This article explains the legacy version of
WAF Essential cannot be configured via our APIs. However, you may leverage our APIs to retrieve WAF and Rate Limiting event log data.
Retrieves the configuration associated with the specified template.
A request to retrieve a template is described below.
HTTP Method | Request URI |
---|---|
GET |
https://api.edgecast.com/v2/mcc/customers/AccountNumber/waf/config/profiles/templates/TemplateID |
Define the following variables when submitting the above request:
VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). | Description |
---|---|
Required |
|
Required |
Replace this variable with the system-defined ID of the desired template. Use the Get Available Templates endpoint to retrieve a list of the available templates and their system-defined IDs. |
This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.
Request body parameters are not required by this endpoint.
The response to the above request includes an HTTP status code, response headers, and a response body.
A status code indicates whether the request was successfully performed.
The response for this endpoint only includes standard HTTP response headers.
The response body for a successful request contains the following response parameters:
Name | Data Type | Description |
---|---|---|
access_settings |
Object |
This response parameter contains access control settings. |
asn |
Object |
access_settings object This response parameter contains access controls for ASNs. |
accesslist |
Array (String values) |
access_settings object > asn object Identifies each autonomous system in the accesslist by its ASN. |
blacklist |
Array (String values) |
access_settings object > country object Identifies each blacklisted autonomous system by its ASN. |
whitelist |
Array (String values) |
access_settings object > country object Identifies each whitelisted autonomous system by its ASN. |
country |
Object |
access_settings object This response parameter contains access controls for countries. |
accesslist |
Array (String values) |
access_settings object > country object Identifies each country in the accesslist by its country code. |
blacklist |
Array (String values) |
access_settings object > country object Identifies each blacklisted country by its country code. |
whitelist |
Array (String values) |
access_settings object > country object Identifies each whitelisted country by its country code. |
ignore_cookie |
Array (String values) |
access_settings object Identifies each cookie that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression. |
ignore_header |
Array (String values) |
access_settings object Identifies each request header that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression. |
ignore_query_args |
Array (String values) |
access_settings object Identifies each query string argument that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression. |
ip |
Object |
access_settings object This response parameter contains access controls for IP addresses. |
accesslist |
Array (String values) |
access_settings object > ip object Identifies each IP address in the accesslist. |
blacklist |
Array (String values) |
access_settings object > ip object Identifies each blacklisted IP address. |
whitelist |
Array (String values) |
access_settings object > ip object Identifies each whitelisted IP address. |
referer |
Object |
access_settings object This response parameter contains access controls for referrer. |
accesslist |
Array (String values) |
access_settings object > referer object Identifies each referrer in the accesslist via a regular expression. |
blacklist |
Array (String values) |
access_settings object > referer object Identifies each blacklisted referrer via a regular expression. |
whitelist |
Array (String values) |
access_settings object > referer object Identifies each whitelisted referrer via a regular expression. |
url |
Object |
access_settings object This response parameter contains access controls for URL. |
accesslist |
Array (String values) |
access_settings object > url object Identifies each URL in the accesslist via a regular expression. |
blacklist |
Array (String values) |
access_settings object > url object Identifies each blacklisted URL via a regular expression. |
whitelist |
Array (String values) |
access_settings object > url object Identifies each whitelisted URL via a regular expression. |
user-agent |
Object |
access_settings object This response parameter contains access controls for user agents. |
accesslist |
Array (String values) |
access_settings object > user-agent object Identifies each user agent in the accesslist via a regular expression. |
blacklist |
Array (String values) |
access_settings object > user-agent object Identifies each blacklisted user agent via a regular expression. |
whitelist |
Array (String values) |
access_settings object > user-agent object Identifies each whitelisted user agent via a regular expression. |
disabled_policies Deprecated |
Array |
This parameter is undergoing end-of-life and should not be used. Please update your scripts to specify policies within the policies array instead. This response parameter contains all disabled policies. |
policy_id Deprecated |
String |
disabled_policies array Identifies a disabled policy by its file name. |
policies |
Array (String values) |
Identifies the set of policies through which malicious traffic will be identified. Each policy is identified by its system-defined ID. This array should only contain policies that pertain to the rule set identified by the ruleset_id parameter. |
disabled_rules |
Array |
This response parameter contains all disabled rules. |
policy_id |
String |
disabled_rules array Identifies the policy that contains a disabled rule by its filename. |
rule_id |
String |
disabled_rules array Identifies a disabled rule by its system-defined ID. |
general_settings |
Object |
This response parameter contains global settings that define a valid HTTP request. |
allowed_http_methods |
Array (String values) |
general_settings object Identifies each allowed HTTP method (e.g., GET). |
allowed_http_versions |
Array (String values) |
general_settings object Identifies each allowed HTTP version (e.g., HTTP\/1.1). |
allowed_request_content_types |
Array (String values) |
general_settings object Identifies each allowed media type (e.g., application\/json). |
anomaly_settings |
Object |
general_settings object This response parameter contains the configuration for the anomaly scoring detection mode. |
inbound_threshold |
Integer |
general_settings object > anomaly_settings object Indicates the anomaly score threshold. |
arg_length |
Integer |
general_settings object Indicates the maximum number of characters for any single query string parameter value. |
arg_name_length |
Integer |
general_settings object Indicates the maximum number of characters for any single query string parameter name. |
combined_file_sizes |
Integer |
general_settings object Indicates the total file size for multipart message lengths. |
disallowed_extensions |
Array (String values) |
general_settings object Identifies each file extension that should be disallowed. |
engine Deprecated |
String |
general_settings object This parameter has reached end-of-life. |
json_parser |
Boolean |
Indicates whether JSON payloads will be inspected. |
max_file_size |
Integer |
general_settings object Indicates the maximum file size for a POST request body. |
max_num_args |
Integer |
general_settings object Indicates the maximum number of query string parameters. |
response_header_name |
String |
general_settings object Indicates the name of the response header that will be included with requests blocked by WAF. |
total_arg_length |
Integer |
general_settings object Indicates the maximum number of characters for the query string value. |
id |
String |
Identifies a profile by its system-defined ID. |
last_modified_date |
String |
Identifies the date/time for the last modification applied to the template. Format: YYYY-MM-DDThh:mm:ss:ffffffZ
|
name |
String |
Identifies a profile by its name. |
rule_target_updates |
Array |
This response parameter defines one or more targets. A target may be configured to allow the following behavior:
|
is_negated |
Boolean |
rule_target_updates array Indicates whether the target defined within this object will be ignored when identifying threats. Valid values are:
|
is_regex |
Boolean |
rule_target_updates array Indicates whether the target_match parameter may leverage regular expressions. Valid values are:
|
replace_target |
String |
rule_target_updates array Indicates that the specified data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) will be used instead of the value defined in the target parameter. |
rule_id |
String |
rule_target_updates array Identifies a rule by its system-defined ID. The configuration defined within this object will alter the behavior of the rule identified by this parameter. |
target |
String |
rule_target_updates array Indicates the type of data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) associated with this target. |
target_match |
String |
rule_target_updates array Indicates a name or category (e.g., cookie name, query string name, country code, etc.) for the data source defined in the target parameter. The category defined by this parameter will be analyzed when identifying threats. |
ruleset_id |
String |
Indicates the rule set (e.g., Trustwave-OWASPIntegration-Application) through which threats will be detected. |
ruleset_version |
String |
Identifies the version of the rule set, as defined in the ruleset_id parameter, which will be used to identify threats. |
The response body for an unsuccessful request will contain an error response that provides additional information.
A sample JSON request is shown below.
GET https://api.edgecast.com/v2/mcc/customers/0001/waf/config/profiles/templates/03_Trustwave_OWASP_Integrated.json HTTP/1.1
Authorization: TOK:12345678-1234-1234-1234-1234567890ab
Accept: application/json
Host:api.edgecast.com
A sample JSON response is shown below.
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Date: Thu, 15 Apr 2021 12:00:00 GMT
Content-Length: 4755
{ "access_settings": { "country": { "blacklist": [], "whitelist": [] }, "ip": { "blacklist": [], "whitelist": [ "127.0.0.1" ] }, "referrer": { "blacklist": [], "whitelist": [] }, "url": { "blacklist": [], "whitelist": [] }, "user-agent": { "blacklist": [], "whitelist": [] } }, "custom_rules": [], "policies": [ "modsecurity_crs_45_trojans.conf", "modsecurity_crs_23_request_limits.conf", "modsecurity_crs_30_http_policy.conf", "modsecurity_crs_49_inbound_blocking.conf" ], "disabled_rules": [{ "policy_id": "modsecurity_crs_41_sql_injection_attacks.conf", "rule_id": "981172" }, { "policy_id": "modsecurity_crs_41_sql_injection_attacks.conf", "rule_id": "981318" }, { "policy_id": "modsecurity_crs_41_sql_injection_attacks.conf", "rule_id": "981244" }, { "policy_id": "modsecurity_crs_41_sql_injection_attacks.conf", "rule_id": "981245" }, { "policy_id": "modsecurity_crs_41_sql_injection_attacks.conf", "rule_id": "981246" }, { "policy_id": "modsecurity_crs_41_sql_injection_attacks.conf", "rule_id": "981173" }, { "policy_id": "modsecurity_crs_41_sql_injection_attacks.conf", "rule_id": "950901" }, { "policy_id": "modsecurity_crs_45_trojans.conf", "rule_id": "950922" }, { "policy_id": "modsecurity_crs_40_generic_attacks.conf", "rule_id": "950910" }, { "policy_id": "modsecurity_crs_40_generic_attacks.conf", "rule_id": "950911" }, { "policy_id": "modsecurity_crs_40_generic_attacks.conf", "rule_id": "960024" }, { "policy_id": "modsecurity_crs_20_protocol_violations.conf", "rule_id": "960018" }, { "policy_id": "modsecurity_slr_45_webshell_backdoors.conf", "rule_id": "2100922" }, { "policy_id": "modsecurity_slr_45_webshell_backdoors.conf", "rule_id": "2100923" } ], "general_settings": { "allowed_http_methods": [ "GET", "POST", "OPTIONS", "HEAD", "PUT", "DELETE" ], "allowed_http_versions": [ "HTTP/1.0", "HTTP/1.1", "HTTP/2.0" ], "allowed_request_content_types": [ "application/x-www-form-urlencoded", "multipart/form-data", "text/xml", "application/xml", "application/x-amf", "application/json" ], "anomaly_settings": { "critical_score": 5, "error_score": 4, "inbound_threshold": 5, "notice_score": 2, "outbound_threshold": 4, "warning_score": 3 }, "arg_length": 8000, "arg_name_length": 1024, "combined_file_sizes": 6291456, "debug_level": 0, "debug_log": "", "disallowed_extensions": [ ".asa", ".asax", ".ascx", ".axd", ".backup", ".bak", ".bat", ".cdx", ".cer", ".cfg", ".cmd", ".com", ".config", ".conf", ".cs", ".csproj", ".csr", ".dat", ".db", ".dbf", ".dll", ".dos", ".htr", ".htw", ".ida", ".idc", ".idq", ".inc", ".ini", ".key", ".licx", ".lnk", ".log", ".mdb", ".old", ".pass", ".pdb", ".pol", ".printer", ".pwd", ".resources", ".resx", ".sql", ".sys", ".vb", ".vbs", ".vbproj", ".vsdisco", ".webinfo", ".xsd", ".xsx" ], "disallowed_headers": [], "engine": "anomaly", "max_file_size": 6291456, "max_num_args": 512, "process_request_body": true, "process_response_body": false, "response_header_name": "X-EC-Security-Audit", "response_mime_types": [], "total_arg_length": 64000, "validate_utf8_encoding": true, "xml_parser": true }, "id": "01_sample_2.json", "name": "Defend Best Practices Profile Template", "ruleset_id": "Trustwave-OWASPIntegration-Application", "ruleset_version": "2017-08-01" }