WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.
Retrieves a managed rule that identifies a rule set configuration and describes a valid request.
A request to retrieve a managed rule is described below.
HTTP Method | Request URI |
---|---|
GET |
https://api.edgecast.com/v2/mcc/customers/AccountNumber/waf/v1.0/profile/Managed Rule ID |
Define the following variables when submitting the above request:
VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). | Description |
---|---|
Required |
|
Required |
Replace this variable with the system-defined ID for the desired managed rule. Use the Get All Managed Rules (Profiles) endpoint to retrieve a list of managed rules and their system-defined IDs |
This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.
Request body parameters are not required by this endpoint.
The response to the above request includes an HTTP status code, response headers, and a response body.
A status code indicates whether the request was successfully performed.
The response for this endpoint only includes standard HTTP response headers.
The response body for a successful request contains the following response elements for each managed rule:
Name | Data Type | Description |
---|---|---|
created_date |
String |
Indicates the date and time at which the managed rule was created. Syntax: YYYY-MM-DDThh:mm:ss:ffffffZ
|
customer_id |
String |
Identifies your account by its customer account number. |
Array Objects |
Contains all disabled rules. |
|
Object |
Contains settings that describe a valid request. |
|
id |
String |
Indicates the system-defined ID for the managed rule. |
last_modified_by |
String |
Reserved for future use. |
last_modified_date |
String |
Indicates the date and time at which the managed rule was last modified. Syntax: YYYY-MM-DDThh:mm:ss:ffffffZ
|
name |
String |
Indicates the name of the managed rule. |
policies |
Array String values |
Contains a list of policies that have been enabled on this managed rule. Identify each desired policy by its system-defined ID. Use the Get Available Policies endpoint to retrieve a list of policies and their IDs. |
Array Objects |
Defines one or more targets that will be ignored and/or replaced. Key information:
|
|
ruleset_id |
String |
Indicates the ID for the rule set associated with this managed rule. Use the Get Available Rule Sets endpoint to retrieve a list of rule sets and their IDs. |
ruleset_version |
String |
Indicates the version of the rule set associated with this managed rule. |
version |
String |
Reserved for future use. |
The disabled_rules array identifies each rule that has been disabled using the following properties:
Name | Data Type | Description |
---|---|---|
policy_id |
String |
Identifies a policy from which a rule will be disabled by its system-defined ID. Use the Get Available Policies endpoint to retrieve a list of policies and their system-defined IDs. Default Value: Null
|
rule_id |
String |
Identifies a rule that will be disabled by its system-defined ID. Use the Get Available Rules endpoint to retrieve a list of rules and their system-defined IDs. Default Value: Null
|
The general_settings object describes a valid request using the following properties:
Name | Data Type | Description |
---|---|---|
anomaly_threshold |
Integer |
Indicates the anomaly score threshold. |
arg_length |
Integer |
Indicates the maximum number of characters for any single query string parameter value. |
arg_name_length |
Integer |
Indicates the maximum number of characters for any single query string parameter name. |
combined_file_sizes |
Integer |
Indicates the total file size for multipart message lengths. |
ignore_cookie |
Array String values |
Identifies each cookie that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression. |
ignore_header |
Array String values |
Identifies each request header that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression. |
ignore_query_args |
Array String values |
Identifies each query string argument that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression. |
json_parser |
Boolean |
Determines whether JSON payloads will be inspected. Valid values are: true | false
|
max_file_size Deprecated |
Integer |
Indicates the maximum file size, in bytes, for a POST request body. This property, which has undergone end-of-life, does not affect your security configuration. Use the Add Access Rule (ACL) and the Update Access Rule (ACL) endpoints to manage this setting. |
max_num_args |
Integer |
Indicates the maximum number of query string parameters. |
paranoia_level |
Integer |
Indicates the balance between the level of protection and false positives. Valid values are: 1 | 2 | 3 | 4
|
process_request_body |
Boolean |
Indicates whether WAF will inspect a POST request body. Valid values are: true | false
|
response_header_name |
String |
Indicates the name of the response header that will be included with blocked requests. |
total_arg_length |
Integer |
Indicates the maximum number of characters for the query string value. |
validate_utf8_encoding |
Boolean |
Indicates whether WAF may check whether a request variable (e.g., ARGS, ARGS_NAMES, and REQUEST_FILENAME) is a valid UTF-8 string. This validation includes checking for missing bytes, invalid characters, and ASCII to UTF-8 character mapping. Valid values are: true | false
You should only enable this validation if your web server or application uses UTF-8. Otherwise, this validation will result in many false positives. |
xml_parser |
Boolean |
Determines whether XML payloads will be inspected. Valid values are: true | false
|
The rule_target_updates array describes each target using the following properties:
Name | Data Type | Description |
---|---|---|
is_negated |
Boolean |
Determines whether the current target, as defined within this object, will be ignored when identifying threats. Valid values are:
|
is_regex |
Boolean |
Determines whether the target_match parameter may leverage regular expressions. Valid values are:
|
replace_target |
String |
This parameter should be a blank value unless you are configuring a rule to identify threats based on a different data source. This parameter replaces an existing threat identification criterion. For example, this capability may be used to identify threats based on a cookie value instead of a query string argument. Defines the data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) that will be used instead of the one defined in the target parameter. |
rule_id |
String |
Identifies a rule by its system-defined ID. The configuration defined within this object will alter the behavior of the rule identified by this parameter. |
target |
String |
Identifies the type of data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) for which a target will be created. The maximum size of this value is 256 characters. |
target_match |
String |
Identifies a name or category (e.g., cookie name, query string name, country code, etc.) for the data source defined in the target parameter. The category defined by this parameter will be analyzed when identifying threats. The maximum size of this value is 256 characters. |
The response body for an unsuccessful request may contain an error element that provides additional information.
A sample JSON request is shown below.
GET https://api.edgecast.com/v2/mcc/customers/0001/waf/v1.0/profile/Oxeludse HTTP/1.1
Authorization: TOK:12345678-1234-1234-1234-1234567890ab
Accept: application/json
Content-Type: application/json
Host: api.edgecast.com
A sample JSON response is shown below.
HTTP/1.1 200 OK
ache-Control: private
Content-Type: application/json; charset=utf-8
Date: Thu, 15 Apr 2021 12:00:00 GMT
Content-Length: 1400
{ "created_date": "06/10/2020 05:54:31 PM", "customer_id": "0001", "general_settings": { "anomaly_threshold": 5, "arg_length": 400, "arg_name_length": 100, "combined_file_sizes": 1048576, "disallowed_headers": [], "max_file_size": 1048576, "max_num_args": 3, "process_request_body": true, "total_arg_length": 64000, "validate_utf8_encoding": true, "xml_parser": true }, "id": "Oxeludse", "last_modified_date": "2020-06-10T17:54:31.252870Z", "name": "my_managed_rule", "policies": [ "r4020_tw_cpanel.conf.json", "r4040_tw_drupal.conf.json", "r4030_tw_iis.conf.json", "r4070_tw_joomla.conf.json", "r4050_tw_microsoft_sharepoint.conf.json", "r4010_tw_struts.conf.json", "r4060_tw_wordpress.conf.json", "r5040_cross_site_scripting.conf.json", "r2000_ec_custom_rule.conf.json", "r5021_http_attack.conf.json", "r5020_http_protocol_violation.conf.json", "r5043_java_attack.conf.json", "r5030_local_file_inclusion.conf.json", "r5033_php_injection.conf.json", "r5032_remote_code_execution.conf.json", "r5031_remote_file_inclusion.conf.json", "r5010_scanner_detection.conf.json", "r5042_session_fixation.conf.json", "r5041_sql_injection.conf.json", "r4000_tw_ip_reputation.conf.json", "r6000_blocking_evaluation.conf.json" ], "ruleset_id": "ECRS", "ruleset_version": "2019-11-01" }