Add Instance

This article explains the legacy version of WAF that underwent end-of-life on June 30, 2021. Our new version of WAF expands upon all of the capabilities offered by WAF (Legacy) and Rate Limiting (Legacy) with a simplified and centralized setup. Please upgrade to the latest version of WAF at your earliest convenience.

WAF Essential cannot be configured via our APIs. However, you may leverage our APIs to retrieve WAF and Rate Limiting event log data.

Creates a WAF instance.

Request

A request to create an instance is described below.

HTTP Method Request URI

POST

https://api.edgecast.com/v2/mcc/customers/AccountNumber/waf/config/instances

Define the following variable when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper right-hand corner of the MCC.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Pass the following request body parameters:

Name Data Type Description

name

Required

String

Defines the name of the new WAF instance.

prod_profile_id

Required

String

Identifies a profile that will be applied to production traffic by its system-defined ID.

Use the Get All Profiles endpoint to retrieve a list of all available profiles and their system-defined IDs.

prod_profile_action

Deprecated

String

This parameter has been deprecated in favor of the prod_profile_enforcements parameter.

Identifies the action that will be taken on production traffic when a request violates the profile defined by prod_profile_name.

Valid values are:

  • alert: Indicates that request violations will be tracked via the WAF dashboard.
  • block: Indicates that request violations will be blackholed. Additionally, these violations will be tracked via the WAF dashboard.

Default Value:

alert

audit_profile_id

String

Identifies a profile that will audit production traffic by its system-defined ID.

Use the Get All Profiles endpoint to retrieve a list of all available profiles and their system-defined IDs.

prod_profile_enforcements

Array

This array contains objects that describe the type of action that will be applied to threats detected as a result of this instance configuration.

Omitting this parameter or by setting it to an empty array may cause the deprecated prod_profile_action parameter to determine how detected threats will be handled.

name

Required (type)

String

prod_profile_enforcements array

This parameter is required when the request includes the type parameter.

Identifies the type of action that will be applied to production traffic when a request violates the profile defined by the prod_profile_name parameter.

Valid values are:

  • Block Request
  • Alert Only
  • Redirect (HTTP 302)
  • Custom Response

type

Required (name)

String

prod_profile_enforcements array

This parameter is required when the request includes the name parameter.

Identifies the type of action that will be applied to production traffic when a request violates the profile defined by the prod_profile_name parameter.

Valid values are:

  • block-request: Block Request
  • nop: Alert Only
  • redirect-302: Redirect (HTTP 302)
  • custom-response: Custom Response

The above values are case-sensitive.

url

Required (redirect-302)

String

prod_profile_enforcements array

Redirect Only

This parameter is required when this instance is configured to redirect (i.e., redirect-302 action) malicious traffic.

Identifies the URL to which requests identified as malicious traffic will be redirected.

display_default_error_page

Boolean

prod_profile_enforcements array

Custom Response Only

This parameter is only relevant when this instance is configured to send a custom response (i.e., custom-response action) whenever malicious traffic is detected.

Determines whether a default error page will be sent in response to malicious traffic.

Valid values are:

  • True: A default error page will be sent in response to malicious traffic.
  • False: The response body defined in the response_body_base64 parameter will be sent in response to malicious traffic.

The response_body_base64 parameter overrides this option.

response_body_base64

String

prod_profile_enforcements array

Custom Response Only

This parameter is only relevant when this instance is configured to send a custom response (i.e., custom-response action) whenever malicious traffic is detected.

Defines the response body that will be sent in response to malicious traffic.

This value must be Base64 encoded.

Set the response body to a custom web page by specifying the desired HTML tags (e.g., <html>...</html>).

response_headers

Object

prod_profile_enforcements array

Custom Response Only

This parameter is only relevant when this instance is configured to send a custom response (i.e., custom-response action) whenever malicious traffic is detected.

Defines the set of response headers that will be included in the response sent to malicious traffic.

Specify each desired response header as a name/value pair.

Syntax:

Example:

...
			"response_headers" : {
				"My 1st Header" : "Value A",
				"My 2nd Header" : "Value B"
			},
...

status

Required (custom-response)

Integer

prod_profile_enforcements array

Custom Response Only

This parameter is required when this instance is configured to send a custom response (i.e., custom-response action) whenever malicious traffic is detected.

Defines the HTTP status code (e.g., 404) for the custom response that will be sent to malicious traffic.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following parameters:

Name Data Type Description

id

String

Identifies the new WAF instance by its system-defined ID.

success

Boolean

Indicates whether the WAF instance was created.

Valid values are:

  • true
  • false

Errors

The response body for an unsuccessful request will contain an error response that provides additional information.

View common error messages.

Sample Request and Response

A sample JSON request is shown below.

POST https://api.edgecast.com/v2/mcc/customers/0001/waf/config/instances HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Content-Type: application/json

Host:api.edgecast.com

Content-Length: 143

{
	"name" : "Site F",
	"prod_profile_id" : "23",
	"prod_profile_enforcements" : [{
			"name" : "Alert Only",
			"type" : "nop"
		}
	]
}

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 27

{
	"id" : "492",
	"success" : true
}