This article explains the legacy version of
WAF Essential cannot be configured via our APIs. However, you may leverage our APIs to retrieve WAF and Rate Limiting event log data.
Updates the configuration associated with a WAF profile.
A request to update a profile is described below.
HTTP Method | Request URI |
---|---|
PUT |
https://api.edgecast.com/v2/mcc/customers/AccountNumber/waf/config/profiles/ProfileID |
Define the following variables when submitting the above request:
VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). | Description |
---|---|
Required |
|
Required |
Replace this variable with the system-defined ID of the desired profile. Use the Get All Profiles endpoint to retrieve a list of all available profiles and their system-defined IDs. |
This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.
Pass the following request body parameters:
Name | Data Type | Description |
---|---|---|
access_settings Required |
Object |
This parameter contains access control settings. |
asn |
Object |
access_settings object This request parameter contains access controls for ASNs. |
accesslist |
Array (String values) |
access_settings object > asn object Defines each autonomous system in the accesslist by its ASN. Default Value: Null
|
blacklist |
Array (String values) |
access_settings object > country object Defines each blacklisted autonomous system by its ASN. Default Value: Null
|
whitelist |
Array (String values) |
access_settings object > country object Defines each whitelisted autonomous system by its ASN. Default Value: Null
|
country Required |
Object |
access_settings object This parameter contains access controls for countries. |
accesslist |
Array (String values) |
access_settings object > country object Defines each country in the accesslist by its country code. Default Value: Null
|
blacklist |
Array (String values) |
access_settings object > country object Defines each blacklisted country by its country code. Default Value: Null
|
whitelist |
Array (String values) |
access_settings object > country object Defines each whitelisted country by its country code. Default Value: Null
|
ignore_cookie |
Array (String values) |
access_settings object Identifies each cookie that will be ignored for the purpose of determining whether a request is malicious traffic. Each desired cookie should be identified by its name. Default Value: Null
|
ignore_header |
Array (String values) |
access_settings object Identifies each request header that will be ignored for the purpose of determining whether a request is malicious traffic. Each desired request header should be identified by its name. Default Value: Null
|
ignore_query_args |
Array (String values) |
access_settings object Identifies each query string argument that will be ignored for the purpose of determining whether a request is malicious traffic. Each desired query string argument should be identified by its name. Default Value: Null
|
ip Required |
Object |
access_settings object This parameter contains access controls for IP addresses. |
accesslist |
Array (String values) |
access_settings object > ip object Defines each IP address in the accesslist. Default Value: Null
|
blacklist |
Array (String values) |
access_settings object > ip object Defines each blacklisted IP address. Default Value: Null
|
whitelist |
Array (String values) |
access_settings object > ip object Defines each whitelisted IP address. Default Value: Null
|
referer Required |
Object |
access_settings object This parameter contains access controls for referrers. |
accesslist |
Array (String values) |
access_settings object > referer object Defines each referrer in the accesslist via a regular expression. The Referer request header identifies the URL of the resource (e.g., web page) from which the request was initiated. The specified regular expression may match any portion of the entire URL including the protocol and hostname. Regular Expressions and JSON
Default Value: Null
|
blacklist |
Array (String values) |
access_settings object > referer object Defines each blacklisted referrer via a regular expression. The Referer request header identifies the URL of the resource (e.g., web page) from which the request was initiated. The specified regular expression may match any portion of the entire URL including the protocol and hostname. Regular Expressions and JSON
Default Value: Null
|
whitelist |
Array (String values) |
access_settings object > referer object Defines each whitelisted referrer via a regular expression. The Referer request header identifies the URL of the resource (e.g., web page) from which the request was initiated. The specified regular expression may match any portion of the entire URL including the protocol and hostname. Regular Expressions and JSON
Default Value: Null
|
url Required |
Object |
access_settings object This parameter contains access controls for URLs. |
accesslist |
Array (String values) |
access_settings object > url object Defines each URL in the accesslist via a regular expression. Regular Expressions and JSON
Default Value: Null
|
blacklist |
Array (String values) |
access_settings object > url object Defines each blacklisted URL via a regular expression. Do not include a protocol or a hostname (e.g., http://cdn.example.com) when defining a regular expression for this access control. Regular Expressions and JSON
Default Value: Null
|
whitelist |
Array (String values) |
access_settings object > url object Defines each whitelisted URL via a regular expression. Do not include a protocol or a hostname (e.g., http://cdn.example.com) when defining a regular expression for this access control. Regular Expressions and JSON
Default Value: Null
|
user-agent Required |
Object |
access_settings object This parameter contains access controls for user agents. |
accesslist |
Array (String values) |
access_settings object > user-agent object Defines each user agent in the accesslist via a regular expression. Regular Expressions and JSON
Default Value: Null
|
blacklist |
Array (String values) |
access_settings object > user-agent object Defines each blacklisted user agent via a regular expression. Regular Expressions and JSON
Default Value: Null
|
whitelist |
Array (String values) |
access_settings object > user-agent object Defines each whitelisted user agent via a regular expression. Regular Expressions and JSON
Default Value: Null
|
disabled_policies Deprecated |
Array |
This parameter is undergoing end-of-life and should not be used. Please update your scripts to specify policies within the policies array instead. This request parameter contains all disabled policies. Default Value: Null
|
policy_id Deprecated |
]String |
disabled_policies array Defines a policy that will be disabled by its system-defined ID. Default Value: Null
|
policies |
Array |
Set this array to a comma-separated list of policies through which malicious traffic will be identified. Identify each policy by its system-defined ID. Do not include the disabled_policies parameter when calling this endpoint. Use the Get Available Policies endpoint to retrieve a list of policies and their system-defined IDs. This array should only contain policies that pertain to the rule set identified by the ruleset_id parameter. The following policies cannot be deactivated regardless of whether they are specified within this array:
The modsecurity_crs_23_request_limits.conf policy, which has been deprecated, cannot be deactivated. |
disabled_rules |
Array |
This parameter contains all disabled rules. Default Value: Null
|
policy_id |
String |
disabled_rules array Identifies a policy from which a rule will be disabled by its system-defined ID. Use the Get Available Policies endpoint to retrieve a list of policies and their system-defined IDs. Default Value: Null
|
rule_id |
String |
disabled_rules array Identifies a rule that will be disabled by its system-defined ID. Use the Get Available Rules endpoint to retrieve a list of rules and their system-defined IDs. Default Value: Null
|
general_settings Required |
Object |
This parameter contains global settings that define a valid HTTP request. |
allowed_http_methods Required |
Array (String values) |
general_settings object Defines each allowed HTTP method (e.g., GET). |
allowed_http_versions Required |
Array (String values) |
general_settings object Defines each allowed HTTP version (e.g., HTTP\/1.1). |
allowed_request_content_types Required |
Array (String values) |
general_settings object Defines each allowed media type (e.g., application\/json). |
anomaly_threshold Required |
Integer |
general_settings object > anomaly_settings object Defines the anomaly score threshold. Valid values range from 1 to 10. |
anomaly_settings Deprecated |
Object |
general_settings object This request parameter contains the configuration for the anomaly scoring detection mode. |
inbound_threshold Deprecated |
Integer |
general_settings object > anomaly_settings object Defines the anomaly score threshold. This parameter has been deprecated in favor of the anomaly_threshold parameter. |
arg_length Required |
Integer |
general_settings object Defines the maximum number of characters for any single query string parameter value. Default Value: 0
|
arg_name_length Required |
Integer |
general_settings object Defines the maximum number of characters for any single query string parameter name. |
combined_file_sizes Required |
Integer |
general_settings object Defines the total file size for multipart message lengths. |
disallowed_extensions |
Array (String values) |
general_settings object Defines each file extension that should be disallowed. Default Value: Null
|
engine Deprecated |
String |
general_settings object This parameter has reached end-of-life. |
json_parser |
Boolean |
Determines whether JSON payloads will be inspected. |
max_file_size Required |
Integer |
general_settings object Sets the maximum file size for a POST request body. Default Value: 0
|
max_num_args Required |
Integer |
general_settings object Sets the maximum number of query string parameters. Default Value: 0
|
response_header_name Required |
String |
general_settings object Sets the name of the response header that will be included with requests blocked by WAF. |
total_arg_length Required |
Integer |
general_settings object Sets the maximum number of characters for the query string value. Default Value: 0
|
id |
String |
This request body parameter is always ignored. |
name Required |
String |
Identifies a profile by its name. |
rule_target_updates Required |
Array |
This parameter defines one or more targets. A target may be configured to allow the following behavior:
Although changes defined through this parameter are not visible from within the MCC, they may be retrieved through either the Get Profile By ID endpoint. A maximum of 25 target configurations may be created. |
is_negated |
Boolean |
rule_target_updates array This parameter is required when defining a target. Determines whether the current target, as defined within this object, will be ignored when identifying threats. Valid values are:
|
is_regex |
Boolean |
rule_target_updates array This parameter is required when defining a target. Determines whether the target_match parameter may leverage regular expressions. Valid values are:
|
replace_target |
String |
rule_target_updates array This parameter is required when defining a target. A blank value should be assigned to this parameter unless you are configuring a rule to identify threats based on a different data source. This parameter replaces an existing threat identification criterion. For example, this capability may be used to identify threats based on a cookie value instead of a query string argument. Defines the data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) that will be used instead of the one defined in the target parameter. |
rule_id |
String |
rule_target_updates array This parameter is required when defining a target. Identifies a rule by its system-defined ID. The configuration defined within this object will alter the behavior of the rule identified by this parameter. |
target |
String |
rule_target_updates array This parameter is required when defining a target. Identifies the type of data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) for which a target will be created. The maximum size of this value is 256 characters. |
target_match |
String |
rule_target_updates array This parameter is required when defining a target. Identifies a name or category (e.g., cookie name, query string name, country code, etc.) for the data source defined in the target parameter. The category defined by this parameter will be analyzed when identifying threats. The maximum size of this value is 256 characters. |
ruleset_id Required |
String |
Sets the rule set (e.g., Trustwave-OWASPIntegration-Application) through which threats will be detected. Use the Get Available Rule Sets endpoint to retrieve a list of rule sets and their system-defined IDs. |
ruleset_version Required |
String |
Identifies the version of the rule set, as defined in the ruleset_id parameter, that will be used to identify threats. Use the Get Available Rule Sets endpoint to retrieve a list of rule set versions. |
The response to the above request includes an HTTP status code, response headers, and a response body.
A status code indicates whether the request was successfully performed.
The response for this endpoint only includes standard HTTP response headers.
The response body for a successful request contains the following response parameters:
Name | Data Type | Description |
---|---|---|
id |
String |
Identifies a WAF profile by its system-defined ID. |
status |
String |
Returns "success" when a WAF profile is updated. |
success |
Boolean |
Indicates whether the WAF profile was updated. Valid values are:
|
The response body for an unsuccessful request will contain an error response that provides additional information.
A sample JSON request is shown below.
PUT https://api.edgecast.com/v2/mcc/customers/0001/waf/config/profiles/e032f437-6220-4bf7-a5ea-1a2bcd34e45f HTTP/1.1
Authorization: TOK:12345678-1234-1234-1234-1234567890ab
Accept: application/json
Content-Type: application/json
Host:api.edgecast.com
Content-Length: 838
{ "access_settings": { "country": {}, "ip": {}, "referer": {}, "url": {}, "user-agent": {} }, "policies": [ "modsecurity_crs_45_trojans.conf", "modsecurity_crs_23_request_limits.conf", "modsecurity_crs_30_http_policy.conf", "modsecurity_crs_49_inbound_blocking.conf" ], "general_settings": { "allowed_http_methods": ["GET", "POST", "OPTIONS", "HEAD", "PUT", "DELETE"], "allowed_http_versions": ["HTTP\/0.9", "HTTP\/1.0", "HTTP\/1.1"], "allowed_request_content_types": ["application\/x-www-form-urlencoded", "multipart\/form-data", "application\/json"], "anomaly_threshold": 10, "arg_length": 0, "arg_name_length": 0, "combined_file_sizes": 0, "engine": "anomaly", "max_file_size": 0, "max_num_args": 0, "response_header_name": "X-CDN-Security-Audit", "total_arg_length": 0 }, "name": "My Profile", "rule_target_updates": [], "ruleset_id": "Trustwave-OWASPIntegration-Application", "ruleset_version": "2017-09-18" }
A sample JSON response is shown below.
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Date: Thu, 15 Apr 2021 12:00:00 GMT
Content-Length: 93
{ "id": "e032f437-6220-4bf7-a5ea-1a2bcd34e45f", "status": "success", "success": true }