Add Access Rule (ACL)

WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.

Creates an access rule that identifies valid or malicious requests via whitelists, accesslists, and blacklists.

Learn more.

Request

A request to create an access rule is described below.

HTTP Method	Request URI
POST	https://api.transactcdn.com/v2/mcc/customers/AccountNumber/waf/v1.0/acl

Define the following variable when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3).	Description
AccountNumber Required	Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.

Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Pass the following request body parameters:

Name	Data Type	Description
allowed_http_methods	Array String values	Identifies each allowed HTTP method (e.g., GET).
allowed_request_content_types	Array String values	Identifies each allowed media type (e.g., application\/json).
asn	Object	Contains access controls for autonomous system numbers (ASNs).
cookie	Object	Contains access controls for cookies.
country	Object	Contains access controls for countries. Specify each desired country using its country code. Learn more.
customer_id	String	Identifies your account by its customer account number.
disallowed_extensions	Array String values	Indicates each file extension for which WAF will send an alert or block the request.
disallowed_headers	Array String values	Indicates each request header for which WAF will send an alert or block the request.
ip	Object	Contains access controls for IPv4 and/or IPv6 addresses. Specify each desired IP address using standard IPv4/IPv6 and CIDR notation.
max_file_size	Integer	Indicates the maximum file size, in bytes, for a POST request body.
name	String	Assigns a name to this access rule.
referer	Object	Contains access controls for referrers. All referrers defined within a whitelist, accesslist, or blacklist are regular expressions.
response_header_name	String	Determines the name of the response header that will be included with blocked requests.
url	Object	Contains access controls for URL paths. Specify a URL path pattern that starts directly after the hostname. Exclude a protocol or a hostname when defining value \| values. Sample values: /marketing /800001/mycustomerorigin All URL paths defined within a whitelist, accesslist, or blacklist are regular expressions.
user_agent	Object	Contains access controls for user agents. All user agents defined within a whitelist, accesslist, or blacklist are regular expressions.

ACL Type Object

The asn, cookie, country, ip, referer, url, and user_agent objects contain the following properties:

Name	Data Type	Description
accesslist	Array String / integer values	Contains entries that identify traffic that may access your content upon passing a threat assessment. ASN access controls are integer values. All other access controls are string values.
blacklist	Array String / integer values	Contains entries that identify traffic that will be blocked or for which an alert will be generated. ASN access controls are integer values. All other access controls are string values.
whitelist	Array String / integer values	Contains entries that identify traffic that may access your content without undergoing threat assessment. ASN access controls are integer values. All other access controls are string values.

Name

Data Type

Description

accesslist

Array

String / integer values

Contains entries that identify traffic that may access your content upon passing a threat assessment.

ASN access controls are integer values. All other access controls are string values.

blacklist

Array

String / integer values

Contains entries that identify traffic that will be blocked or for which an alert will be generated.

ASN access controls are integer values. All other access controls are string values.

whitelist

Array

String / integer values

Contains entries that identify traffic that may access your content without undergoing threat assessment.

ASN access controls are integer values. All other access controls are string values.

All entries within a cookie, referrer, URL, or user agent whitelist, accesslist, or blacklist are regular expressions.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following parameters:

Name	Data Type	Description
id	String	Indicates the system-defined ID for the resource.
status	String	Returns success.
success	Boolean	Returns true.

Errors

The response body for an unsuccessful request contains the following parameters:

Name	Data Type	Description
success	Boolean	Returns false.
errors	Array Objects	Contains one or more error(s).

Name

Data Type

Description

success

Boolean

Returns false.

errors

Array

Objects

Contains one or more error(s).

errors Array

The errors array describes each error that occurred using the following properties:

Name	Data Type	Description
code	Integer	Indicates the HTTP status code for the error.
message	String	Indicates the description for the error that occurred.

Sample Request and Response (JSON)

A sample JSON request is shown below.

POST https://api.transactcdn.com/v2/mcc/customers/0001/waf/v1.0/acl HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Content-Type: application/json

Host: api.transactcdn.com

{
	"asn": {
		"accesslist": [],
		"blacklist": [],
		"whitelist": []
	},
	"cookie": {
		"blacklist": [
			"bot"
		],
		"whitelist": [
			"trusted"
		]
	},
	"country": {
		"accesslist": [],
		"blacklist": [],
		"whitelist": []
	},
	"disallowed_extensions": [
		".asa",
		".asax",
		".ascx",
		".axd",
		".backup",
		".bak",
		".bat",
		".cdx",
		".cer",
		".cfg",
		".cmd",
		".com",
		".config",
		".conf",
		".cs",
		".csproj",
		".csr",
		".dat",
		".db",
		".dbf",
		".dll",
		".dos",
		".htr",
		".htw",
		".ida",
		".idc",
		".idq",
		".inc",
		".ini",
		".key",
		".licx",
		".lnk",
		".log",
		".mdb",
		".old",
		".pass",
		".pdb",
		".pol",
		".printer",
		".pwd",
		".resources",
		".resx",
		".sql",
		".sys",
		".vb",
		".vbs",
		".vbproj",
		".vsdisco",
		".webinfo",
		".xsd",
		".xsx/"
	],
	"ip": {
		"accesslist": [],
		"blacklist": [],
		"whitelist": []
	},
	"referer": {
		"accesslist": [],
		"blacklist": [],
		"whitelist": []
	},
	"url": {
		"accesslist": [],
		"blacklist": [],
		"whitelist": []
	},
	"user_agent": {
		"accesslist": [],
		"blacklist": [],
		"whitelist": []
	}
}

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 65

{
	"id": "dQndQsnv",
	"status": "success",
	"success": true
}