Active Rules
An active rule represents a rule revision added to a particular firewall version.
Data model
allowed_http_versions | string | Allowed HTTP versions. [Default HTTP/1.0 HTTP/1.1 HTTP/2 ] | |
allowed_methods | string | A space-separated list of HTTP method names. [Default GET HEAD POST OPTIONS PUT PATCH DELETE ] | |
allowed_request_content_type | string | Allowed request content types. [Default application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain ] | |
allowed_request_content_type_charset | string | Allowed request content type charset. [Default utf-8|iso-8859-1|iso-8859-15|windows-1252 ] | |
arg_length | integer | The maximum allowed length of an argument. [Default 400 ] | |
arg_name_length | integer | The maximum allowed argument name length. [Default 100 ] | |
attributes | object | ||
combined_file_sizes | integer | The maximum allowed size of all files (in bytes). [Default 10000000 ] | |
comment | string | A freeform descriptive note. | |
critical_anomaly_score | integer | Score value to add for critical anomalies. [Default 6 ] | |
crs_validate_utf8_encoding | boolean | CRS validate UTF8 encoding. | |
error_anomaly_score | integer | Score value to add for error anomalies. [Default 5 ] | |
high_risk_country_codes | string | A space-separated list of country codes in ISO 3166-1 (two-letter) format. | |
http_violation_score_threshold | integer | HTTP violation threshold. | |
id | string | Alphanumeric string identifying a WAF rule revision. Read-only. | |
inbound_anomaly_score_threshold | integer | Inbound anomaly threshold. | |
lfi_score_threshold | integer | Local file inclusion attack threshold. | |
locked | boolean | Whether a specific firewall version is locked from being modified. [Default false ] | |
max_file_size | integer | The maximum allowed file size, in bytes. [Default 10000000 ] | |
max_num_args | integer | The maximum number of arguments allowed. [Default 255 ] | |
notice_anomaly_score | integer | Score value to add for notice anomalies. [Default 4 ] | |
number | integer | Integer identifying a WAF firewall version. Read-only. | |
paranoia_level | integer | The configured paranoia level. [Default 1 ] | |
php_injection_score_threshold | integer | PHP injection threshold. | |
rce_score_threshold | integer | Remote code execution threshold. | |
restricted_extensions | string | A space-separated list of allowed file extensions. [Default .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx ] | |
restricted_headers | string | A space-separated list of allowed header names. [Default /proxy/ /lock-token/ /content-range/ /translate/ /if/ ] | |
rfi_score_threshold | integer | Remote file inclusion attack threshold. | |
session_fixation_score_threshold | integer | Session fixation attack threshold. | |
sql_injection_score_threshold | integer | SQL injection attack threshold. | |
total_arg_length | integer | The maximum size of argument names and values. [Default 6400 ] | |
type | string | Resource type. [Default waf_firewall_version ] | |
warning_anomaly_score | integer | Score value to add for warning anomalies. | |
xss_score_threshold | integer | XSS attack threshold. | |
waf_firewall_version | object | ||
waf_rule_revisions | object | ||
modsec_rule_id | integer | The ModSecurity rule ID of the associated rule revision. | |
relationships.waf_firewall_version.id | string | Alphanumeric string identifying a Firewall version. | |
relationships.waf_rule_revisions.id | string | Alphanumeric string identifying a WAF rule revision. | |
status | string | Describes the behavior for the particular rule revision within this firewall version. | |
created_at | string | Date and time in ISO 8601 format. Read-only. | |
deleted_at | string | Date and time in ISO 8601 format. Read-only. | |
latest_revision | integer | The latest rule revision number that is available for the associated rule revision. Read-only. | |
outdated | boolean | Indicates if the associated rule revision is up to date or not. Read-only. | |
updated_at | string | Date and time in ISO 8601 format. Read-only. |
Endpoints
POST/waf/firewalls/firewall_id
/versions/version_id
/active-rules
DELETE/waf/firewalls/firewall_id
/versions/version_id
/active-rules
GET/waf/firewalls/firewall_id
/versions/version_id
/active-rules/waf_rule_id
DELETE/waf/firewalls/firewall_id
/versions/version_id
/active-rules/waf_rule_id
PATCH/waf/firewalls/firewall_id
/versions/version_id
/active-rules/waf_rule_id
PATCH/waf/firewalls/firewall_id
/versions/version_id
/active-rules/bulk