Waf
WAF
Overview
Application Protection WAF API.
Version information
Version : 1.0.0.BETA
License information
Terms of service : https://www.nexusguard.com/
URI scheme
Host : api.nexusguard.com
BasePath : /api
Schemes : HTTPS
Paths
Add the customizable rules to the Custom Rule protection.
POST /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/custom-rule
Description
Use this API to add rules to the Custom Rule in the WAF template in the Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body required |
CustomerRule |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code. | integer |
| msg optional |
Response message. | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Add the customizable rules of the Custom Rule protection.
GET /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/custom-rule
Description
Use this API to get the list of rules of the Custom Rule in the WAF template in Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code | integer |
| msg optional |
Response message | string |
| result optional |
< CustomerRule > array |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Set the switch of the Custom Rule protection.
POST /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/custom-rule/switch/{status}
Description
Use this API to control the switch of the Custom Rule protection in the WAF template in the Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Path | status required |
Switch status. 0 is off. 1 is on. | integer |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code | integer |
| msg optional |
Response message | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Get the particular customizable rule in the Custom Rule protection.
GET /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/custom-rule/{rule_id}
Description
Use this API to get the particular rules in the Custom Rule in the WAF template of the Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | rule_id required |
Unique identifier of the combination of a custom rule. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code. | integer |
| msg optional |
Response message. | string |
| result optional |
CustomerRule |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Edit a particular rule in the custom rule protection.
PUT /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/custom-rule/{rule_id}
Description
Use this API to edit a particular rule in the WAF template of the Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | rule_id required |
Unique identifier of the combination of a custom rule. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body required |
CustomerRule |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code. | integer |
| msg optional |
Response message. | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Delete all customizable rules in the Custom Rule Protection.
DELETE /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/custom-rule/{rule_id}
Description
Use this API to delete a particular rule of the Custom Rule of the WAF template in the Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | rule_id required |
Unique identifier of the combination of a custom rule. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code. | integer |
| msg optional |
Response message. | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Get the info of OWASP protection.
GET /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/owasp
Description
Use this API to get the status and details of the OWASP protection in WAF of Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code | integer |
| msg optional |
Response message | string |
| result optional |
The returned result. | result |
| Name | Schema |
|---|---|
| enable optional |
integer |
| waf_attack_list optional |
waf_attack_list |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Change the switch of OWASP protection.
PUT /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/owasp/action-switch
Description
Use this API to control the switch of the OWASP protection in the WAF template of Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body required |
body |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code | integer |
| msg optional |
Response message | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Change the Leeching switch of OWASP protection.
PUT /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/owasp/action-switch/anti_leech
Description
Use this API to control the switch of the Leeching protection of OWASP protection in the WAF template of Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body optional |
AdvancedActionConfiguration1 |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code. | integer |
| msg optional |
Response message. | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Change the CSRF switch of OWASP.
PUT /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/owasp/action-switch/csrf
Description
Use this API to control the switch of the CSRF protection of OWASP protection in the WAF template of Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body optional |
AdvancedActionConfiguration2 |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code. | integer |
| msg optional |
Response message. | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Change the Unvalidated Redirects switch of OWASP protection.
PUT /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/owasp/action-switch/unvalidated_redirects
Description
Use this API to control the switch of the unvalidated redirects of OWASP protection in the WAF template of Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body optional |
AdvancedActionConfiguration1 |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code | integer |
| msg optional |
Response message | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Set the switch of OWASP protection.
POST /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/owasp/switch/{status}
Description
Use this API to control the switch of the OWASP protection in WAF of Application Protection Service.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. | string |
| Path | site_id required |
Unique identifier of a site. | string |
| Path | status required |
Switch status. 0 is off. 1 is on. | integer |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Response sent when the API is successfully invoked. | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Response code | integer |
| msg optional |
Response message | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Set the switch status and mode of secure header.
POST /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/secure-headers
Description
Set the switch status and mode of secure header
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. Can be obtained by invoking this API. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. Can be obtained by invoking this API. | string |
| Path | site_id required |
Unique identifier of a site. Can be obtained by invoking this API for Application Protection sites. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body required |
Request body parameters, status and mode can be configured on your needs. They are unnecessarily given. | body |
| Name | Description | Schema |
|---|---|---|
| mode optional |
The Available modes of the secure header are low, standard, strict and custom.It’s useful only when ‘status’ is 1. | enum (low, standard, strict, custom) |
| status optional |
The switch status of the secure header. 0 represent off, 1 represent on. | integer |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Error code. | integer |
| msg optional |
Error message. | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Get the policy info of WAF secure header.
GET /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/secure-headers
Description
Get the policy info of WAF secure header including switch status, policy mode, custom policy info.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. Can be obtained by invoking this API. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. Can be obtained by invoking this API. | string |
| Path | site_id required |
Unique identifier of a site. Can be obtained by invoking this API for Application Protection sites. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Error code | integer |
| msg optional |
Error message | string |
| result optional |
The returned result. | result |
| Name | Description | Schema |
|---|---|---|
| current_mode optional |
Modes of secure header are low, standard, strict and custom. In custom mode, the secure header is customizable. | enum (low, standard, strict, custom) |
| custom_mode optional |
SourceHeader | |
| enable optional |
The switch of secure header. 0 represents off, 1 represents on. | integer |
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Set the policy info of WAF secure header.
POST /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/secure-headers/custom
Description
Set the policy info of WAF secure header.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. Can be obtained by invoking this API. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. Can be obtained by invoking this API. | string |
| Path | site_id required |
Unique identifier of a site. Can be obtained by invoking this API for Application Protection sites. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body required |
Request body parameter. | SourceHeader |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Error code | integer |
| msg optional |
Error message | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Get the policy info of the whitelist.
GET /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/whitelist
Description
Get the policy info of the whitelist.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. Can be obtained by invoking this API. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. Can be obtained by invoking this API. | string |
| Path | site_id required |
Unique identifier of a site. Can be obtained by invoking this API for Application Protection sites. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Error code. | integer |
| msg optional |
Error message. | string |
| result optional |
The returned result. | result |
| Name | Description | Schema |
|---|---|---|
| enable optional |
whitelist switch status. | integer |
| rules optional |
whitelist rule information list. | < rules > array |
| Name | Description | Schema |
|---|---|---|
| allow_empty_referer optional |
allow empty referer. 0 allow, 1 not allow. | integer |
| allow_empty_ua optional |
allow empty ua. 0 allow, 1 not allow. | integer |
| cookie optional |
Cookies(Regex). | < string > array |
| desc optional |
rule description. | string |
| enable optional |
For the rule switch, 0 represents off and 1 represents on. | integer |
| header optional |
Headers. | < string > array |
| host optional |
Hosts(Regex) | < string > array |
| ip optional |
Source IPs. | < string > array |
| name optional |
rule name. | string |
| order optional |
The order of rule starts from 0. | integer |
| policy_bypass optional |
Hosts(Regex).The following parameters are available to use all,custom_rule,basic,sql_injection,ldap_injection,xml_injection,email_injection,phpcode_injection,os_cmd_injection,coldfusion_injection,session_fixation,error_code_handing,sensitive_leak,xxe_injection,anti_leech,path_traversal,web_scanner,ssi,xss,components_leak,csrf,unvalidated_redirects,force_remove_header | < enum (all, custom_rule, basic, sql_injection, ldap_injection, xml_injection, email_injection, phpcode_injection, os_cmd_injection, coldfusion_injection, session_fixation, error_code_handing, sensitive_leak, xxe_injection, anti_leech, path_traversal, web_scanner, ssi, xss, components_leak, csrf, unvalidated_redirects, force_remove_header) > array |
| referer optional |
Referers(Regex). | < string > array |
| rule_index optional |
Rule index starts from 0. It changes with the number of rules in the whitelist. | integer |
| ua optional |
UAs(Regex). | < string > array |
| uri optional |
URIs(Regex). | < string > array |
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Add WAF rules to the whitelist
POST /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/whitelist/rule
Description
Add WAF rules to the whitelist. The maximum of 5 entries are allowed. More than 5 entries are not allowed to be added.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. Can be obtained by invoking this API. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. Can be obtained by invoking this API. | string |
| Path | site_id required |
Unique identifier of a site. Can be obtained by invoking this API for Application Protection sites. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body required |
Request body parameter. | WhitelistRule |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Error code | integer |
| msg optional |
Error message | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Delete the rule in the whitelist.
POST /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/whitelist/rule/order
Description
Delete the rules in the whitelist through the rule index. Suggests before editing the rules, you should again get the rules which will be deleted to confirm whether they exist or not.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. Can be obtained by invoking this API. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. Can be obtained by invoking this API. | string |
| Path | site_id required |
Unique identifier of a site. Can be obtained by invoking this API for Application Protection sites. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body required |
Request body parameter | < body > array |
| Name | Description | Schema |
|---|---|---|
| order optional |
order | integer |
| rule_index optional |
rule index | integer |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Error code | integer |
| msg optional |
Error message | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Edit the rule in the whitelist
PUT /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/whitelist/rule/{rule_index}
Description
Edit rules in the whitelist. Suggests that before editing, you should get and check the current rules, because deleting other rules may change the current rule index.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. Can be obtained by invoking this API. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. Can be obtained by invoking this API. | string |
| Path | rule_index required |
rule index. Note: The rule index will change with the number of rules in the whitelist. | string |
| Path | site_id required |
Unique identifier of a site. Can be obtained by invoking this API for Application Protection sites. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body required |
Request body parameter. | WhitelistRule |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Error code | integer |
| msg optional |
Error message | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Delete the rules in the whitelist.
DELETE /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/whitelist/rule/{rule_index}
Description
Delete the rules in the whitelist through the rule index. Suggests before editing the rules, you should again get the rules which will be deleted to confirm whether they exist or not.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. Can be obtained by invoking this API. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. Can be obtained by invoking this API. | string |
| Path | rule_index required |
rule index. Note: The rule index will change with the number of rules in the whitelist. . | string |
| Path | site_id required |
Unique identifier of a site. Can be obtained by invoking this API for Application Protection sites. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Error code | integer |
| msg optional |
Error message | string |
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Edit the WAF whitelist and the switch status of the rule.
POST /spe/ap/customer/{customer_id}/site/{site_id}/domain-port/{domain_port_id}/policy/waf/whitelist/switch
Description
Edit the WAF whitelist and the switch status of rules. Multiple rules can be edited at the same time.
Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | customer_id required |
Unique identifier of a customer. Can be obtained by invoking this API. | string |
| Path | domain_port_id required |
Unique identifier of the combination of a domain and a port number. Can be obtained by invoking this API. | string |
| Path | site_id required |
Unique identifier of a site. Can be obtained by invoking this API for Application Protection sites. | string |
| Query | access_token required |
Access token used to authenticate your access to the API. | string |
| Body | body required |
Request body parameter. | body |
| Name | Description | Schema |
|---|---|---|
| rule optional |
If it is necessary to edit the lists of rules, the rule which needs to be edited can be put into the list whereas the one which does not need to be edited cannot. | < rule > array |
| whitelist_enable optional |
For the switch status of the whitelist, 0 represents off, 1 represents on. If the whitelist is not needed to be edited, the parameter cannot be given. | integer |
| Name | Description | Schema |
|---|---|---|
| enable optional |
For the rule switch, 0 represents off, 1 represents on. | integer |
| rule_index optional |
rule index. | integer |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | Response 200 |
| Name | Description | Schema |
|---|---|---|
| code optional |
Error code | integer |
| msg optional |
Error message | string |
Consumes
application/json
Produces
application/json
Security
| Type | Name |
|---|---|
| apiKey | ApiKeyAuth |
Definitions
AdvancedActionConfiguration1
Configuring CSRF of OWASP in WAF.
| Name | Description | Schema |
|---|---|---|
| action required |
Feedbacks of the triggered rules. | enum (off, monitor, block) |
| trust_domains optional |
The reliable site. | < string > array |
AdvancedActionConfiguration2
Configuring CSRF of OWASP in WAF.
| Name | Description | Schema |
|---|---|---|
| action required |
Feedbacks of the triggered rules. | enum (off, monitor, block) |
| action_urls optional |
< string > array | |
| form_urls optional |
< string > array | |
| token_name optional |
token name | string |
| trust_domains optional |
The reliable site. | < string > array |
| type required |
The type of this configuration. | enum (basic, advance) |
CustomerRule
Custom rule configuration.
| Name | Description | Schema |
|---|---|---|
| action required |
Feedbacks of the triggered protection rules. | enum (off, monitor, block) |
| check_point optional |
Position of the protection detection. | < enum (post_param, upload_file, raw_postbody, referer, ua, cookie, uri, query_param) > array |
| desc optional |
The custom rule description. | string |
| id optional |
The custom rule id. | string |
| signature required |
The customizable signature. | < string > array |
GeneralActionConfiguration
General configuration of OWASP in WAF
| Name | Description | Schema |
|---|---|---|
| action optional |
Feedbacks of the triggered rules. | enum (off, monitor, block) |
| check_point optional |
The position of protection detection. | < enum (post_param, upload_file, raw_postbody, referer, ua, cookie, uri, query_param) > array |
| checkpoint_customize optional |
For configuring the status of switch, 0 represents off, 1 represents on. | integer |
SimpleActionConfiguration1
Simple configuration of OWASP in WAF.
| Name | Description | Schema |
|---|---|---|
| action required |
Feedbacks of the triggered rules. | enum (off, block) |
SimpleActionConfiguration2
Simple configuration of OWASP in WAF.
| Name | Description | Schema |
|---|---|---|
| action required |
Feedbacks of the triggered rules. | enum (off, monitor, block) |
SourceHeader
the policy info of the mode of the customizable secure header.
| Name | Description | Schema |
|---|---|---|
| content_secure required |
Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting the sources of approved content, you can prevent the browser from loading malicious assets. | content_secure |
| content_type required |
X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. | content_type |
| cookie_secure required |
The purpose of the cookie security flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text. | cookie_secure |
| frame required |
X-Frame-Options tells the browser whether you want to allow your site to be framed or not. If you allow other sites to “frame” your content, do not enable this option. | frame |
| referrer required |
The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made. | referrer |
| xss required |
X-XSS-Protection enables the cross-site scripting (XSS) filter in browser and sets the configuration for the XSS auditor built into older browsers. | xss |
| Name | Description | Schema |
|---|---|---|
| baseURI required |
base URI | baseURI |
| blockAllMixedContent required |
block All Mixed Content | blockAllMixedContent |
| childSource required |
child Source | childSource |
| connectSource required |
connect Source | connectSource |
| defaultSource required |
default Source | defaultSource |
| disownOpener required |
disown Opener | disownOpener |
| enable required |
For the switch, 0 represents off, 1 represents on. | integer |
| fontSource required |
font Source | fontSource |
| formAction required |
form Action | formAction |
| frameAncestors required |
frame Ancestors | frameAncestors |
| frameSource required |
frame Source | frameSource |
| imageSource required |
image Source | imageSource |
| manifestSources required |
manifest Sources | manifestSources |
| mediaSource required |
media Source | mediaSource |
| name required |
Name | string |
| objectSource required |
object Source | objectSource |
| pluginTypes required |
plugin Types | pluginTypes |
| prefetchSource required |
prefetch Source | prefetchSource |
| reportTo required |
report To | reportTo |
| reportUri required |
report Uri | reportUri |
| rewrite_header required |
For The switch of the default source, 0 represents off, 1 represents on. | integer |
| sandbox required |
sandbox | sandbox |
| scriptSource required |
script Source | scriptSource |
| styleSource required |
style Source | styleSource |
| upgradeInsecureRequests required |
upgrade Insecure Requests | upgradeInsecureRequests |
| workerSource required |
worker Source | workerSource |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of base URI. 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none. 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self. 0 represents off, 1 represents on. | integer |
| text required |
a space-separated list of hosts | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the block all mixed content, 0 represents off, 1 represents on. | integer |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the child source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| data required |
For the switch of the data, 0 represents off, 1 represents on. | integer |
| enable required |
For the switch of the connect source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| data required |
For the switch of the data, 0 represents off, 1 represents on. | integer |
| enable required |
For The switch of the default source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
a space-separated list of hosts | string |
| unsafe_eval required |
For the switch of the unsafe eval, 0 represents off, 1 represents on. | integer |
| unsafe_hashes required |
For the switch of the unsafe hashes, 0 represents off, 1 represents on. | integer |
| unsafe_inline required |
For the switch of the unsafe inline, 0 represents off, 1 represents on. | integer |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the disown opener, 0 represents off, 1 represents on. | integer |
| Name | Description | Schema |
|---|---|---|
| data required |
For the switch of the data, 0 represents off, 1 represents on. | integer |
| enable required |
For the switch of the font source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the form action, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the frame ancestors, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the frame source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| data required |
For the switch of data,0 represents off, 1 represents on. | integer |
| enable required |
The switch of image source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none. 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the manifest sources, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| data required |
For the switch of the data, 0 represents off, 1 represents on. | integer |
| enable required |
For the switch of the media source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the object source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the slef, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the plugin types, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | integer |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the prefetch source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the report to, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | integer |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the report url, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | integer |
| Name | Description | Schema |
|---|---|---|
| allow_forms required |
For the switch of the allow forms, 0 represents off, 1 represents on. | integer |
| allow_pointer_lock required |
For the switch of allow pointer lock, 0 represents off, 1 represents on. | integer |
| allow_popups required |
For the switch of allow popups, 0 represents off, 1 represents on. | integer |
| allow_same_origin required |
For the switch of the allow same origin, 0 represents off, 1 represents on. | integer |
| allow_scripts required |
For the switch of the allow scripts, 0 represents off, 1 represents on. | integer |
| allow_top_navigation required |
For the switch of allow top navigation, 0 represents off, 1 represents on. | integer |
| enable required |
For the switch of the sandbox, 0 represents off, 1 represents on. | integer |
| Name | Description | Schema |
|---|---|---|
| data required |
For the switch of the data, 0 represents off, 1 represents on. | integer |
| enable required |
For the switch of the script source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
a space-separated list of hosts | string |
| unsafe_eval required |
For the switch of the unsafe eval, 0 represents off, 1 represents on. | integer |
| unsafe_hashes required |
For the switch of the unsafe hashes, 0 represents off, 1 represents on. | integer |
| unsafe_inline required |
For the switch of the unsafe_inline, 0 represents off, 1 represents on. | integer |
| Name | Description | Schema |
|---|---|---|
| data required |
For the switch of the data, 0 represents off, 1 represents on. | integer |
| enable required |
For the switch of the style source. 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| unsafe_eval required |
For the switch of the unsafe eval, 0 represents off, 1 represents on. | integer |
| unsafe_hashes required |
For the switch of unsafe hashes, 0 represents off, 1 represents on. | integer |
| unsafe_inline required |
For the switch of unsafe inline, 0 represents off, 1 represents on. | integer |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the upgrade insecure requests, 0 represents off, 1 represents on.. | integer |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch of the worker source, 0 represents off, 1 represents on. | integer |
| none required |
For the switch of the none, 0 represents off, 1 represents on. | integer |
| self required |
For the switch of the self, 0 represents off, 1 represents on. | integer |
| text required |
A space-separated list of hosts. | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch, 0 represents off,1 represents on. | integer |
| name required |
Name. | string |
| rewrite_header required |
The status of the rewrite header, 0 represents off,1 represents on. | integer |
| value required |
value setting. | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch, 0 represents off, 1 represents on. | integer |
| httponly optional |
httponly in value setting | httponly |
| rewrite_header required |
rewrite header状态.0关闭,1开启. | integer |
| samesite optional |
samesite in value setting | samesite |
| secure optional |
secure in value setting | secure |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch, 0 represents off, 1 represents on. | integer |
| whitelist required |
A list of whitelisted cookie values (maximum 10 lines). | < string > array |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch, 0 represents off, 1 represents on. | integer |
| value required |
Only parameters like lax, strict and none are used by the value. | enum (lax, strict, none) |
| whitelist required |
A line-separated list of whitelisted cookie values (maximum 10 lines). | string |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch, 0 represents off, 1 represents on. | integer |
| whitelist required |
A line-separated list of whitelisted cookie values (maximum 10 lines). | string |
| Name | Description | Schema |
|---|---|---|
| allow_from required |
Value setting is the value of allow-from, space-separated list of url | string |
| enable required |
For the switch, 0 represents off, 1 represents on. | integer |
| name required |
Name. | string |
| rewrite_header required |
For the status of the rewrite header status, 0 represents off, 1 represents on. | integer |
| value required |
value setting. Only the parameters like deny、sameorigin、allow-from can be used. | enum (deny, sameorigin, allow-from) |
| Name | Description | Schema |
|---|---|---|
| enable required |
For the switch, 0 represents off, 1 represents on. | integer |
| name required |
Name. | string |
| rewrite_header required |
For the status of the rewrite header, 0 represents off, 1 represents on. | integer |
| value required |
value setting. Only the following parameters of value setting are allowed: noreferrer-when-downgrade、no-referrer、origin、origin-when-cross-origin、same-origin、strict-origin、strict-origin-when-cross-origin、unsafe-url | enum (noreferrer-when-downgrade, no-referrer, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url) |
| Name | Description | Schema |
|---|---|---|
| block required |
Block. 0 represent does not block, 1 represent block. | integer |
| enable required |
The status of the rewrite header, 0 represents off, 1 represents on. | integer |
| name required |
Name. | string |
| report required |
Report. 0 represents do not use the report. 1 represents use the report. | integer |
| reportText required |
report Text | string |
| rewrite_header required |
The status of the rewrite header, 0 represents off, 1 represents on. | integer |
| value required |
value setting. 0 disable filter,1 enable filter | integer |
WhitelistRule
| Name | Description | Schema |
|---|---|---|
| allow_empty_referer required |
allow empty referer. 0 allow, 1 not allow | integer |
| allow_empty_ua required |
allow empty ua. 0 allow, 1 not allow | integer |
| cookie required |
Cookies(Regex) | < string > array |
| desc required |
rule description. | string |
| header required |
Headers. | < string > array |
| host required |
Hosts(Regex) | < string > array |
| ip required |
Source IPs | < string > array |
| name required |
rule name. | string |
| policy_bypass required |
WAF Bypass. Choose from these: custom_rule,sql_injection,ldap_injection,xml_injection,email_injection,phpcode_injection,os_cmd_injection,coldfusion_injection,session_fixation,error_code_handing,sensitive_leak,xxe_injection,anti_leech,path_traversal,web_scanner,ssi,xss,components_leak,csrf,unvalidated_redirects,force_remove_header | < enum (custom_rule, sql_injection, ldap_injection, xml_injection, email_injection, phpcode_injection, os_cmd_injection, coldfusion_injection, session_fixation, error_code_handing, sensitive_leak, xxe_injection, anti_leech, path_traversal, web_scanner, ssi, xss, components_leak, csrf, unvalidated_redirects, force_remove_header) > array |
| referer required |
Referers(Regex). | < string > array |
| ua required |
UAs(Regex). | < string > array |
| uri required |
URIs(Regex). | < string > array |
Security
ApiKeyAuth
Type : apiKey
Name : access_token
In : QUERY