Get Template

This article explains the legacy version of WAF that underwent end-of-life on June 30, 2021. Our new version of WAF expands upon all of the capabilities offered by WAF (Legacy) and Rate Limiting (Legacy) with a simplified and centralized setup. Please upgrade to the latest version of WAF at your earliest convenience.

WAF Essential cannot be configured via our APIs. However, you may leverage our APIs to retrieve WAF and Rate Limiting event log data.

Retrieves the configuration associated with the specified template.

Request

A request to retrieve a template is described below.

HTTP Method	Request URI
GET	https://api.transactcdn.com/v2/mcc/customers/AccountNumber/waf/config/profiles/templates/TemplateID

Define the following variables when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3).	Description
AccountNumber Required	Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.
TemplateID Required	Replace this variable with the system-defined ID of the desired template. Use the Get Available Templates endpoint to retrieve a list of the available templates and their system-defined IDs.

Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.

TemplateID

Required

Replace this variable with the system-defined ID of the desired template.

Use the Get Available Templates endpoint to retrieve a list of the available templates and their system-defined IDs.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Request body parameters are not required by this endpoint.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following response parameters:

Name	Data Type	Description
access_settings	Object	This response parameter contains access control settings.
asn	Object	access_settings object This response parameter contains access controls for ASNs.
accesslist	Array (String values)	access_settings object > asn object Identifies each autonomous system in the accesslist by its ASN.
blacklist	Array (String values)	access_settings object > country object Identifies each blacklisted autonomous system by its ASN.
whitelist	Array (String values)	access_settings object > country object Identifies each whitelisted autonomous system by its ASN.
country	Object	access_settings object This response parameter contains access controls for countries.
accesslist	Array (String values)	access_settings object > country object Identifies each country in the accesslist by its country code.
blacklist	Array (String values)	access_settings object > country object Identifies each blacklisted country by its country code.
whitelist	Array (String values)	access_settings object > country object Identifies each whitelisted country by its country code.
ignore_cookie	Array (String values)	access_settings object Identifies each cookie that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression.
ignore_header	Array (String values)	access_settings object Identifies each request header that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression.
ignore_query_args	Array (String values)	access_settings object Identifies each query string argument that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression.
ip	Object	access_settings object This response parameter contains access controls for IP addresses.
accesslist	Array (String values)	access_settings object > ip object Identifies each IP address in the accesslist.
blacklist	Array (String values)	access_settings object > ip object Identifies each blacklisted IP address.
whitelist	Array (String values)	access_settings object > ip object Identifies each whitelisted IP address.
referer	Object	access_settings object This response parameter contains access controls for referrer.
accesslist	Array (String values)	access_settings object > referer object Identifies each referrer in the accesslist via a regular expression.
blacklist	Array (String values)	access_settings object > referer object Identifies each blacklisted referrer via a regular expression.
whitelist	Array (String values)	access_settings object > referer object Identifies each whitelisted referrer via a regular expression.
url	Object	access_settings object This response parameter contains access controls for URL.
accesslist	Array (String values)	access_settings object > url object Identifies each URL in the accesslist via a regular expression.
blacklist	Array (String values)	access_settings object > url object Identifies each blacklisted URL via a regular expression.
whitelist	Array (String values)	access_settings object > url object Identifies each whitelisted URL via a regular expression.
user-agent	Object	access_settings object This response parameter contains access controls for user agents.
accesslist	Array (String values)	access_settings object > user-agent object Identifies each user agent in the accesslist via a regular expression.
blacklist	Array (String values)	access_settings object > user-agent object Identifies each blacklisted user agent via a regular expression.
whitelist	Array (String values)	access_settings object > user-agent object Identifies each whitelisted user agent via a regular expression.
disabled_policies Deprecated	Array	This parameter is undergoing end-of-life and should not be used. Please update your scripts to specify policies within the policies array instead. This response parameter contains all disabled policies.
policy_id Deprecated	String	disabled_policies array Identifies a disabled policy by its file name.
policies	Array (String values)	Identifies the set of policies through which malicious traffic will be identified. Each policy is identified by its system-defined ID. This array should only contain policies that pertain to the rule set identified by the ruleset_id parameter.
disabled_rules	Array	This response parameter contains all disabled rules.
policy_id	String	disabled_rules array Identifies the policy that contains a disabled rule by its filename.
rule_id	String	disabled_rules array Identifies a disabled rule by its system-defined ID.
general_settings	Object	This response parameter contains global settings that define a valid HTTP request.
allowed_http_methods	Array (String values)	general_settings object Identifies each allowed HTTP method (e.g., GET).
allowed_http_versions	Array (String values)	general_settings object Identifies each allowed HTTP version (e.g., HTTP\/1.1).
allowed_request_content_types	Array (String values)	general_settings object Identifies each allowed media type (e.g., application\/json).
anomaly_settings	Object	general_settings object This response parameter contains the configuration for the anomaly scoring detection mode.
inbound_threshold	Integer	general_settings object > anomaly_settings object Indicates the anomaly score threshold.
arg_length	Integer	general_settings object Indicates the maximum number of characters for any single query string parameter value.
arg_name_length	Integer	general_settings object Indicates the maximum number of characters for any single query string parameter name.
combined_file_sizes	Integer	general_settings object Indicates the total file size for multipart message lengths.
disallowed_extensions	Array (String values)	general_settings object Identifies each file extension that should be disallowed.
engine Deprecated	String	general_settings object This parameter has reached end-of-life.
json_parser	Boolean	Indicates whether JSON payloads will be inspected.
max_file_size	Integer	general_settings object Indicates the maximum file size for a POST request body.
max_num_args	Integer	general_settings object Indicates the maximum number of query string parameters.
response_header_name	String	general_settings object Indicates the name of the response header that will be included with requests blocked by WAF.
total_arg_length	Integer	general_settings object Indicates the maximum number of characters for the query string value.
id	String	Identifies a profile by its system-defined ID.
last_modified_date	String	Identifies the date/time for the last modification applied to the template. Format: YYYY-MM-DDThh:mm:ss:ffffffZ
name	String	Identifies a profile by its name.
rule_target_updates	Array	This response parameter defines one or more targets. A target may be configured to allow the following behavior: Ignore Target: It may identify criterion within a rule that should be ignored when identifying threats. Replace Target: It may identify criterion that should be used to identify threats instead of the existing criterion.
is_negated	Boolean	rule_target_updates array Indicates whether the target defined within this object will be ignored when identifying threats. Valid values are: True: This target will be ignored. False: This target may identify threats.
is_regex	Boolean	rule_target_updates array Indicates whether the target_match parameter may leverage regular expressions. Valid values are: True: The target_match parameter is interpreted as a regular expression. False: The target_match parameter is interpreted as a literal value.
replace_target	String	rule_target_updates array Indicates that the specified data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) will be used instead of the value defined in the target parameter.
rule_id	String	rule_target_updates array Identifies a rule by its system-defined ID. The configuration defined within this object will alter the behavior of the rule identified by this parameter.
target	String	rule_target_updates array Indicates the type of data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) associated with this target.
target_match	String	rule_target_updates array Indicates a name or category (e.g., cookie name, query string name, country code, etc.) for the data source defined in the target parameter. The category defined by this parameter will be analyzed when identifying threats.
ruleset_id	String	Indicates the rule set (e.g., Trustwave-OWASPIntegration-Application) through which threats will be detected.
ruleset_version	String	Identifies the version of the rule set, as defined in the ruleset_id parameter, which will be used to identify threats.

Errors

The response body for an unsuccessful request will contain an error response that provides additional information.

View common error messages.

Sample Request and Response

A sample JSON request is shown below.

GET https://api.transactcdn.com/v2/mcc/customers/0001/waf/config/profiles/templates/03_Trustwave_OWASP_Integrated.json HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Host:api.transactcdn.com

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 4755

{
	"access_settings": {
		"country": {
			"blacklist": [],
			"whitelist": []
		},
		"ip": {
			"blacklist": [],
			"whitelist": [
				"127.0.0.1"
			]
		},
		"referrer": {
			"blacklist": [],
			"whitelist": []
		},
		"url": {
			"blacklist": [],
			"whitelist": []
		},
		"user-agent": {
			"blacklist": [],
			"whitelist": []
		}
	},
	"custom_rules": [],
	"policies": [
		"modsecurity_crs_45_trojans.conf",
		"modsecurity_crs_23_request_limits.conf",
		"modsecurity_crs_30_http_policy.conf",
		"modsecurity_crs_49_inbound_blocking.conf"
	],
	"disabled_rules": [{
			"policy_id": "modsecurity_crs_41_sql_injection_attacks.conf",
			"rule_id": "981172"
		}, {
			"policy_id": "modsecurity_crs_41_sql_injection_attacks.conf",
			"rule_id": "981318"
		}, {
			"policy_id": "modsecurity_crs_41_sql_injection_attacks.conf",
			"rule_id": "981244"
		}, {
			"policy_id": "modsecurity_crs_41_sql_injection_attacks.conf",
			"rule_id": "981245"
		}, {
			"policy_id": "modsecurity_crs_41_sql_injection_attacks.conf",
			"rule_id": "981246"
		}, {
			"policy_id": "modsecurity_crs_41_sql_injection_attacks.conf",
			"rule_id": "981173"
		}, {
			"policy_id": "modsecurity_crs_41_sql_injection_attacks.conf",
			"rule_id": "950901"
		}, {
			"policy_id": "modsecurity_crs_45_trojans.conf",
			"rule_id": "950922"
		}, {
			"policy_id": "modsecurity_crs_40_generic_attacks.conf",
			"rule_id": "950910"
		}, {
			"policy_id": "modsecurity_crs_40_generic_attacks.conf",
			"rule_id": "950911"
		}, {
			"policy_id": "modsecurity_crs_40_generic_attacks.conf",
			"rule_id": "960024"
		}, {
			"policy_id": "modsecurity_crs_20_protocol_violations.conf",
			"rule_id": "960018"
		}, {
			"policy_id": "modsecurity_slr_45_webshell_backdoors.conf",
			"rule_id": "2100922"
		}, {
			"policy_id": "modsecurity_slr_45_webshell_backdoors.conf",
			"rule_id": "2100923"
		}
	],
	"general_settings": {
		"allowed_http_methods": [
			"GET",
			"POST",
			"OPTIONS",
			"HEAD",
			"PUT",
			"DELETE"
		],
		"allowed_http_versions": [
			"HTTP/1.0",
			"HTTP/1.1",
			"HTTP/2.0"
		],
		"allowed_request_content_types": [
			"application/x-www-form-urlencoded",
			"multipart/form-data",
			"text/xml",
			"application/xml",
			"application/x-amf",
			"application/json"
		],
		"anomaly_settings": {
			"critical_score": 5,
			"error_score": 4,
			"inbound_threshold": 5,
			"notice_score": 2,
			"outbound_threshold": 4,
			"warning_score": 3
		},
		"arg_length": 8000,
		"arg_name_length": 1024,
		"combined_file_sizes": 6291456,
		"debug_level": 0,
		"debug_log": "",
		"disallowed_extensions": [
			".asa",
			".asax",
			".ascx",
			".axd",
			".backup",
			".bak",
			".bat",
			".cdx",
			".cer",
			".cfg",
			".cmd",
			".com",
			".config",
			".conf",
			".cs",
			".csproj",
			".csr",
			".dat",
			".db",
			".dbf",
			".dll",
			".dos",
			".htr",
			".htw",
			".ida",
			".idc",
			".idq",
			".inc",
			".ini",
			".key",
			".licx",
			".lnk",
			".log",
			".mdb",
			".old",
			".pass",
			".pdb",
			".pol",
			".printer",
			".pwd",
			".resources",
			".resx",
			".sql",
			".sys",
			".vb",
			".vbs",
			".vbproj",
			".vsdisco",
			".webinfo",
			".xsd",
			".xsx"
		],
		"disallowed_headers": [],
		"engine": "anomaly",
		"max_file_size": 6291456,
		"max_num_args": 512,
		"process_request_body": true,
		"process_response_body": false,
		"response_header_name": "X-EC-Security-Audit",
		"response_mime_types": [],
		"total_arg_length": 64000,
		"validate_utf8_encoding": true,
		"xml_parser": true
	},
	"id": "01_sample_2.json",
	"name": "Defend Best Practices Profile Template",
	"ruleset_id": "Trustwave-OWASPIntegration-Application",
	"ruleset_version": "2017-08-01"
}