Get Profile by ID

This article explains the legacy version of WAF that underwent end-of-life on June 30, 2021. Our new version of WAF expands upon all of the capabilities offered by WAF (Legacy) and Rate Limiting (Legacy) with a simplified and centralized setup. Please upgrade to the latest version of WAF at your earliest convenience.

WAF Essential cannot be configured via our APIs. However, you may leverage our APIs to retrieve WAF and Rate Limiting event log data.

Retrieves a WAF profile by its system-defined ID.

Request

A request to retrieve a profile is described below.

HTTP Method Request URI

GET

https://api.edgecast.com/v2/mcc/customers/AccountNumber/waf/config/profiles/ProfileID

Define the following variables when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper right-hand corner of the MCC.

ProfileID

Required

Replace this variable with the system-defined ID of the desired profile.

Use the Get All Profiles endpoint to retrieve a list of all available profiles and their system-defined IDs.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Request body parameters are not required by this endpoint.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following response parameters:

Name Data Type Description

access_settings

Object

This response parameter contains access control settings.

asn

Object

access_settings object

This response parameter contains access controls for ASNs.

accesslist

Array (String values)

access_settings object > asn object

Identifies each autonomous system in the accesslist by its ASN.

blacklist

Array (String values)

access_settings object > asn object

Identifies each blacklisted autonomous system by its ASN.

whitelist

Array (String values)

access_settings object > asn object

Identifies each whitelisted autonomous system by its ASN.

country

Object

access_settings object

This response parameter contains access controls for countries.

accesslist

Array (String values)

access_settings object > country object

Identifies each country in the accesslist by its country code.

blacklist

Array (String values)

access_settings object > country object

Identifies each blacklisted country by its country code.

whitelist

Array (String values)

access_settings object > country object

Identifies each whitelisted country by its country code.

ignore_cookie

Array (String values)

access_settings object

Identifies each cookie that will be ignored for the purpose of determining whether a request is malicious traffic.

Each element in this array defines a regular expression.

ignore_header

Array (String values)

access_settings object

Identifies each request header that will be ignored for the purpose of determining whether a request is malicious traffic.

Each element in this array defines a regular expression.

ignore_query_args

Array (String values)

access_settings object

Identifies each query string argument that will be ignored for the purpose of determining whether a request is malicious traffic.

Each element in this array defines a regular expression.

ip

Object

access_settings object

This response parameter contains access controls for IP addresses.

accesslist

Array (String values)

access_settings object > ip object

Identifies each IP address in the accesslist.

blacklist

Array (String values)

access_settings object > ip object

Identifies each blacklisted IP address.

whitelist

Array (String values)

access_settings object > ip object

Identifies each whitelisted IP address.

referer

Object

access_settings object

This response parameter contains access controls for referrers.

accesslist

Array (String values)

access_settings object > referer object

Identifies each referrer in the accesslist via a regular expression.

blacklist

Array (String values)

access_settings object > referer object

Identifies each blacklisted referrer via a regular expression.

whitelist

Array (String values)

access_settings object > referer object

Identifies each whitelisted referrer via a regular expression.

referrer

Deprecated

Object

access_settings object

This response parameter contains access controls for referrers.

blacklist

Deprecated

Array (String values)

access_settings object > referer object

Identifies each blacklisted referrer via a regular expression.

whitelist

Deprecated

Array (String values)

access_settings object > referer object

Identifies each whitelisted referrer via a regular expression.

url

Object

access_settings object

This response parameter contains access controls for URLs.

accesslist

Array (String values)

access_settings object > url object

Identifies each URL in the accesslist via a regular expression.

blacklist

Array (String values)

access_settings object > url object

Identifies each blacklisted URL via a regular expression.

whitelist

Array (String values)

access_settings object > url object

Identifies each whitelisted URL via a regular expression.

user-agent

Object

access_settings object

This response parameter contains access controls for user agents.

accesslist

Array (String values)

access_settings object > user-agent object

Identifies each user agent in the accesslist via a regular expression.

blacklist

Array (String values)

access_settings object > user-agent object

Identifies each blacklisted user agent via a regular expression.

whitelist

Array (String values)

access_settings object > user-agent object

Identifies each whitelisted user agent via a regular expression.

created_date

String

Indicates the date and time (UTC) at which the profile was created.

Format:

MM/DD/YYYY hh:mm:ss AM|PM

disabled_policies

Deprecated

Array

This parameter is undergoing end-of-life and should not be used. Please update your scripts to specify policies within the policies array instead.

This response parameter contains all disabled policies.

policy_id

Deprecated

String

disabled_policies array

Identifies a disabled policy by its file name.

policies

Array (String values)

Identifies the set of policies through which malicious traffic will be identified. Each policy is identified by its system-defined ID.

This array should only contain policies that pertain to the rule set identified by the ruleset_id parameter.

disabled_rules

Array

This response parameter contains all disabled rules.

policy_id

String

disabled_rules array

Identifies the policy that contains a disabled rule by its filename.

rule_id

String

disabled_rules array

Identifies a disabled rule by its system-defined ID.

general_settings

Object

This response parameter contains global settings that define a valid HTTP request.

allowed_http_methods

Array (String values)

general_settings object

Identifies each allowed HTTP method (e.g., GET).

allowed_http_versions

Array (String values)

general_settings object

Identifies each allowed HTTP version (e.g., HTTP\/1.1).

allowed_request_content_types

Array (String values)

general_settings object

Identifies each allowed media type (e.g., application\/json).

anomaly_threshold

Integer

general_settings object > anomaly_settings object

Indicates the anomaly score threshold.

anomaly_settings

Deprecated

Object

general_settings object

This request parameter contains the configuration for the anomaly scoring detection mode.

inbound_threshold

Deprecated

Integer

general_settings object > anomaly_settings object

Indicates the anomaly score threshold.

This parameter has been deprecated in favor of the anomaly_threshold parameter.

arg_length

Integer

general_settings object

Indicates the maximum number of characters for any single query string parameter value.

arg_name_length

Integer

general_settings object

Indicates the maximum number of characters for any single query string parameter name.

combined_file_sizes

Integer

general_settings object

Indicates the total file size for multipart message lengths.

disallowed_extensions

Array (String values)

general_settings object

Indicates each file extension that should be disallowed.

engine

Deprecated

String

general_settings object

This parameter has reached end-of-life.

json_parser

Boolean

Indicates whether JSON payloads will be inspected.

max_file_size

Integer

general_settings object

Indicates the maximum file size for a POST request body.

max_num_args

Integer

general_settings object

Indicates the maximum number of query string parameters.

response_header_name

String

general_settings object

Indicates the name of the response header that will be included with requests blocked by WAF.

total_arg_length

Integer

general_settings object

Indicates the maximum number of characters for the query string value.

id

String

Identifies a profile by its system-defined ID.

last_modified_date

String

Identifies the date/time for the last modification applied to the profile.

Format:

YYYY-MM-DDThh:mm:ss:ffffffZ

name

String

Identifies a profile by its name.

rule_target_updates

Array

This response parameter defines one or more targets. A target may be configured to allow the following behavior:

  • Ignore Target: It may identify criterion within a rule that should be ignored when identifying threats.
  • Replace Target: It may identify criterion that should be used to identify threats instead of the existing criterion.

is_negated

Boolean

rule_target_updates array

Indicates whether the target defined within this object will be ignored when identifying threats.

Valid values are:

  • True: This target will be ignored.
  • False: This target may identify threats.

is_regex

Boolean

rule_target_updates array

Indicates whether the target_match parameter may leverage regular expressions.

Valid values are:

  • True: The target_match parameter is interpreted as a regular expression.
  • False: The target_match parameter is interpreted as a literal value.

replace_target

String

rule_target_updates array

Indicates that the specified data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) will be used instead of the value defined in the target parameter.

rule_id

String

rule_target_updates array

Identifies a rule by its system-defined ID.

The configuration defined within this object will alter the behavior of the rule identified by this parameter.

target

String

rule_target_updates array

Indicates the type of data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) associated with this target.

target_match

String

rule_target_updates array

Indicates a name or category (e.g., cookie name, query string name, country code, etc.) for the data source defined in the target parameter. The category defined by this parameter will be analyzed when identifying threats.

ruleset_id

String

Indicates the rule set (e.g., Trustwave-OWASPIntegration-Application) through which threats will be detected.

ruleset_version

String

Identifies the version of the rule set, as defined in the ruleset_id parameter, which will be used to identify threats.

Errors

The response body for an unsuccessful request will contain an error response that provides additional information.

View common error messages.

Sample Request and Response

A sample JSON request is shown below.

GET https://api.edgecast.com/v2/mcc/customers/0001/waf/config/profiles/0b97746d-8e71-4f95-83bd-1a2bcd34e45f HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Host:api.edgecast.com

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 1748

{
	"access_settings": {
		"country": {
			"blacklist": [],
			"whitelist": []
		},
		"ignore_cookie": [],
		"ip": {
			"blacklist": [],
			"whitelist": []
		},
		"referer": {
			"blacklist": [],
			"whitelist": []
		},
		"url": {
			"blacklist": [],
			"whitelist": []
		},
		"user-agent": {
			"blacklist": [],
			"whitelist": []
		}
	},
	"policies": [
		"modsecurity_crs_45_trojans.conf",
		"modsecurity_crs_23_request_limits.conf",
		"modsecurity_crs_30_http_policy.conf",
		"modsecurity_crs_49_inbound_blocking.conf"
	],
	"disabled_rules": [],
	"general_settings": {
		"allowed_http_methods": ["GET", "POST", "OPTIONS", "HEAD", "PUT", "DELETE"],
		"allowed_http_versions": ["HTTP\/0.9", "HTTP\/1.0", "HTTP\/1.1"],
		"allowed_request_content_types": ["application\/x-www-form-urlencoded", "multipart\/form-data", "text\/xml", "application\/xml", "application\/x-amf", "application\/json"],
		"anomaly_threshold": 10,
		"arg_length": 400,
		"arg_name_length": 100,
		"combined_file_sizes": 1048576,
		"disallowed_extensions": [".asa", ".asax", ".ascx", ".axd", ".backup", ".bak", ".bat", ".cdx", ".cer", ".cfg", ".cmd", ".com", ".config", ".conf", ".cs", ".csproj", ".csr", ".dat", ".db", ".dbf", ".dll", ".dos", ".htr", ".htw", ".ida", ".idc", ".idq", ".inc", ".ini", ".key", ".licx", ".lnk", ".log", ".mdb", ".old", ".pass", ".pdb", ".pol", ".printer", ".pwd", ".resources", ".resx", ".sql", ".sys", ".vb", ".vbs", ".vbproj", ".vsdisco", ".webinfo", ".xsd", ".xsx"],
		"engine": "anomaly",
		"max_file_size": 1048576,
		"max_num_args": 255,
		"response_header_name": "X-CDN-Security-Audit",
		"total_arg_length": 64000
	},
	"id": "0b97746d-8e71-4f95-83bd-1a2bcd34e45f",
	"name": "My Profile",
	"rule_target_updates": [],
	"ruleset_id": "Trustwave-OWASPIntegration-Application",
	"ruleset_version": "2017-09-18"
}