WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.
Creates a managed rule that identifies a rule set configuration and describes a valid request.
A request to create a managed rule is described below.
HTTP Method | Request URI |
---|---|
POST |
https://api.transactcdn.com/v2/mcc/customers/AccountNumber/waf/v1.0/profile |
Define the following variable when submitting the above request:
VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). | Description |
---|---|
Required |
|
This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.
Pass the following request body parameters:
Name | Data Type | Description |
---|---|---|
Array Objects |
Contains all disabled rules. Default Value: Null
|
|
Required |
Object |
Contains settings that define the profile for a valid request. |
name |
String |
Indicates the name of the managed rule. |
policies |
Array String values |
Contains a list of policies that have been enabled on this managed rule. Use the Get Available Policies endpoint to retrieve a list of policies and their IDs. |
Array Objects |
Defines one or more targets that will be ignored and/or replaced. Key information:
|
|
ruleset_id Required |
String |
Indicates the ID for the rule set associated with this managed rule. Use the Get Available Rule Sets endpoint to retrieve a list of rule sets and their IDs. |
ruleset_version Required |
String |
Indicates the version of the rule set associated with this managed rule. |
The disabled_rules array identifies each rule that has been disabled using the following properties:
Name | Data Type | Description |
---|---|---|
policy_id |
String |
Identifies a policy from which a rule will be disabled by its system-defined ID. Use the Get Available Policies endpoint to retrieve a list of policies and their system-defined IDs. Default Value: Null
|
rule_id |
String |
Identifies a rule that will be disabled by its system-defined ID. Use the Get Available Rules endpoint to retrieve a list of rules and their system-defined IDs. Default Value: Null
|
The general_settings object describes a valid request using the following properties:
Name | Data Type | Description |
---|---|---|
anomaly_threshold Required |
Integer |
Indicates the anomaly score threshold. |
arg_length Required |
Integer |
Indicates the maximum number of characters for any single query string parameter value. |
arg_name_length Required |
Integer |
Indicates the maximum number of characters for any single query string parameter name. |
combined_file_sizes |
Integer |
Indicates the total file size for multipart message lengths. |
ignore_cookie |
Array String values |
Identifies each cookie that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression. |
ignore_header |
Array String values |
Identifies each request header that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression. |
ignore_query_args |
Array String values |
Identifies each query string argument that will be ignored for the purpose of determining whether a request is malicious traffic. Each element in this array defines a regular expression. |
json_parser |
Boolean |
Determines whether JSON payloads will be inspected. Valid values are: true | false
|
max_file_size Deprecated |
Integer |
Indicates the maximum file size, in bytes, for a POST request body. This property, which has undergone end-of-life, does not affect your security configuration. Use the Add Access Rule (ACL) and the Update Access Rule (ACL) endpoints to manage this setting. |
max_num_args Required |
Integer |
Indicates the maximum number of query string parameters. |
paranoia_level |
Integer |
Indicates the balance between the level of protection and false positives. Valid values are: 1 | 2 | 3 | 4
|
process_request_body |
Boolean |
Indicates whether WAF will inspect a POST request body. Valid values are: true | false
|
response_header_name |
String |
Determines the name of the response header that will be included with blocked requests. |
total_arg_length Required |
Integer |
Indicates the maximum number of characters for the query string value. |
validate_utf8_encoding |
Boolean |
Indicates whether WAF may check whether a request variable (e.g., ARGS, ARGS_NAMES, and REQUEST_FILENAME) is a valid UTF-8 string. This validation includes checking for missing bytes, invalid characters, and ASCII to UTF-8 character mapping. Valid values are: true | false
You should only enable this validation if your web server or application uses UTF-8. Otherwise, this validation will result in many false positives. |
xml_parser |
Boolean |
Determines whether XML payloads will be inspected. Valid values are: true | false
|
The rule_target_updates array describes each target using the following properties:
Name | Data Type | Description |
---|---|---|
is_negated |
Boolean |
Determines whether the current target, as defined within this object, will be ignored when identifying threats. Valid values are:
|
is_regex Required |
Boolean |
Determines whether the target_match parameter may leverage regular expressions. Valid values are:
|
replace_target |
String |
This parameter should be a blank value unless you are configuring a rule to identify threats based on a different data source. This parameter replaces an existing threat identification criterion. For example, this capability may be used to identify threats based on a cookie value instead of a query string argument. Defines the data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) that will be used instead of the one defined in the target parameter. |
rule_id Required |
String |
Identifies a rule by its system-defined ID. The configuration defined within this object will alter the behavior of the rule identified by this parameter. |
target Required |
String |
Identifies the type of data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) for which a target will be created. The maximum size of this value is 256 characters. |
target_match Required |
String |
Identifies a name or category (e.g., cookie name, query string name, country code, etc.) for the data source defined in the target parameter. The category defined by this parameter will be analyzed when identifying threats. The maximum size of this value is 256 characters. |
The response to the above request includes an HTTP status code, response headers, and a response body.
A status code indicates whether the request was successfully performed.
The response for this endpoint only includes standard HTTP response headers.
The response body for a successful request contains the following parameters:
Name | Data Type | Description |
---|---|---|
id |
String |
Indicates the system-defined ID for the resource. |
status |
String |
Returns success. |
success |
Boolean |
Returns true. |
The response body for an unsuccessful request contains the following parameters:
Name | Data Type | Description |
---|---|---|
success |
Boolean |
Returns false. |
Array Objects |
Contains one or more error(s). |
The errors array describes each error that occurred using the following properties:
Name | Data Type | Description |
---|---|---|
code |
Integer |
Indicates the HTTP status code for the error. |
message |
String |
Indicates the description for the error that occurred. |
A sample JSON request is shown below.
POST https://api.transactcdn.com/v2/mcc/customers/0001/waf/v1.0/profile HTTP/1.1
Authorization: TOK:12345678-1234-1234-1234-1234567890ab
Accept: application/json
Content-Type: application/json
Host: api.transactcdn.com
{ "created_date": "06/10/2020 05:54:31 PM", "customer_id": "0001", "general_settings": { "anomaly_threshold": 5, "arg_length": 400, "arg_name_length": 100, "combined_file_sizes": 1048576, "disallowed_headers": [], "max_file_size": 1048576, "max_num_args": 3, "process_request_body": true, "total_arg_length": 64000, "validate_utf8_encoding": true, "xml_parser": true }, "id": "Oxeludse", "last_modified_date": "2020-06-10T17:54:31.252870Z", "name": "my_managed_rule", "policies": [ "r4020_tw_cpanel.conf.json", "r4040_tw_drupal.conf.json", "r4030_tw_iis.conf.json", "r4070_tw_joomla.conf.json", "r4050_tw_microsoft_sharepoint.conf.json", "r4010_tw_struts.conf.json", "r4060_tw_wordpress.conf.json", "r5040_cross_site_scripting.conf.json", "r2000_ec_custom_rule.conf.json", "r5021_http_attack.conf.json", "r5020_http_protocol_violation.conf.json", "r5043_java_attack.conf.json", "r5030_local_file_inclusion.conf.json", "r5033_php_injection.conf.json", "r5032_remote_code_execution.conf.json", "r5031_remote_file_inclusion.conf.json", "r5010_scanner_detection.conf.json", "r5042_session_fixation.conf.json", "r5041_sql_injection.conf.json", "r4000_tw_ip_reputation.conf.json", "r6000_blocking_evaluation.conf.json" ], "ruleset_id": "ECRS", "ruleset_version": "2019-11-01" }
A sample JSON response is shown below.
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Date: Thu, 15 Apr 2021 12:00:00 GMT
Content-Length: 65
{ "id": "Tq2WAbLu", "status": "success", "success": true }