9nto8KWCRTwq2t31UQ1Ci31FZSr4vaMZJqk1vBW6NS3-yGowGCZbSIQBKpSgcc75coPtSjF1Qi6M4yORDyMC8c3KKlIp2b-6mpfDFXINIFV-XvnNuQ9v-lcc43_VWuDA_cQO8wmS4VzS1Ac1tpg1Pp4Bcdtjt12yKAXvi0X19R1BDmpxmO17cRRKYQ

Accept: application/json

Content-Type: application/json

Host: api.vdms.io

Content-Length: 756

{
	"@id": "/rtld/v1/waf/profiles/10011",
	"@type": "RtldSetting",
	"id": 10011,
	"delivery_method": "http_post",
	"enabled": true,
	"downsampling_rate": null,
	"fields": ["rule_message", "rule_tags", "client_country_code", "client_country", "client_city", "sub_events_count", "sub_events", "waf_instance_name", "waf_profile_name", "action_type", "waf_profile_type", "timestamp", "client_ip", "server_port", "url", "host", "user_agent", "referer", "account_number", "uuid"],
	"aws_s3": null,
	"http_post": {
		"destination_endpoint": "https://logs.example.com/waf/",
		"authentication_type": "none",
		"token": null,
		"username": null,
		"password": null
	},
	"sumo_logic": null,
	"splunk_enterprise": null,
	"azure_blob_storage": null
}

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: no-cache

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 1013

{
	"@id": "/rtld/v1/waf/profiles/10011",
	"@type": "RtldSetting",
	"id": 10011,
	"account_number": "0001",
	"delivery_method": "http_post",
	"enabled": false,
	"downsampling_rate": null,
"fields": ["rule_message", "rule_tags", "client_country_code", "client_country", "client_city", "sub_events_count", "sub_events", "waf_instance_name", "waf_profile_name", "action_type", "waf_profile_type", "timestamp", "client_ip", "server_port", "url", "host", "user_agent", "referer", "account_number", "uuid"],
	"aws_s3": null,
	"http_post": {
		"destination_endpoint": "https://logs.example.com/waf/",
		"authentication_type": "none",
		"token": null,
		"username": null,
		"password": null
	},
	"sumo_logic": null,
	"splunk_enterprise": null,
	"azure_blob_storage": null
}