Get Managed Rule (Profile)

WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.

Retrieves a managed rule that identifies a rule set configuration and describes a valid request.

Request

A request to retrieve a managed rule is described below.

HTTP Method Request URI

GET

https://api.edgecast.com/v2/mcc/customers/AccountNumber/waf/v1.0/profile/Managed Rule ID

Define the following variables when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper right-hand corner of the MCC.

Managed Rule ID

Required

Replace this variable with the system-defined ID for the desired managed rule.

Use the Get All Managed Rules (Profiles) endpoint to retrieve a list of managed rules and their system-defined IDs

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Request body parameters are not required by this endpoint.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following response elements for each managed rule:

Name Data Type Description

created_date

String

Indicates the date and time at which the managed rule was created.

Syntax:

YYYY-MM-DDThh:mm:ss:ffffffZ

Learn more.

customer_id

String

Identifies your account by its customer account number.

disabled_rules

Array

Objects

Contains all disabled rules.

general_settings

Object

Contains settings that describe a valid request.

id

String

Indicates the system-defined ID for the managed rule.

last_modified_by

String

Reserved for future use.

last_modified_date

String

Indicates the date and time at which the managed rule was last modified.

Syntax:

YYYY-MM-DDThh:mm:ss:ffffffZ

Learn more.

name

String

Indicates the name of the managed rule.

policies

Array

String values

Contains a list of policies that have been enabled on this managed rule. Identify each desired policy by its system-defined ID.

Use the Get Available Policies endpoint to retrieve a list of policies and their IDs.

rule_target_updates

Array

Objects

Defines one or more targets that will be ignored and/or replaced.

Key information:

  • If is_negated is set to true, then this target identifies rule criterion that will be ignored when identifying threats.
  • The replace_target property defines criterion that will be used to identify threats instead of the existing criterion.
  • If is_regex is set to true, then you may use regular expressions to define criteria for identifying multiple types of threats.
  • A maximum of 25 target configurations may be created.

ruleset_id

String

Indicates the ID for the rule set associated with this managed rule.

Use the Get Available Rule Sets endpoint to retrieve a list of rule sets and their IDs.

ruleset_version

String

Indicates the version of the rule set associated with this managed rule.

version

String

Reserved for future use.

disabled_rules Array

The disabled_rules array identifies each rule that has been disabled using the following properties:

Name Data Type Description

policy_id

String

Identifies a policy from which a rule will be disabled by its system-defined ID.

Use the Get Available Policies endpoint to retrieve a list of policies and their system-defined IDs.

Default Value:

Null

rule_id

String

Identifies a rule that will be disabled by its system-defined ID.

Use the Get Available Rules endpoint to retrieve a list of rules and their system-defined IDs.

Default Value:

Null

general_settings Object

The general_settings object describes a valid request using the following properties:

Name Data Type Description

anomaly_threshold

Integer

Indicates the anomaly score threshold.

arg_length

Integer

Indicates the maximum number of characters for any single query string parameter value.

arg_name_length

Integer

Indicates the maximum number of characters for any single query string parameter name.

combined_file_sizes

Integer

Indicates the total file size for multipart message lengths.

ignore_cookie

Array

String values

Identifies each cookie that will be ignored for the purpose of determining whether a request is malicious traffic.

Each element in this array defines a regular expression.

ignore_header

Array

String values

Identifies each request header that will be ignored for the purpose of determining whether a request is malicious traffic.

Each element in this array defines a regular expression.

ignore_query_args

Array

String values

Identifies each query string argument that will be ignored for the purpose of determining whether a request is malicious traffic.

Each element in this array defines a regular expression.

json_parser

Boolean

Determines whether JSON payloads will be inspected. Valid values are:

true | false

max_file_size

Deprecated

Integer

Indicates the maximum file size, in bytes, for a POST request body.

This property, which has undergone end-of-life, does not affect your security configuration. Use the Add Access Rule (ACL) and the Update Access Rule (ACL) endpoints to manage this setting.

max_num_args

Integer

Indicates the maximum number of query string parameters.

paranoia_level

Integer

Indicates the balance between the level of protection and false positives. Valid values are:

1 | 2 | 3 | 4

Learn more.

process_request_body

Boolean

Indicates whether WAF will inspect a POST request body. Valid values are:

true | false

response_header_name

String

Indicates the name of the response header that will be included with blocked requests.

total_arg_length

Integer

Indicates the maximum number of characters for the query string value.

validate_utf8_encoding

Boolean

Indicates whether WAF may check whether a request variable (e.g., ARGS, ARGS_NAMES, and REQUEST_FILENAME) is a valid UTF-8 string. This validation includes checking for missing bytes, invalid characters, and ASCII to UTF-8 character mapping. Valid values are:

true | false

You should only enable this validation if your web server or application uses UTF-8. Otherwise, this validation will result in many false positives.

xml_parser

Boolean

Determines whether XML payloads will be inspected. Valid values are:

true | false

rule_target_updates Array

The rule_target_updates array describes each target using the following properties:

Name Data Type Description

is_negated

Boolean

Determines whether the current target, as defined within this object, will be ignored when identifying threats. Valid values are:

  • True: Ignore this target.
  • False: Default value. Allow this target to identify threats.

is_regex

Boolean

Determines whether the target_match parameter may leverage regular expressions. Valid values are:

  • True: Interprets the target_match parameter as a regular expression.
  • False: Default value. Interprets the target_match parameter as a literal value.

replace_target

String

This parameter should be a blank value unless you are configuring a rule to identify threats based on a different data source.

This parameter replaces an existing threat identification criterion. For example, this capability may be used to identify threats based on a cookie value instead of a query string argument.

Defines the data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) that will be used instead of the one defined in the target parameter.

rule_id

String

Identifies a rule by its system-defined ID.

The configuration defined within this object will alter the behavior of the rule identified by this parameter.

target

String

Identifies the type of data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) for which a target will be created.

The maximum size of this value is 256 characters.

target_match

String

Identifies a name or category (e.g., cookie name, query string name, country code, etc.) for the data source defined in the target parameter. The category defined by this parameter will be analyzed when identifying threats.

The maximum size of this value is 256 characters.

Errors

The response body for an unsuccessful request may contain an error element that provides additional information.

View common error messages.

Sample Request and Response (JSON)

A sample JSON request is shown below.

GET https://api.edgecast.com/v2/mcc/customers/0001/waf/v1.0/profile/Oxeludse HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Content-Type: application/json

Host: api.edgecast.com

A sample JSON response is shown below.

HTTP/1.1 200 OK

ache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 1400

{
	"created_date": "06/10/2020 05:54:31 PM",
	"customer_id": "0001",
	"general_settings": {
		"anomaly_threshold": 5,
		"arg_length": 400,
		"arg_name_length": 100,
		"combined_file_sizes": 1048576,
		"disallowed_headers": [],
		"max_file_size": 1048576,
		"max_num_args": 3,
		"process_request_body": true,
		"total_arg_length": 64000,
		"validate_utf8_encoding": true,
		"xml_parser": true
	},
	"id": "Oxeludse",
	"last_modified_date": "2020-06-10T17:54:31.252870Z",
	"name": "my_managed_rule",
	"policies": [
		"r4020_tw_cpanel.conf.json",
		"r4040_tw_drupal.conf.json",
		"r4030_tw_iis.conf.json",
		"r4070_tw_joomla.conf.json",
		"r4050_tw_microsoft_sharepoint.conf.json",
		"r4010_tw_struts.conf.json",
		"r4060_tw_wordpress.conf.json",
		"r5040_cross_site_scripting.conf.json",
		"r2000_ec_custom_rule.conf.json",
		"r5021_http_attack.conf.json",
		"r5020_http_protocol_violation.conf.json",
		"r5043_java_attack.conf.json",
		"r5030_local_file_inclusion.conf.json",
		"r5033_php_injection.conf.json",
		"r5032_remote_code_execution.conf.json",
		"r5031_remote_file_inclusion.conf.json",
		"r5010_scanner_detection.conf.json",
		"r5042_session_fixation.conf.json",
		"r5041_sql_injection.conf.json",
		"r4000_tw_ip_reputation.conf.json",
		"r6000_blocking_evaluation.conf.json"
	],
	"ruleset_id": "ECRS",
	"ruleset_version": "2019-11-01"
}