Add Rate Rule

WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.

Creates a rate rule that determines the maximum number of requests that will be allowed within a given time period.

Request

A request to add a rate rule is described below.

HTTP Method	Request URI
POST	https://api.transactcdn.com/v2/mcc/customers/AccountNumber/waf/v1.0/limit

Define the following variable when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3).	Description
AccountNumber Required	Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.

Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Pass the following request body parameters:

Name	Data Type	Description
condition_groups	Array Objects	Contains the set of condition groups associated with a rule.
customer_id	String	Identifies your account by its customer account number.
disabled	Boolean	Indicates whether this rate rule will be enforced. Valid values are: true: Disabled. This rate limit will not be applied to traffic. false: Enabled. Traffic is restricted to this rate limit.
duration_sec Required	Integer	Indicates the length, in seconds, of the rolling window that tracks the number of requests eligible for rate limiting. The rate limit formula is calculated through the num and duration_sec properties as indicated below. num requests per duration_sec Valid values are: 1 \| 5 \| 10 \| 30 \| 60 \| 120 \| 300
keys	Array String values	Indicates the method by which requests will be grouped for the purposes of this rate rule. Valid values are: Missing / Empty Array: If the keys property is not defined or set to an empty array, all requests will be treated as a single group for the purpose of rate limiting. IP: Indicates that requests will be grouped by IP address. Each unique IP address is considered a separate group. USER_AGENT: Indicates that requests will be grouped by a client's user agent. Each unique combination of IP address and user agent is considered a separate group.
name	String	Indicates the name of the rate rule.
num Required	Integer	limits array Indicates the rate limit value. This value identifies the number of requests that will trigger rate limiting. The rate limit formula is calculated through the num and duration_sec properties as indicated below. num requests per duration_sec

condition_groups Array

The condition_groups array describes each condition group using the following properties:

Name	Data Type	Description
conditions	Array Objects	Contains a list of match conditions. This array describes each condition within a condition group using the following properties: target Object The target object describes the type of match condition. op Object The op object contains the match condition's properties.
id	String	Indicates the system-defined alphanumeric ID of a condition group. Example: 12345678-90ab-cdef-ghij-klmnopqrstuvwxyz1
name	String	Indicates the name of a condition group.

Name

Data Type

Description

conditions

Array

Objects

Contains a list of match conditions. This array describes each condition within a condition group using the following properties:

target Object

The target object describes the type of match condition.

op Object

The op object contains the match condition's properties.

String

Indicates the system-defined alphanumeric ID of a condition group.

Example:

12345678-90ab-cdef-ghij-klmnopqrstuvwxyz1

name

String

Indicates the name of a condition group.

target Object

The target object describes the type of match condition using the following properties:

Name	Data Type	Description
type Required for target object	String	Determines how requests will be identified. Valid values are: FILE_EXT \| GEOIdentifies the country from which the request originated by its 2 character country code. \| REMOTE_ADDR \| REMOTE_ASN \| REQUEST_HEADERS \| REQUEST_METHOD \| REQUEST_URIRequest URL Path: Match against the request's URL path. Define a URL path that starts directly after the hostname. Exclude the protocol, hostname, and query string when defining this property.
value Required for REQUEST_HEADERS	String	type: REQUEST_HEADERS Only Indicates the name of the request header through which requests will be identified. Valid values are: Host \| Referer \| User-Agent

Name

Data Type

Description

type

Required for target object

String

Determines how requests will be identified. Valid values are:

value

Required for REQUEST_HEADERS

String

type: REQUEST_HEADERS Only

Indicates the name of the request header through which requests will be identified. Valid values are:

Host | Referer | User-Agent

op Object

The op object describes each match condition using the following properties:

Name	Data Type	Description
is_case_insensitive	Boolean	Indicates whether the comparison between the requestThe attribute (e.g., hostname, URL path, IP address, etc.) of the request that will be compared is determined by the variable array. and the values property is case-sensitive. Valid values are: True: Case-insensitive False: Case-sensitive
is_negated	Boolean	Indicates whether this match condition will be satisfied when the requestThe attribute (e.g., hostname, URL path, IP address, etc.) of the request that will be compared is determined by the variable array. matches or does not match the value defined by the values property. Valid values are: True: Does not match False: Matches
type Required for op object	String	Indicates how the system will interpret the comparison between the requestThe attribute (e.g., hostname, URL path, IP address, etc.) of the request that will be compared is determined by the variable array. and the values property. Learn more about match types. Valid values are: EM: Requires that the request's attribute be set to one of the value(s) defined in the values property. IPMATCH: Requires that the request's IP address either be contained by an IP block or be an exact match to an IP address defined in the values property. Only use IPMATCH with the REMOTE_ADDR match condition. RX: Requires that the request's attribute be an exact match to the regular expression defined in the value property.
value Required for RX	String	type: RX Only Identifies a regular expression used to identify requests that are eligible for rate limiting. If you are identifying traffic via a URL path (REQUEST_URI), then you should specify a URL path pattern that starts directly after the hostname. Exclude a protocol or a hostname when defining this property. Sample values: /marketing /800001/mycustomerorigin
values Required for EM and IPMATCH	Array String values	type: EM and IPMATCH Only Identifies one or more values used to identify requests that are eligible for rate limiting. If you are identifying traffic via a URL path (REQUEST_URI), then you should specify a URL path pattern that starts directly after the hostname. Exclude a protocol or a hostname when defining this property. Sample values: /marketing /800001/mycustomerorigin If you are matching requests by IP address, make sure to use standard IPv4 and CIDR notation.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following parameters:

Name	Data Type	Description
id	String	Indicates the system-defined ID for the rate rule.
success	Boolean	Indicates whether this request was successful. Valid values are: true \| false
status	String	Indicates whether this request was successful.
errors	Array Objects	Contains one or more error(s).

errors Array

The errors array describes each error that occurred using the following properties:

Name	Data Type	Description
code	Integer	Indicates the HTTP status code for the error.
message	String	Indicates the description for the error that occurred.

Errors

The response body for an unsuccessful request may contain an error element that provides additional information.

View common error messages.

Sample Request and Response (JSON)

A sample JSON request is shown below.

POST https://api.transactcdn.com/v2/mcc/customers/0001/waf/v1.0/limit HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Content-Type: application/json

Host: api.transactcdn.com

{
	"duration_sec": 5,
	"condition_groups": [{
			"conditions": [{
					"target": {
						"type": "REQUEST_METHOD"
					},
					"op": {
						"type": "EM",
						"values": ["POST"]
					}
				}
			]
		}
	],
	"num": 10
}

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 164

{
	"id": "fgSagLvT",
	"status": "success",
	"success": true
}