loading

Application Security API v1

Manage the Web Application Firewall (WAF) configuration for your Akamai security products.

Learn more:


Overview

The Application Security API allows you to access and modify your Security Configurations for Kona Site Defender and Client Reputation. You can create, update, activate, and export versions of a security configuration. You can get selectable hostnames and add them to the selected list to protect your website or API content. You also can add, modify, or delete custom rules and assign policy actions.

A Web Application Firewall (WAF) is an application security measure deployed between a web client and a web server that performs a deep inspection of every request and response for all common forms of web traffic. Identifying and isolating or blocking abnormal malicious traffic, a WAF effectively prevents threats from reaching the server.

All Custom Rule APIs and resources are in Beta.

Who should use this API

This API is for security operations teams and developers who implement Akamai security products for their organization. You need to have a working knowledge of your application and how the configurable objects interact. If you’re not familiar with these topics, see Resources for more information.

Get started

Before using the Application Security API for the first time:

  • Review Get Started with APIs for details on how to set up client tokens to access any Akamai API. These tokens appear as custom hostnames that look like this: https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.

  • To enable this API, choose the API service named Application Security, and set the access level to READ-WRITE.

API concepts

To understand this API’s various URL resources and the data it exchanges, get familiar with these concepts:

  • Configuration: A security configuration specifies hostnames, security policies, custom rules, and match targets. You activate a security configuration to Akamai’s edge servers, where it works with your delivery configuration to evaluate requests, and determines how to handle them.

    Security configurations are versioned. This is a handy way to update a configuration, even if it’s active on staging or production. Clone a version and edit it. When it’s ready, activate and test the new version. As you refine and test your updates, you have an audit trail of changes and can rollback to prior versions. You can also export the details of a configuration version.

  • Contracts and Groups: Contracts and groups apply to most Akamai applications. In the Application Security API, contract IDs and group IDs are used when requesting selectable hostnames and creating security configurations. When you create a new configuration in Appsec, you’ll choose which product to use by passing the contractId, and you’ll select a group in which to save your configuration with a groupId.

  • Hostnames: Selecting a hostname lets you specify the web content you want to protect in your configuration. You can get a list of selectable hostnames and add new entries to the selected hostnames object in your configuration.

    You can associate a security configuration with many hostnames, but a single hostname is covered by only one active security configuration at a time.

  • Security Policy: Security policies control how to respond to different requests and define the response action that occurs. If necessary, you can create more than one security policy. For example, you may need to apply one set of protections to website pages and a different set to APIs.

  • Match Target: Defines which security policy applies to which API, hostname, or path. You can use a match target to focus a policy on a specific set of requests, such as those for .asp, .jsp, or .php file types. When your security configuration assesses a request, it checks to see if the request meets match target criteria. If it does, protections apply. If not, content delivery starts.

  • Protections: Rules in a security configuration that inspect a request for specific traits, behavior, or originating machine and then applies an action you set. If a request triggers a rule, the server executes the action you specify. The security configuration file executes before your delivery configuration. The protections currently available in this API are:
    • IP/Geo firewall
    • Rate controls
    • Slow POST
    • Custom rules
    • Web Application Firewall rules
    • Reputation profile (Kona Site Defender add-on)
  • IP/Geo Firewall: IP/Geo controls let you block or allow traffic coming from a specific IP, subnet, or geographic area. In Control Center’s Web Application Firewall, the mode option lets you control how to block traffic. This API uses the block member to indicate the same choice. The set of IPs or geographic areas you want to include or exclude is defined separately in network lists that are shared across security configurations. Use the Network Lists API to maintain them. Note: Subnet controls are a legacy item in Control Center and are not available through this API.

  • Rate Controls: Monitor and control the rate of requests you receive. Flag traffic too fast to be from a human or that may overwhelm your site.

  • Slow POST: A type of traffic that ties up a web server as it waits for additional parts of requests to arrive. This can result in Denial-of-Service attacks featuring extremely slow request rates.

  • Custom Rule: Custom rules can handle scenarios not covered by the included standard rules and quickly patch new website vulnerabilities. You can trigger an alert or denial based on various components of the request, such as method, path, file extension, headers, cookies, query string, and POST body variables. Custom rules are configuration-level resources, which means they’re available to all policies in a security configuration, but they don’t version in lock-step. When you change a custom rule, it affects all inactive versions of your security configuration, but not activated ones. To roll back, you must choose a previously activated version.

  • Reputation Profile: Stops malicious clients before they can attack, based on Akamai’s visibility into prior behavior of individual and shared IP addresses. This service performs hourly analysis to identify potentially malicious IP addresses, scoring them based on prior interactions with other Akamai customers. When you apply reputation controls, they use this history to alert on or block IP addresses from issuing requests. Reputation profile is part of Client Reputation, an optional add-on to Kona Site Defender that you need on your contract to use.

  • Prefetch: This protection causes your application firewall rules to inspect internal requests (those between your origin and Akamai’s servers) for file types you specify (usually dynamic content).

  • Attack Group: Attack groups, also called Automated Attack Groups or AAGs are an alternative setup for your web application firewall, eliminating the need for you to manually configure and maintain individual firewall rules.

  • Attack Group Actions: When conditions for an attack group are met, our system performs a specific action you set: denying the request, recording what triggered the response, or taking no action at all.

  • Rules: The Akamai Intelligent Platform handles a large part of the world’s web traffic, providing a unique insight into traffic patterns and request behavior. To craft the application-layer protections, our Security Research team leverages insights that come from our Cloud Security Intelligence (CSI) data platform. This data is used to improve rules and create new ones based on the latest threats.

  • Rule Actions: When a rule is triggered by a request, our system takes an action, either denying the request, recording the triggered the rule, or taking no action at all.

  • Penalty Box: If you’re using automated attack groups, you can protect your site or API from abusive clients using the penalty box. When you turn penalty box ON, any client whose request violates an attack group set to action:deny moves to the penalty box. There, the action you select for penalty box (either alert or deny) continues to apply to any requests from that client for the next 10 minutes. After 10 minutes, the client moves out of the penalty box, and its requests are no longer denied, unless another request triggers another deny action again and sends the client back to the penalty box for another 10 minutes.

  • Upgrading KRS rules: To best protect your site it’s important to keep your rules up to date. However, if you’re worried how the new rules may affect your traffic, you can use Evaluation Mode to test them before you upgrade.

  • Mode: The mode is the method by which you update your KRS rules. Use KRS to update them manually, or AAG to have them update automatically.

  • Evaluation Mode: Evaluation mode lets you test new versions of the Kona Rule Sets before committing to an upgrade, or test the same rules you already have with different exceptions.

  • Evaluation Rule: Also known as eval rules. These rules are future versions of rules you currently have. Eval rules are the rules present when you’re running evaluation mode. You can preview, or test drive these rules to see how they handle traffic and compare the results against your current rules. When you’re using the eval rules operations, you’ll notice how similar they are to the KRS rules operations. This is because the newer rules you’re evaluating are meant to replace the KRS rules once you decide to upgrade. The only difference between the KRS rules operations and the eval rules operations is that the KRS operations are for your current rules, and the eval operations are for you to test out updates to those rules. What the rules and their actions accomplish are conceptually the same.

  • Custom Deny: Instead of using the standard deny action which serves an HTTP 403 Forbidden response, you can create a custom deny action. This lets you:
    • Customize the error message
    • Brand the error page with your own logo
    • Define and serve an HTML, or any response based on XML, JSON, or other data formats

You’ll choose which deny action to take in the Custom Deny operations and, unlike other similar operations, won’t have to create any special configurations. Customize either by entering your own HTML or JSON response body, or by serving an HTML page that you currently deliver on Akamai’s platform. You can create up to 20 custom deny actions. Note: Custom Deny is not available for properties served on Akamai’s China CDN. Any instance of custom deny applied to those properties defaults back to 403 response.

  • SIEM: Security Information and Event Management (SIEM) integration lets you capture security events generated on the Akamai platform and analyze them in your favorite SIEM application. You can integrate with Splunk, CEF Syslog, or build a connector for the SIEM application of your choice. The operations in this API let you turn SIEM on or off for your security configurations. To configure other SIEM controls, or for more information, see SSecurity Information and Event Management API.

  • Tuning recommendation email subscription: Tuning recommendations help improve accuracy and reduce false positives, instances where a valid request gets flagged. When the system detects such an issue in your traffic, it automatically recommends an exception setting change. You can review it and either accept the recommendation or defer for later. In this API, you subscribe or unsubscribe users to these recommendations for a specific feature. Currently, the only feature is AAG_TUNING_REC for AAG rule sets.

API workflows

Learn this API’s common workflows. These include adding a hostname to a configuration version, adding a custom rule to a configuration version, exporting a configuration version, and activating configuration versions with invalid hostnames.

These steps show you how to modify a configuration, provide additional hostnames, and activate the new configuration version.

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Run Get configuration version details to get a Configuration object.

  4. You cannot edit the configuration version if it’s ACTIVE on staging or production servers. To create a new version, craft a ConfigurationClone object and make a POST request to /appsec/v1/configs/{configId}/versions.

  5. Run List selectable hostnames to get a list of Set objects containing hostname information.

  6. List selected hostnames to get a SelectedHostnames object.

  7. Modify the SelectedHostnames object.

  8. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames.

  9. Run List security policies and select a policyId.

  10. Run Create a match target to create a new MatchTarget object. Note the targetId in the response.

  11. Run Get a match target

  12. Modify the MatchTarget object.

  13. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}.

  14. Run List match targets.

  15. Craft a MatchTargetOrder object using the targetIds.

  16. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/sequence.

  17. Create an Activation object.

  18. Make a POST request to /appsec/v1/activations to activate the configuration version.

  19. Run Get activation status to check the activation status. The response is an Activation object.

These steps show you how to modify a configuration, add a new custom rule, and activate the new configuration version.

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Run Get configuration version details to get a Configuration object.

  4. You cannot edit the configuration version if it’s ACTIVE on staging or production servers. To create a new version, craft a ConfigurationClone object and make a POST request to /appsec/v1/configs/{configId}/versions.

  5. Run Create a custom rule to create a new CustomRule object. Note the ruleId in the response.

  6. Run Get a custom rule.

  7. Modify the CustomRule object.

  8. Make a PUT request to /appsec/v1/configs/{configId}/custom-rules/{ruleId}.

  9. Run List security policies and select a policyId.

  10. Make a PUT request with a single-member object containing the specified action to /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules/{ruleId}.

  11. Create an Activation object.

  12. Make a POST request to /appsec/v1/activations to activate the configuration version.

  13. Run Get activation status to check the activation status. The response is an Activation object.

These steps show you how to get and export an existing configuration version.

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/export/configs/{configId}/versions/{versionNumber}.

These steps show you how to activate security configurations that contain invalid hostnames. A hostname may be invalid for different reasons. For example, it may not be linked to an Akamai property, or it may be managed under a contract and group not associated with the security configuration. You can activate several security configurations with invalid hostnames at the same time.

  1. Run the List selectable hostnames operation.

  2. Copy and store the hostname values from the errorSet array.

  3. Run the Activate a configuration version operation and enter the invalid hostnames along with the IDs of security configuration that include them in the acknowledgedInvalidHostsByConfig array.

Note that you can still use the acknowledgedInvalidHosts array when activating a single security configuration.

Resources

This section provides details on each API operation.

API summary

Download the RAML descriptors for this API.

Operation Method Endpoint
Security Configurations Contract and Group (Beta)  
List contracts and groups GET /appsec/v1/contracts-groups
List available hostnames for a new configuration GET /appsec/v1/contracts/{contractId}/groups/{groupId}/selectable-hostnames
Security Configurations  
List configurations GET /appsec/v1/configs
Create a configuration POST /appsec/v1/configs
Rename a security configuration PUT /appsec/v1/configs/{configId}
Security Configuration Versions  
List configuration versions GET /appsec/v1/configs/{configId}/versions{?page,pageSize,detail}
Clone a configuration version POST /appsec/v1/configs/{configId}/versions
Security Configuration Version  
Get configuration version details GET /appsec/v1/configs/{configId}/versions/{versionNumber}
Remove a configuration version DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}
Version Notes (Beta)  
Get the version notes GET /appsec/v1/configs/{configId}/versions/{versionNumber}/version-notes
Update the version notes PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/version-notes
Hostname Coverage (Beta)  
Get Hostname Coverage GET /appsec/v1/hostname-coverage
Hostname Match Target and Overlap Coverage (Beta)  
Get the hostname coverage match targets GET /appsec/v1/configs/{configId}/versions/{versionNumber}/hostname-coverage/match-targets?hostname={host}
List hostname overlaps GET /appsec/v1/configs/{configId}/versions/{versionNumber}/hostname-coverage/overlapping?hostname={host}
Advanced Configuration Settings (Beta)  
Get the HTTP header log settings for a configuration GET /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/logging
Modify HTTP header log settings for a configuration PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/logging
Get prefetch requests GET /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/prefetch
Modify prefetch requests PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/prefetch
Get Pragma settings for a configuration GET /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/pragma-header
Modify Pragma settings for a configuration PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/pragma-header
Hostnames  
List selectable hostnames GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selectable-hostnames
List selected hostnames GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames
Modify selected hostnames PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames
List evaluation hostnames GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames/eval-hostnames
Modify evaluation hostnames PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames/eval-hostnames
Protect evaluation hostnames PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/protect-eval-hostnames
Security Policies  
List security policies GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies{?notMatched,detail}
Clone or create a security policy POST /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies
Get a security policy GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}
Modify a security policy PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}
Remove a security policy DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}
Security Policy Advanced Settings (Beta)  
Get HTTP header log settings GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/logging
Modify HTTP header log settings PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/logging
Get Pragma settings for a security policy GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/pragma-header
Modify Pragma settings for a security policy PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/pragma-header
Match Targets  
List match targets GET /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets{?policyId,includeChildObjectName}
Create a match target POST /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets
Modify match target order PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/sequence
Get a match target GET /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}{?includeChildObjectName}
Modify a match target PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}
Remove a match target DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}
Custom Deny (Beta)  
List custom deny actions GET /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny{?search}
Create a custom deny action POST /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny
Get a custom deny action GET /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny/{customDenyId}
Modify a custom deny action PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny/{customDenyId}
Remove a custom deny action DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny/{customDenyId}
FailOver Hostnames (Beta)  
List failover hostnames GET /appsec/v1/configs/{configId}/failover-hostnames
IP/Geo Firewall (Beta)  
Get the IP/Geo Firewall settings GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/ip-geo-firewall
Update the IP Geo Firewall settings PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/ip-geo-firewall
Get the bypass network lists settings GET /appsec/v1/configs/{configId}/versions/{versionNumber}/bypass-network-lists
Modify the bypass network lists settings PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/bypass-network-lists
Rate Policies (Beta)  
List rate policies GET /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies
Create a rate policy POST /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies
Get a rate policy GET /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies/{ratePolicyId}
Modify a rate policy PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies/{ratePolicyId}
Remove a rate policy DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies/{ratePolicyId}
Rate Policy Actions (Beta)  
List rate policy actions GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rate-policies
Modify a rate policy action PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rate-policies/{ratePolicyId}
Slow Post (Beta)  
Get Slow POST protection settings GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/slow-post
Modify slow POST protection settings PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/slow-post
Web Application Firewall Rules (Beta)  
Get the current mode GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/mode
Modify the mode PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/mode
List attack groups GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups
Get the action for an attack group GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}
Modify the action for an attack group PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}
Get the exceptions of an attack group GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}/condition-exception
Modify the exceptions of an attack group PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}/condition-exception
List rules GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules
Upgrade KRS ruleset PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules
Get the action for a rule GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}
Modify the action for a rule PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}
Get the conditions and exceptions of a rule GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}/condition-exception
Modify the conditions and exceptions of a rule PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}/condition-exception
Get upgrade details GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/upgrade-details
Web Application Firewall Evaluation Rules (Beta)  
Set evaluation mode POST /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval
List evaluation rules GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules
Get the action of an evaluation rule GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}
Modify the action of an evaluation rule PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}
Get the conditions and exceptions for an evaluation rule GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}/condition-exception
Modify the conditions and exceptions for an evaluation rule PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}/condition-exception
Penalty Box (Beta)  
Get the penalty box GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/penalty-box
Modify the penalty box PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/penalty-box
Custom Rules Builder  
List custom rules GET /appsec/v1/configs/{configId}/custom-rules
Create a custom rule POST /appsec/v1/configs/{configId}/custom-rules
Get a custom rule GET /appsec/v1/configs/{configId}/custom-rules/{ruleId}
Modify a custom rule PUT /appsec/v1/configs/{configId}/custom-rules/{ruleId}
Remove a custom rule DELETE /appsec/v1/configs/{configId}/custom-rules/{ruleId}
Custom Rules Actions  
List custom rule actions GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/custom-rules
Modify a custom rule action PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/custom-rules/{ruleId}
API Request Constraints (Beta)  
List API request constraints and actions GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-request-constraints
Modify the request constraint action for all API PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-request-constraints
Modify an API request constraint’s action PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-request-constraints/{apiId}
API Endpoints (Beta)  
List API Endpoints GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-endpoints
Reputation Profiles (Beta)  
List reputation profiles GET /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles
Create a reputation profile POST /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles
Get a reputation profile GET /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles/{reputationProfileId}
Modify a reputation profile PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles/{reputationProfileId}
Remove a reputation profile DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles/{reputationProfileId}
Reputation Analysis (Beta)  
Get the reputation analysis settings GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-analysis
Update the reputation analysis settings PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-analysis
Reputation Profile Action (Beta)  
List reputation profile actions GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-profiles
Get the action for a reputation profile GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-profiles/{reputationProfileId}
Modify the action for a reputation profile PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-profiles/{reputationProfileId}
Security Policy Protections (Beta)  
Get protections GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/protections
Modify protections PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/protections
SIEM Configuration (Beta)  
Get SIEM settings GET /appsec/v1/configs/{configId}/versions/{versionNumber}/siem
Modify SIEM settings PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/siem
SIEM Definition (Beta)  
Get SIEM versions GET /appsec/v1/siem-definitions
Subscription for Appsec Config Notifications (Beta)  
List subscribers GET /appsec/v1/configs/{configId}/notification/subscription/{feature}
Subscribe or unsubscribe to recommendation emails POST /appsec/v1/configs/{configId}/notification/subscription/{feature}
Security Config Activation  
Activate a configuration version POST /appsec/v1/activations
Get an activation request status GET /appsec/v1/activations/status/{statusId}
Get activation status GET /appsec/v1/activations/{activationId}
Security Configuration Version Export  
Export a configuration version GET /appsec/v1/export/configs/{configId}/versions/{versionNumber}

List contracts and groups

Beta. List the contracts and groups for your account. Each object contains the contract, groups associated with the contract, and whether Kona Site Defender or Web Application Protector is the product for that contract. You’ll need this information when you create a new security configuration or when you want to get a list of hostnames still available for use in a security policy. Contact your account team if you’d like to run this operation.

GET /appsec/v1/contracts-groups

Status 200 application/json

Object type: ContractGroup

Download schema: contractGroups.json

Response body:

{
    "contract_groups": [
        {
            "contractId": "C-AVLN15",
            "displayName": "Acklands Grainger",
            "groupId": 42085
        },
        {
            "contractId": "C-AVLN15",
            "displayName": "AltQ",
            "groupId": 51308
        },
        {
            "contractId": "C-AVLN15",
            "displayName": "BV QA",
            "groupId": 41118
        }
    ]
}

List available hostnames for a new configuration

Lists the hostnames for a given contract and group. Use this operation for a new configuration, and use List selectable hostnames to see a list of hostnames you can add to an existing configuration. This operation shows you every acceptable hostname you can use, where the other hostname operation omits any hostnames already included in your configuration. Contact your account team if you’d like to run this operation.

GET /appsec/v1/contracts/{contractId}/groups/{groupId}/selectable-hostnames

Sample: /appsec/v1/contracts/123-abcd/groups/11223/selectable-hostnames

Parameter Type Sample Description
URL path parameters
contractId String 123-abcd A unique identifier for a contract.
groupId String 11223 A unique identifier for a group.

Status 200 application/json

Response body:

{
    "configId": 123,
    "configVersion": 2,
    "protectARLInclusionHost": true,
    "availableSet": [
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 5443,
            "configNameInProduction": "WAF Security File",
            "hostname": "example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": false,
            "activeInStaging": true,
            "configIdInProduction": 11882,
            "configNameInProduction": "A PUBLIC CONFIG",
            "hostname": "www.example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 6018,
            "configNameInProduction": "Other Security Configuration",
            "hostname": "www.example-123.com"
        }
    ],
    "errorSet": [
        {
            "hostname": "*.example.net",
            "reason": "property is not active in either production or staging",
            "reasonCode": 400
        },
        {
            "hostname": "test-example.net",
            "reason": "You don't have access to this property",
            "reasonCode": 403
        }
    ],
    "selectedSet": [
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 11887,
            "configNameInProduction": "Rbac Test Config",
            "hostname": "m.example.com"
        },
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": null,
            "configNameInProduction": null,
            "hostname": "m.example-123.com"
        }
    ]
}
  1. Run List contracts and groups and select a contractId and a groupId.

  2. Make a GET request to /appsec/v1/contracts/{contractId}/groups/{groupId}/selectable-hostnames.

The operation responds with a SelectableHostnames object.

List configurations

Lists available security configurations.

GET /appsec/v1/configs

Status 200 application/json

Object type: Configuration

Download schema: configListing.json

Response body:

{
    "configurations": [
        {
            "id": 22330,
            "latestVersion": 5,
            "name": "CaroTestTransition2Versioning",
            "description": "(user notes)"
        },
        {
            "id": 7180,
            "latestVersion": 9,
            "name": "Corporate Sites WAF",
            "productionVersion": 1,
            "stagingVersion": 2,
            "productionHostnames": [
                "example.com",
                "www.example.net",
                "m.example.com"
            ]
        }
    ]
}

Create a configuration

Beta. Create a new WAP or KSD security configuration. KSD security configurations start out empty, and WAP configurations are created with preset values. The contract you pass in the request body determines which product you use. You can edit the default settings included in the WAP configuration, but you’ll need to run additional operations in this API to select specific protections for KSD. Your KSD configuration needs match targets and protection settings before you activate. Contact your account team if you’d like to run this operation.

POST /appsec/v1/configs

Content-Type: application/json

Request body:

{
    "name": "newapitest",
    "description": "description1",
    "contractId": "C-AVLN15",
    "groupId": 42085,
    "hostnames": [
        "new.acklandsgrainger.com",
        "www.acklandsgrainger.com"
    ]
}

Status 201 application/json

Response body:

{
    "configId": 57016,
    "version": 1,
    "description": "description1",
    "name": "newapitest"
}
  1. Build a new Configuration object.

  2. POST the object to /appsec/v1/configs.

The operation responds with a Configuration object.

Rename a security configuration

Beta. Update the name of your security configuration. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}

Sample: /appsec/v1/configs/112231

Content-Type: application/json

Object type: RenameConfiguration

Download schema: configRename.json

Request body:

{
    "name": "newapitest",
    "description": "description1"
}
Parameter Type Sample Description
URL path parameters
configId Integer 112231 A unique identifier for each security configuration.

Status 200 application/json

Object type: RenameConfiguration

Download schema: configRename.json

Response body:

{
    "name": "newapitest",
    "description": "description1"
}

List configuration versions

Lists available versions for the specified security configuration, with results optionally paginated.

GET /appsec/v1/configs/{configId}/versions{?page,pageSize,detail}

Sample: /appsec/v1/configs/8277/versions?page=1&pageSize=10&detail=false

Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
Optional query parameters
detail Boolean false When true, the results contain detailed information on versions. When false, the results contain summary information on versions.
page Integer 1 The index of the result page. If the value is -1, then pagination is ignored. The default value is 1.
pageSize Integer 10 The number of items on each result page. The default value is 25.

Status 200 application/json

Object type: VersionList

Download schema: wafConfigVersionListDto.json

Response body:

{
    "totalSize": 3,
    "pageSize": 3,
    "page": 1,
    "configId": 8277,
    "configName": "TestConfig",
    "stagingExpediteRequestId": 5861,
    "productionExpediteRequestId": 6951,
    "productionActiveVersion": 9,
    "stagingActiveVersion": 8,
    "lastCreatedVersion": 9,
    "versionList": [
        {
            "version": 9,
            "versionNotes": "Membership Benefits",
            "createDate": "2013-10-07T17:58:52Z",
            "createdBy": "user1",
            "basedOn": 8,
            "production": {
                "status": "Active",
                "time": "2014-07-08T07:40:00Z"
            },
            "staging": {
                "status": "Inactive"
            }
        },
        {
            "version": 8,
            "versionNotes": "Membership Benefits",
            "createDate": "2013-10-07T17:41:52Z",
            "createdBy": "user2",
            "basedOn": 7,
            "production": {
                "status": "Inactive"
            },
            "staging": {
                "status": "Active",
                "time": "2014-07-08T07:40:00Z"
            }
        },
        {
            "version": 7,
            "versionNotes": "Membership Benefits",
            "createDate": "2013-08-07T17:41:52Z",
            "createdBy": "user3",
            "production": {
                "status": "Inactive"
            },
            "staging": {
                "status": "Inactive"
            }
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Optionally, set the pageSize and page query parameters to control the size of each page, and navigate to specific pages of results.

  3. Optionally, enable the detail query parameter for detailed information on the items returned.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions{?page,pageSize,detail}.

Clone a configuration version

Creates a new version of the specified security configuration.

POST /appsec/v1/configs/{configId}/versions

Sample: /appsec/v1/configs/8277/versions

Content-Type: application/json

Object type: ConfigurationClone

Download schema: configCloneCreate.json

Request body:

{
    "createFromVersion": 1,
    "ruleUpdate": false
}
Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.

Status 200 application/json

Object type: Version

Download schema: wafConfigVersionDto.json

Response body:

{
    "configId": 8277,
    "configName": "TestConfig",
    "version": 2,
    "versionNotes": "Membership Benefits",
    "createDate": "2013-10-07T17:58:52Z",
    "createdBy": "user1",
    "basedOn": 1,
    "production": {
        "status": "Active",
        "time": "2014-07-08T07:40:00Z"
    },
    "staging": {
        "status": "Inactive"
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Create a ConfigurationClone object.

  4. Make a POST request to /appsec/v1/configs/{configId}/versions.

The response reflects the new Configuration object.

Get configuration version details

Returns basic details about a configuration version. To get a more extensive object with detailed information about a version’s security policies, rate policies, rules, and other additional settings, run the Export a configuration version operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}

Sample: /appsec/v1/configs/8277/versions/2

Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: Version

Download schema: wafConfigVersionDto.json

Response body:

{
    "configId": 8277,
    "configName": "TestConfig",
    "version": 2,
    "versionNotes": "Membership Benefits",
    "createDate": "2013-10-07T17:58:52Z",
    "createdBy": "user1",
    "basedOn": 1,
    "production": {
        "status": "Active",
        "time": "2014-07-08T07:40:00Z"
    },
    "staging": {
        "status": "Inactive"
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}.

The response is a Configuration object.

Remove a configuration version

Beta. Delete the specified configuration version. You can’t delete a version that is actively in use. Contact your account team if you’d like to perform this operation.

DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}

Sample: /appsec/v1/configs/8277/versions/2

Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.

Status 204

  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Make a DELETE request to /appsec/v1/configs/{configId}/versions/{versionNumber}.

Get the version notes

Beta. Retrieve the most-recent version notes for a configuration. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/version-notes

Sample: /appsec/v1/configs/17027/versions/25/version-notes

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Download schema: versionNotesGetSuccess.json

Response body:

{
    "notes": "This is the version notes."
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/version-notes.

The operation responds with a VersionNotes object.

Update the version notes

Beta. Update the most-recent version notes for a configuration. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/version-notes

Sample: /appsec/v1/configs/17027/versions/25/version-notes

Content-Type: application/json

Object type: VersionNotes

Download schema: versionNotesSetRequest.json

Request body:

{
    "notes": "This is a version note."
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Download schema: versionNotesSetSuccess.json

Response body:

{
    "notes": "This is the version notes."
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run Get the version notes.

  4. Modify the VersionNotes object.

  5. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/version-notes.

The operation responds with a VersionNotes object.

Get hostname coverage

Beta. Get the list of hostnames in the account with their current protections, activation statuses, and other summary information. Contact your account team if you’d like to run this operation.

GET /appsec/v1/hostname-coverage

Status 200 application/json

Object type: HostnameCoverage

Download schema: hostnameCoverageGetSuccess.json

Response body:

{
    "hostnameCoverage": [
        {
            "configuration": {
                "id": 30141,
                "name": "Grainger Mexico",
                "version": 37
            },
            "status": "covered",
            "hasMatchTarget": true,
            "hostname": "miembrosdeequipo.grainger.com.mx",
            "policyNames": [
                "Grainger Mexico"
            ]
        },
        {
            "configuration": {
                "id": 55851,
                "name": "WFSLTD and API gateway portal",
                "version": 2
            },
            "status": "covered",
            "hasMatchTarget": true,
            "hostname": "apiportal.grainger.com",
            "policyNames": [
                "AAG Sites"
            ]
        },
        {
            "configuration": {
                "id": 21246,
                "name": "Grainger Canada",
                "version": 53
            },
            "status": "covered",
            "hasMatchTarget": true,
            "hostname": "www.acklandsgrainger.com",
            "policyNames": [
                "Grainger Canada"
            ]
        }
    ]
}

Get the hostname coverage match targets

Beta. List the API and website match targets that protect a hostname. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/hostname-coverage/match-targets?hostname={host}

Sample: /appsec/v1/configs/17027/versions/25/hostname-coverage/match-targets?hostname=www.example.com

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
host String www.example.com The hostname to look for.

Status 200 application/json

Download schema: hostnameCoverageMatchTargetGetSuccess.json

Response body:

{
    "matchTargets": {
        "apiTargets": [],
        "websiteTargets": [
            {
                "bypassNetworkLists": [
                    {
                        "id": "1410_BYPASSWAFLIST",
                        "name": "gus - BypassWAFList"
                    }
                ],
                "configId": 2481,
                "configVersion": 428,
                "defaultFile": "NO_MATCH",
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyBotmanControls": true,
                    "applyNetworkLayerControls": true,
                    "applyPageIntegrityControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": true
                },
                "fileExtensions": [],
                "filePaths": [
                    "/content/tealeaf"
                ],
                "firewallPolicy": {
                    "evaluated": false,
                    "policyId": "GRD_4186",
                    "policyName": "Grainger USA",
                    "policySecurityControls": {
                        "applyApiConstraints": false,
                        "applyApplicationLayerControls": true,
                        "applyBotmanControls": true,
                        "applyNetworkLayerControls": true,
                        "applyPageIntegrityControls": false,
                        "applyRateControls": true,
                        "applyReputationControls": true,
                        "applySlowPostControls": true
                    }
                },
                "hostnames": [
                    "failover-m.lt.gcom.grainger.com",
                    "www.grainger.com",
                    "m.grainger.com",
                    "failover-m.lt2.gcom.grainger.com",
                    "keepstockselectiontool.grainger.com",
                    "failover-m.grainger.com",
                    "m.new.grainger.com",
                    "template-www.grainger.com",
                    "a.gc1.co",
                    "safety.grainger.com",
                    "static.grainger.net",
                    "failover-www.grainger.com",
                    "s.gc1.co",
                    "static.grainger.com",
                    "lt2.gcom.grainger.com",
                    "m.lt2.gcom.grainger.com",
                    "images.grainger.com",
                    "akamai-test.qa.graingercloud.com",
                    "failover-lt2.gcom.grainger.com",
                    "www.keepstocksecuredemo.com",
                    "waffailover.grainger.com",
                    "espanol.grainger.com"
                ],
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "isTargetSecurityControlsEditable": false,
                "logicalId": 1730010,
                "sequence": 3,
                "targetId": 2555705,
                "targetSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyNetworkLayerControls": true,
                    "applyPageIntegrityControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": true
                },
                "type": "website"
            }
        ]
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run Get Hostname Coverage, select a hostname value, and store it as a host parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/hostname-coverage/match-targets?hostname={host}.

The operation responds with a HostnameCoverage object.

List hostname overlaps

Beta. List the configuration versions that contain a hostname also included in the current configuration version. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/hostname-coverage/overlapping?hostname={host}

Sample: /appsec/v1/configs/17027/versions/25/hostname-coverage/overlapping?hostname=www.example.com

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
host String www.example.com The to search for.

Status 200 application/json

Object type: HostnameOverlap

Download schema: hostnameCoverageOverlappingGetSuccess.json

Response body:

{
    "overLappingList": [
        {
            "configId": 30141,
            "configName": "Grainger Mexico",
            "configVersion": 37,
            "contractId": "C-AVLN15",
            "contractName": "W.W. Grainger, Inc.-C-AVLN15",
            "versionTags": [
                "STAGING"
            ]
        },
        {
            "configId": 30142,
            "configName": "Grainger Inc",
            "configVersion": 1,
            "contractId": "C-AVLN15",
            "contractName": "W.W. Grainger, Inc.-C-AVLN15",
            "versionTags": [
                "STAGING"
            ]
        },
        {
            "configId": 30143,
            "configName": "Grainger Local",
            "configVersion": 3,
            "contractId": "G-2V3R4M7",
            "contractName": "Zoro-W.W. Grainger, Inc",
            "versionTags": [
                "LAST_CREATED"
            ]
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run Get Hostname Coverage, select a hostname value, and store it as a host parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/hostname-coverage/overlapping?hostname={host}.

The operation responds with a HostnameOverlap object.

Get the HTTP header log settings for a configuration

Beta. List HTTP header logging controls for a configuration. HTTP header logging is on by default, and in most cases you should leave it enabled. You can filter requests by header type, including or excluding requests with a specific header, or by cookie. This operation applies at the configuration level, and therefore applies to all policies within a configuration. If you want to view these settings for a specific policy, run Get HTTP header log settings. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/logging

Sample: /appsec/v1/configs/17027/versions/25/advanced-settings/logging

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Download schema: loggingHeaderSetting.json

Response body:

{
    "allowSampling": true,
    "cookies": {
        "type": "all"
    },
    "customHeaders": {
        "type": "exclude",
        "values": [
            "csdasdad"
        ]
    },
    "standardHeaders": {
        "type": "only",
        "values": [
            "Accept"
        ]
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/logging.

The operation responds with a ConfigHeaderLog object.

Modify HTTP header log settings for a configuration

Beta. Enable, disable, or update HTTP Header Logging settings for a configuration. This operation applies at the configuration level, and therefore applies to all policies within a configuration. If you want to override these settings for a specific policy, run Modify HTTP header log settings. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/logging

Sample: /appsec/v1/configs/17027/versions/25/advanced-settings/logging

Content-Type: application/json

Object type: ConfigHeaderLog

Download schema: httpHeaderLoggingSetRequest.json

Request body:

{
    "allowSampling": true,
    "cookies": {
        "type": "all"
    },
    "customHeaders": {
        "type": "exclude",
        "values": [
            "csdasdad"
        ]
    },
    "standardHeaders": {
        "type": "only",
        "values": [
            "Accept"
        ]
    }
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Download schema: httpHeaderLoggingSetSuccess.json

Response body:

{
    "allowSampling": true,
    "cookies": {
        "type": "all"
    },
    "customHeaders": {
        "type": "exclude",
        "values": [
            "csdasdad"
        ]
    },
    "standardHeaders": {
        "type": "only",
        "values": [
            "Accept"
        ]
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run Get the HTTP header log settings for a configuration.

  4. Modify the ConfigHeaderLog object.

  5. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/logging.

The operation responds with a ConfigHeaderLog object.

Get prefetch requests

Beta. Get the Prefetch Request settings. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/prefetch

Sample: /appsec/v1/configs/17027/versions/25/advanced-settings/prefetch

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: PrefetchRequest

Download schema: prefetchRequestGetSuccess.json

Response body:

{
    "allExtensions": false,
    "enableAppLayer": true,
    "enableRateControls": false,
    "extensions": [
        "cgi",
        "jsp",
        "EMPTY_STRING",
        "aspx",
        "py",
        "php",
        "asp"
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/prefetch.

The operation responds with a PrefetchRequest response object.

Modify prefetch requests

Beta. Enabling this protection causes your application firewall rules to inspect internal requests (those between your origin and Akamai’s servers) for file types you specify. You can also apply rate controls to prefetch requests. This operation applies at the configuration level. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/prefetch

Sample: /appsec/v1/configs/17027/versions/25/advanced-settings/prefetch

Content-Type: application/json

Object type: PrefetchRequest

Download schema: prefetchRequestSetRequest.json

Request body:

{
    "allExtensions": false,
    "enableAppLayer": true,
    "enableRateControls": false,
    "extensions": [
        "cgi",
        "jsp",
        "EMPTY_STRING",
        "aspx",
        "py",
        "php",
        "asp"
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Download schema: prefetchRequestSetSuccess.json

Response body:

{
    "allExtensions": false,
    "enableAppLayer": true,
    "enableRateControls": false,
    "extensions": [
        "cgi",
        "jsp",
        "EMPTY_STRING",
        "aspx",
        "py",
        "php",
        "asp"
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run Get prefetch requests.

  4. Modify the PrefetchRequest object.

  5. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/prefetch.

The operation responds with a PrefetchRequest response object.

Get Pragma settings for a configuration

Beta. Return the Pragma header’s excluded conditions. By default, the Pragma header debugging information is stripped from an operation’s response except in cases where you set excludeCondition. This operation applies at the security configuration level. To see settings at the security policy level, run List policy Pragma header settings for a security policy. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/pragma-header

Sample: /appsec/v1/configs/17027/versions/25/advanced-settings/pragma-header

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: PragmaHeader

Download schema: pragmaHeaderDto.json

Response body:

{
    "action": "REMOVE",
    "conditionOperator": "AND",
    "excludeCondition": [
        {
            "type": "requestHeaderValueMatch",
            "positiveMatch": true,
            "header": "accept",
            "value": [
                "application/json",
                "application/xml"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "ipMatch",
            "positiveMatch": true,
            "value": [
                "1.1.1.1",
                "192.168.100.14/24"
            ],
            "useHeaders": false
        },
        {
            "type": "networkList",
            "positiveMatch": true,
            "value": [
                "123_3ALLOWEDIPS"
            ]
        },
        {
            "type": "queryParamNameValueMatch",
            "positiveMatch": true,
            "name": "type",
            "value": [
                "type A",
                "type B"
            ],
            "valueCase": true,
            "valueWildcard": false
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/pragma-header.

The operation responds with a PragmaHeader object.

Modify Pragma settings for a configuration

Beta. Update the Pragma header’s excluded conditions. By default, the Pragma header debugging information is stripped from an operation’s response except in cases where you set excludeCondition. To remove existing settings, submit your request with an empty payload {} at the top-level of an object. For example, submit "type": "{}" in the request body to remove the REQUEST_HEADER_VALUE_MATCH from the excluded conditions. If you submit an empty payload for each member, you’ll clear all of your condition settings. This operation applies at the security configuration level. To see settings at the security policy level, run Modify Pragma header settings for a security policy. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/pragma-header

Sample: /appsec/v1/configs/17027/versions/25/advanced-settings/pragma-header

Content-Type: application/json

Object type: PragmaHeader

Download schema: pragmaHeaderDto.json

Request body:

{
    "action": "REMOVE",
    "conditionOperator": "AND",
    "excludeCondition": [
        {
            "type": "requestHeaderValueMatch",
            "positiveMatch": true,
            "header": "accept",
            "value": [
                "application/json",
                "application/xml"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "ipMatch",
            "positiveMatch": true,
            "value": [
                "1.1.1.1",
                "192.168.100.14/24"
            ],
            "useHeaders": false
        },
        {
            "type": "networkList",
            "positiveMatch": true,
            "value": [
                "123_3ALLOWEDIPS"
            ]
        },
        {
            "type": "queryParamNameValueMatch",
            "positiveMatch": true,
            "name": "type",
            "value": [
                "type A",
                "type B"
            ],
            "valueCase": true,
            "valueWildcard": false
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: PragmaHeader

Download schema: pragmaHeaderDto.json

Response body:

{
    "action": "REMOVE",
    "conditionOperator": "AND",
    "excludeCondition": [
        {
            "type": "requestHeaderValueMatch",
            "positiveMatch": true,
            "header": "accept",
            "value": [
                "application/json",
                "application/xml"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "ipMatch",
            "positiveMatch": true,
            "value": [
                "1.1.1.1",
                "192.168.100.14/24"
            ],
            "useHeaders": false
        },
        {
            "type": "networkList",
            "positiveMatch": true,
            "value": [
                "123_3ALLOWEDIPS"
            ]
        },
        {
            "type": "queryParamNameValueMatch",
            "positiveMatch": true,
            "name": "type",
            "value": [
                "type A",
                "type B"
            ],
            "valueCase": true,
            "valueWildcard": false
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List Pragma header settings for a configuration.

  4. Modify the PragmaHeader response object.

  5. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/advanced-settings/pragma-header.

The operation responds with the PragmaHeader object you modified.

List selectable hostnames

List the hostnames that a given configuration version has the ability to protect. Hostnames may show as error hosts when they aren’t currently available. For example, when a contract expires.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selectable-hostnames

Status 200 application/json

Object type: SelectableHostnames

Download schema: hostInfoInConfiguration.json

Response body:

{
    "configId": 123,
    "configVersion": 2,
    "protectARLInclusionHost": true,
    "availableSet": [
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 5443,
            "configNameInProduction": "WAF Security File",
            "hostname": "example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": false,
            "activeInStaging": true,
            "configIdInProduction": 11882,
            "configNameInProduction": "A PUBLIC CONFIG",
            "hostname": "www.example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 6018,
            "configNameInProduction": "Other Security Configuration",
            "hostname": "www.example-123.com"
        }
    ],
    "errorSet": [
        {
            "hostname": "*.example.net",
            "reason": "property is not active in either production or staging",
            "reasonCode": 400
        },
        {
            "hostname": "test-example.net",
            "reason": "You don't have access to this property",
            "reasonCode": 403
        }
    ],
    "selectedSet": [
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 11887,
            "configNameInProduction": "Rbac Test Config",
            "hostname": "m.example.com"
        },
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": null,
            "configNameInProduction": null,
            "hostname": "m.example-123.com"
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selectable-hostnames.

The response is a SelectableHostnames object.

List selected hostnames

List the hostnames that the configuration version selects as candidates of protected hostnames, which you can use in match targets.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames

Status 200 application/json

Object type: SelectedHostnames

Download schema: hostnameList.json

Response body:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames.

The response is a SelectedHostnames object.

Modify selected hostnames

Update the list of selected hostnames for a configuration version.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames

Content-Type: application/json

Object type: SelectedHostnames

Download schema: hostnameList.json

Request body:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}

Status 200 application/json

Object type: SelectedHostnames

Download schema: hostnameList.json

Response body:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Run List selectable hostnames to get a list of Set objects containing hostname information.

  4. List selected hostnames to get a SelectedHostnames object.

  5. Modify the SelectedHostnames object.

  6. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames.

The response reflects the modified SelectedHostnames object.

List evaluation hostnames

Beta. List the evaluation hostnames for a configuration version. Evaluation mode for hostnames is only available for Web Application Protector. Run hostnames in evaluation mode to see how your configuration settings protect traffic for that hostname before adding a hostname directly to a live configuration. An evaluation period lasts four weeks unless you stop the evaluation. Once you begin, the hostnames you evaluate start responding to traffic as if they are your current hostnames. However, instead of taking an action the evaluation hostnames log which action they would have taken if they were your actively-protected hostnames and not a test. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames/eval-hostnames

Status 200 application/json

Object type: EvalHostname

Download schema: evalHostnames.json

Response body:

{
    "hostnames": [
        "*.example.net",
        "example.com",
        "m.example.com"
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames/eval-hostnames.

The operation responds with an EvalHostname object.

Modify evaluation hostnames

Beta. Update the list of hostnames you want to evaluate for a configuration version. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames/eval-hostnames

Content-Type: application/json

Object type: EvalHostname

Download schema: evalHostnames.json

Request body:

{
    "hostnames": [
        "*.example.net",
        "example.com",
        "m.example.com"
    ]
}

Status 200 application/json

Object type: EvalHostname

Download schema: evalHostnames.json

Response body:

{
    "hostnames": [
        "*.example.net",
        "example.com",
        "m.example.com"
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List evaluation hostnames.

  4. Modify the EvalHostname object.

PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames/eval-hostnames.

The operation responds with an EvalHostname object.

Protect evaluation hostnames

Beta. Move hostnames you’re evaluating to active protection. When you move a hostname from the evaluation hostnames list, it’s added to your security policy as a protected hostname. You’ll see that hostname in the SelectedHostnames object the next time you run List selected hostnames. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/protect-eval-hostnames

Content-Type: application/json

Object type: EvalHostname

Download schema: evalHostnames.json

Request body:

{
    "hostnames": [
        "*.example.net",
        "example.com",
        "m.example.com"
    ]
}

Status 200 application/json

Object type: EvalHostname

Download schema: evalHostnames.json

Response body:

{
    "hostnames": [
        "*.example.net",
        "example.com",
        "m.example.com"
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List evaluation hostnames.

  4. Modify the EvalHostname object.

  5. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/protect-eval-hostnames.

The operation responds with an EvalHostname object.

List security policies

Returns a list of security policies available for the specified security configuration.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies{?notMatched,detail}

Sample: /appsec/v1/configs/8225/versions/2/security-policies?notMatched=false&detail=true

Parameter Type Sample Description
URL path parameters
configId Integer 8225 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.
Optional query parameters
detail Boolean true When enabled, the response features a richer set of data than the default, which includes only the name and ID of each item.
notMatched Boolean false If true, returns all security policies in the configuration version that don’t have a match target. If false, returns all security policies in the configuration version.

Status 200 application/json

Object type: SecurityPolicy

Download schema: securityPoliciesListDto.json

Response body:

{
    "configId": 1232,
    "version": 8,
    "policies": [
        {
            "policyId": "NN3_61",
            "policyName": "NN FW 3",
            "hasRatePolicyWithApiKey": true,
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": true,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            }
        },
        {
            "policyId": "NN_2",
            "policyName": "NN FW 1",
            "hasRatePolicyWithApiKey": false,
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": false,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            }
        },
        {
            "policyId": "NN-2_3",
            "policyName": "NN FW 2",
            "hasRatePolicyWithApiKey": true,
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": false,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            }
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Optionally, enable the notMatched query parameter to return all security policies in the configuration version which don’t have a match target.

  4. Optionally, enable the detail query parameter to see detailed information on the returned items.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies{?notMatched,detail}.

Clone or create a security policy

Creates a new copy of an existing security policy. Creates a new security policy from scratch if you don’t specify a policy to clone in the request.

POST /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies

Sample: /appsec/v1/configs/8225/versions/2/security-policies

Content-Type: application/json

Object type: SecurityPolicyClone

Download schema: securityPolicyCloneRequest.json

Request body:

{
    "createFromSecurityPolicy": "1_35752",
    "policyName": "Open Cloned IV 2",
    "policyPrefix": "bt17"
}
Parameter Type Sample Description
URL path parameters
configId Integer 8225 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.

Status 201 application/json

Object type: SecurityPolicy

Download schema: securityPolicyDto.json

Response body:

{
    "configId": 16877,
    "version": 144,
    "policyId": "bt17_75755",
    "policyName": "Open Cloned IV 2",
    "policySecurityControls": {
        "applyApiConstraints": true,
        "applyApplicationLayerControls": true,
        "applyBotmanControls": true,
        "applyNetworkLayerControls": true,
        "applyRateControls": true,
        "applyReputationControls": true,
        "applySlowPostControls": false
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies and select a policyId.

  4. Create a SecurityPolicyClone object.

  5. Make a POST request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies.

The response reflects the new SecurityPolicy object.

Get a security policy

Beta. Returns the specified security policy. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}

Sample: /appsec/v1/configs/8225/versions/2/security-policies/abc_123456

Parameter Type Sample Description
URL path parameters
configId Integer 8225 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.
policyId String abc_123456 A unique identifier for a security policy.

Status 200 application/json

Response body:

{
    "configId": 16877,
    "version": 144,
    "policyId": "bt17_75755",
    "policyName": "Open Cloned IV 2",
    "policySecurityControls": {
        "applyApiConstraints": true,
        "applyApplicationLayerControls": true,
        "applyBotmanControls": true,
        "applyNetworkLayerControls": true,
        "applyRateControls": true,
        "applyReputationControls": true,
        "applySlowPostControls": false
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}.

The operation responds with a SecurityPolicy object.

Modify a security policy

Beta. Update the name of a specific security policy. You can only edit a security policy’s name with this operation. For any changes to settings within a security policy, run the modify operation for that specific setting. For example, to update your IP/Geo settings, run Update the IP Geo Firewall settings. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}

Sample: /appsec/v1/configs/8225/versions/2/security-policies/abc_123456

Content-Type: application/json

Request body:

{
    "policyName": "updated policy name"
}
Parameter Type Sample Description
URL path parameters
configId Integer 8225 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.
policyId String abc_123456 A unique identifier for a security policy.

Status 200 application/json

Response body:

{
    "policyName": "updated policy name"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Optionally, run Get a security policy to isolate the specific security policy you want to update.

  5. Modify a SecurityPolicy object from the response.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}.

The operation responds with a SecurityPolicy object.

Remove a security policy

Beta. Delete the specified security policy. You can’t delete a security policy that is actively in use. Before you run this operation, create a new version of your security configuration and omit the policy you want to delete. Once you have activated your new configuration version, you can delete the security policy you omitted from the new version. One way to create a new configuration quickly is to run Clone a configuration version, remove the policy you want to delete, then PUT the edited object back to Modify a security policy. Contact your account team if you’d like to perform this operation.

DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}

Sample: /appsec/v1/configs/8225/versions/2/security-policies/abc_123456

Parameter Type Sample Description
URL path parameters
configId Integer 8225 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.
policyId String abc_123456 A unique identifier for a security policy.

Status 204

  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a DELETE request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}.

Get HTTP header log settings

Beta. List a security policy’s settings for HTTP header logging. HTTP header logging is on by default, and in most cases you should leave it enabled. You can filter requests by header type, including or excluding requests with a specific header, or by cookie. This operation applies at the security policy level, and overrides the HTTP header log settings at the configuration level on a per-policy basis. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/logging

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/advanced-settings/logging

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Download schema: policyHttpHeaderLoggingGetSuccess.json

Response body:

{
    "override": true,
    "allowSampling": true,
    "cookies": {
        "type": "all"
    },
    "customHeaders": {
        "type": "exclude",
        "values": [
            "csdasdad"
        ]
    },
    "standardHeaders": {
        "type": "only",
        "values": [
            "Accept"
        ]
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/logging.

The operation responds with a HeaderLog object.

Modify HTTP header log settings

Beta. Enable, disable, or update HTTP Header Logging settings for a specific policy. This operation applies at the security policy level, and overrides the HTTP header log settings at the configuration level on a per-policy basis. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/logging

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/advanced-settings/logging

Content-Type: application/json

Object type: HeaderLog

Download schema: policyHttpHeaderLoggingSetRequest.json

Request body:

{
    "override": true,
    "allowSampling": true,
    "cookies": {
        "type": "all"
    },
    "customHeaders": {
        "type": "exclude",
        "values": [
            "csdasdad"
        ]
    },
    "standardHeaders": {
        "type": "only",
        "values": [
            "Accept"
        ]
    }
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Download schema: policyHttpHeaderLoggingSetSuccess.json

Response body:

{
    "override": true,
    "allowSampling": true,
    "cookies": {
        "type": "all"
    },
    "customHeaders": {
        "type": "exclude",
        "values": [
            "csdasdad"
        ]
    },
    "standardHeaders": {
        "type": "only",
        "values": [
            "Accept"
        ]
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run Get HTTP header log settings.

  5. Modify the HeaderLog object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/logging.

The operation responds with a HeaderLog object.

Get Pragma settings for a security policy

Beta. Return the Pragma header’s excluded conditions. By default, the Pragma header debugging information is stripped from an operation’s response except in cases where you set excludeCondition. This operation applies at the security policy level. To modify Pragma header settings at the security configuration level, run List Pragma header settings for a configuration. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/pragma-header

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/advanced-settings/pragma-header

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Object type: PragmaHeader

Download schema: pragmaHeaderDto.json

Response body:

{
    "action": "REMOVE",
    "conditionOperator": "AND",
    "excludeCondition": [
        {
            "type": "requestHeaderValueMatch",
            "positiveMatch": true,
            "header": "accept",
            "value": [
                "application/json",
                "application/xml"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "ipMatch",
            "positiveMatch": true,
            "value": [
                "1.1.1.1",
                "192.168.100.14/24"
            ],
            "useHeaders": false
        },
        {
            "type": "networkList",
            "positiveMatch": true,
            "value": [
                "123_3ALLOWEDIPS"
            ]
        },
        {
            "type": "queryParamNameValueMatch",
            "positiveMatch": true,
            "name": "type",
            "value": [
                "type A",
                "type B"
            ],
            "valueCase": true,
            "valueWildcard": false
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/pragma-header.

The operation responds with a PragmaHeader object.

Modify Pragma settings for a security policy

Beta. Update the pragma header’s excluded conditions. By default, the Pragma header debugging information is stripped from an operation’s response except in cases where you set excludeCondition. To remove existing settings, submit your request with an empty payload {} at the top-level of an object. For example, submit "type": "{}" in the request body to remove the REQUEST_HEADER_VALUE_MATCH from the excluded conditions. If you submit an empty payload for each member, you’ll clear all of your condition settings. To modify Pragma header settings at the security configuration level, run Modify Pragma header settings for a configuration. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/pragma-header

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/advanced-settings/pragma-header

Content-Type: application/json

Object type: PragmaHeader

Download schema: pragmaHeaderDto.json

Request body:

{
    "action": "REMOVE",
    "conditionOperator": "AND",
    "excludeCondition": [
        {
            "type": "requestHeaderValueMatch",
            "positiveMatch": true,
            "header": "accept",
            "value": [
                "application/json",
                "application/xml"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "ipMatch",
            "positiveMatch": true,
            "value": [
                "1.1.1.1",
                "192.168.100.14/24"
            ],
            "useHeaders": false
        },
        {
            "type": "networkList",
            "positiveMatch": true,
            "value": [
                "123_3ALLOWEDIPS"
            ]
        },
        {
            "type": "queryParamNameValueMatch",
            "positiveMatch": true,
            "name": "type",
            "value": [
                "type A",
                "type B"
            ],
            "valueCase": true,
            "valueWildcard": false
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Object type: PragmaHeader

Download schema: pragmaHeaderDto.json

Response body:

{
    "action": "REMOVE",
    "conditionOperator": "AND",
    "excludeCondition": [
        {
            "type": "requestHeaderValueMatch",
            "positiveMatch": true,
            "header": "accept",
            "value": [
                "application/json",
                "application/xml"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "ipMatch",
            "positiveMatch": true,
            "value": [
                "1.1.1.1",
                "192.168.100.14/24"
            ],
            "useHeaders": false
        },
        {
            "type": "networkList",
            "positiveMatch": true,
            "value": [
                "123_3ALLOWEDIPS"
            ]
        },
        {
            "type": "queryParamNameValueMatch",
            "positiveMatch": true,
            "name": "type",
            "value": [
                "type A",
                "type B"
            ],
            "valueCase": true,
            "valueWildcard": false
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List Pragma header settings for a security policy.

  5. Modify the PragmaHeader response object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/advanced-settings/pragma-header.

The operation responds with the PragmaHeader object you modified.

List match targets

List match targets defined in the specified security configuration version.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets{?policyId,includeChildObjectName}

Sample: /appsec/v1/configs/17027/versions/25/match-targets?policyId=ancv_1234&includeChildObjectName=true

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
Optional query parameters
includeChildObjectName Boolean true Specifies the name for network list and API endpoint objects to return in the response.
policyId String ancv_1234 Specifies the security policy to filter match targets.

Status 200 application/json

Object type: MatchTarget

Download schema: matchTargetList.json

Response body:

{
    "matchTargets": {
        "apiTargets": [
            {
                "configId": 17027,
                "configVersion": 25,
                "sequence": 3,
                "targetId": 1222208,
                "type": "api",
                "effectiveSecurityControls": {
                    "applyApiConstraints": true,
                    "applyApplicationLayerControls": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "ancv_1234"
                },
                "apis": [
                    {
                        "id": 1111,
                        "name": "API Endpoint 1"
                    },
                    {
                        "id": 2222,
                        "name": "API Endpoint 2"
                    }
                ],
                "bypassNetworkLists": [
                    {
                        "name": "Example network list 11",
                        "id": "522825_CCCBYPASSLIST"
                    },
                    {
                        "name": "Example network list 12",
                        "id": "1622566_XXAABYPASSL"
                    }
                ]
            }
        ],
        "websiteTargets": [
            {
                "configId": 17027,
                "configVersion": 25,
                "defaultFile": "NO_MATCH",
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "sequence": 1,
                "targetId": 1221059,
                "type": "website",
                "fileExtensions": [
                    "html"
                ],
                "filePaths": [
                    "/*"
                ],
                "hostnames": [],
                "effectiveSecurityControls": {
                    "applyApiConstraints": false,
                    "applyApplicationLayerControls": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "ancv_1234"
                },
                "bypassNetworkLists": [
                    {
                        "name": "Example network list 21",
                        "id": "222825_AAABYPASSLIST"
                    },
                    {
                        "name": "Example network list 22",
                        "id": "2622566_YYAABYPASSL"
                    }
                ]
            },
            {
                "configId": 17027,
                "configVersion": 25,
                "defaultFile": "NO_MATCH",
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "sequence": 2,
                "targetId": 1222207,
                "type": "website",
                "bypassNetworkLists": [],
                "fileExtensions": [],
                "filePaths": [
                    "/path"
                ],
                "hostnames": [
                    "example.com",
                    "www.example.net",
                    "m.example.com"
                ],
                "effectiveSecurityControls": {
                    "applyApiConstraints": false,
                    "applyApplicationLayerControls": true,
                    "applyNetworkLayerControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "ancv_1234"
                }
            }
        ]
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Optionally, Run List security policies and select a policyId.

  4. Optionally, enable the includeChildObjectName query parameter to return the object name in the payload.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets{?policyId,includeChildObjectName}.

Create a match target

Creates a new Match Target in the specified Configuration Version.

POST /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets

Sample: /appsec/v1/configs/17027/versions/25/match-targets

Content-Type: application/json

Object type: MatchTarget

Download schema: matchTarget.json

Request body:

{
    "type": "website",
    "isNegativePathMatch": false,
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "NO_MATCH",
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "bypassNetworkLists": [
        {
            "id": "888518_ACDDCKERS"
        },
        {
            "id": "1304427_AAXXBBLIST"
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 201 application/json

Object type: MatchTarget

Download schema: matchTarget.json

Response body:

{
    "targetId": 112231,
    "configId": 17027,
    "configVersion": 25,
    "type": "website",
    "sequence": 1,
    "isNegativePathMatch": false,
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "NO_MATCH",
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "effectiveSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": false,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": false
    },
    "bypassNetworkLists": [
        {
            "name": "Test network list 1",
            "id": "888518_ACDDCKERS"
        },
        {
            "name": "Test network list 2",
            "id": "1304427_AAXXBBLIST"
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Create a MatchTarget object.

  4. Make a POST request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets.

The response reflects the complete MatchTarget object.

Modify match target order

Updates the sequence of Match Targets in a configuration version. The website and api match targets’ sequence requires updates from separate requests by passing the type attribute in the JSON request.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/sequence

Sample: /appsec/v1/configs/17027/versions/25/match-targets/sequence

Content-Type: application/json

Object type: MatchTargetOrder

Download schema: matchTargetsSequence.json

Request body:

{
    "type": "website",
    "targetSequence": [
        {
            "targetId": 1217289,
            "sequence": 1
        },
        {
            "targetId": 1217339,
            "sequence": 2
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: MatchTargetOrder

Download schema: matchTargetsSequence.json

Response body:

{
    "type": "website",
    "targetSequence": [
        {
            "targetId": 1217289,
            "sequence": 1
        },
        {
            "targetId": 1217339,
            "sequence": 2
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Run List match targets.

  4. Craft a MatchTargetOrder object using the targetIds.

  5. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/sequence.

The response reflects the modified MatchTargetOrder object.

Get a match target

Returns the specified match target.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}{?includeChildObjectName}

Sample: /appsec/v1/configs/17027/versions/25/match-targets/112231?includeChildObjectName=true

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
targetId Integer 112231 A unique identifier for each match target.
Optional query parameters
includeChildObjectName Boolean true Specify whether to return the object name in the payload.

Status 200 application/json

Object type: MatchTarget

Download schema: matchTarget.json

Response body:

{
    "targetId": 112231,
    "configId": 17027,
    "configVersion": 25,
    "type": "website",
    "sequence": 1,
    "isNegativePathMatch": false,
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "NO_MATCH",
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "effectiveSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": false,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": false
    },
    "bypassNetworkLists": [
        {
            "name": "Test network list 1",
            "id": "888518_ACDDCKERS"
        },
        {
            "name": "Test network list 2",
            "id": "1304427_AAXXBBLIST"
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Run List match targets and select a targetId.

  4. Optionally, enable the includeChildObjectName query parameter to return the object name in the payload.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}{?includeChildObjectName}.

The response is a MatchTarget object.

Modify a match target

Updates details about the specified match target.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}

Sample: /appsec/v1/configs/17027/versions/25/match-targets/112231

Content-Type: application/json

Object type: MatchTarget

Download schema: matchTarget.json

Request body:

{
    "targetId": 112231,
    "type": "website",
    "isNegativePathMatch": false,
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "NO_MATCH",
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "bypassNetworkLists": [
        {
            "id": "888518_ACDDCKERS"
        },
        {
            "id": "1304427_AAXXBBLIST"
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
targetId Integer 112231 A unique identifier for each match target.

Status 200 application/json

Object type: MatchTarget

Download schema: matchTarget.json

Response body:

{
    "targetId": 112231,
    "configId": 17027,
    "configVersion": 25,
    "type": "website",
    "sequence": 1,
    "isNegativePathMatch": false,
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "NO_MATCH",
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "effectiveSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": false,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": false
    },
    "bypassNetworkLists": [
        {
            "name": "Test network list 1",
            "id": "888518_ACDDCKERS"
        },
        {
            "name": "Test network list 2",
            "id": "1304427_AAXXBBLIST"
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Run List match targets and select a targetId.

  4. Run Get a match target.

  5. Modify the MatchTarget object.

  6. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}.

The response reflects the modified MatchTarget object.

Remove a match target

Deletes the specified match target.

DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}

Sample: /appsec/v1/configs/17027/versions/25/match-targets/112231

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
targetId Integer 112231 A unique identifier for each match target.

Status 204

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Run List match targets and select a targetId.

  4. Make a DELETE request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}.

List custom deny actions

Beta. Returns custom deny actions for a specific security configuration version. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny{?search}

Sample: /appsec/v1/configs/17027/versions/25/custom-deny?search=234

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
Optional query parameters
search String 234 Filter results by name, description, or ID. You can match on substrings.

Status 200 application/json

Download schema: customDenyList.json

Response body:

{
    "customDenyList": [
        {
            "description": "Custom Deny Example 1",
            "name": "Custom Deny Example 1",
            "id": "deny_custom_622918",
            "parameters": [
                {
                    "displayName": "Prevent browser caching",
                    "name": "prevent_browser_cache",
                    "value": "true"
                },
                {
                    "displayName": "Response body content",
                    "name": "response_body_content",
                    "value": "body comes here2222."
                },
                {
                    "displayName": "Response content type",
                    "name": "response_content_type",
                    "value": "application/json"
                },
                {
                    "displayName": "Response status code",
                    "name": "response_status_code",
                    "value": "403"
                }
            ]
        },
        {
            "description": "Custom Deny Example 2",
            "name": "Custom Deny Example 2",
            "id": 622919,
            "parameters": [
                {
                    "displayName": "Prevent browser caching",
                    "name": "prevent_browser_cache",
                    "value": "true"
                },
                {
                    "displayName": "Response body content",
                    "name": "response_body_content",
                    "value": "response body."
                },
                {
                    "displayName": "Response content type",
                    "name": "response_content_type",
                    "value": "application/json"
                },
                {
                    "displayName": "Response status code",
                    "name": "response_status_code",
                    "value": "403"
                }
            ]
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Optionally, search for any name, description, or ID. Partial searches are allowed.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny{?search}.

The operation responds with a CustomDeny array.

Create a custom deny action

Beta. Create a new custom deny action for a specific configuration version. Contact your account team if you’d like to run this operation.

POST /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny

Sample: /appsec/v1/configs/17027/versions/25/custom-deny

Content-Type: application/json

Object type: CustomDeny

Download schema: customDeny.json

Request body:

{
    "description": "test description",
    "name": "new custom deny",
    "parameters": [
        {
            "displayName": "Prevent browser caching",
            "name": "prevent_browser_cache",
            "value": "true"
        },
        {
            "displayName": "Response body content",
            "name": "response_body_content",
            "value": "json desc"
        },
        {
            "displayName": "Response content type",
            "name": "response_content_type",
            "value": "application/xml"
        },
        {
            "displayName": "Response status code",
            "name": "response_status_code",
            "value": "403"
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 201 application/json

Object type: CustomDeny

Download schema: customDeny.json

Response body:

{
    "description": "test description",
    "name": "new custom deny",
    "id": "deny_custom_622919",
    "parameters": [
        {
            "displayName": "Prevent browser caching",
            "name": "prevent_browser_cache",
            "value": "true"
        },
        {
            "displayName": "Response body content",
            "name": "response_body_content",
            "value": "json body"
        },
        {
            "displayName": "Response content type",
            "name": "response_content_type",
            "value": "application/xml"
        },
        {
            "displayName": "Response status code",
            "name": "response_status_code",
            "value": "403"
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Build a new CustomDeny object.

  4. POST the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny.

The operation responds with a CustomDeny object.

Get a custom deny action

Beta. Returns the specified custom deny action. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny/{customDenyId}

Sample: /appsec/v1/configs/17027/versions/25/custom-deny/112231

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
customDenyId String 112231 A unique identifier for each custom deny action.

Status 200 application/json

Object type: CustomDeny

Download schema: customDeny.json

Response body:

{
    "description": "test description",
    "name": "new custom deny",
    "id": "deny_custom_622919",
    "parameters": [
        {
            "displayName": "Prevent browser caching",
            "name": "prevent_browser_cache",
            "value": "true"
        },
        {
            "displayName": "Response body content",
            "name": "response_body_content",
            "value": "json body"
        },
        {
            "displayName": "Response content type",
            "name": "response_content_type",
            "value": "application/xml"
        },
        {
            "displayName": "Response status code",
            "name": "response_status_code",
            "value": "403"
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List custom deny actions, select and id value, and store it as a customDenyId.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny/{customDenyId}.

The operation responds with a CustomDeny object.

Modify a custom deny action

Beta. Update details for a specific custom deny action. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny/{customDenyId}

Sample: /appsec/v1/configs/17027/versions/25/custom-deny/112231

Content-Type: application/json

Object type: CustomDeny

Download schema: customDeny.json

Request body:

{
    "description": "test description",
    "name": "new custom deny",
    "id": 622919,
    "parameters": [
        {
            "displayName": "Prevent browser caching",
            "name": "prevent_browser_cache",
            "value": "true"
        },
        {
            "displayName": "Response body content",
            "name": "response_body_content",
            "value": "json desc"
        },
        {
            "displayName": "Response content type",
            "name": "response_content_type",
            "value": "application/xml"
        },
        {
            "displayName": "Response status code",
            "name": "response_status_code",
            "value": "403"
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
customDenyId String 112231 A unique identifier for each custom deny action.

Status 200 application/json

Object type: CustomDeny

Download schema: customDeny.json

Response body:

{
    "description": "test description",
    "name": "new custom deny",
    "id": "deny_custom_622919",
    "parameters": [
        {
            "displayName": "Prevent browser caching",
            "name": "prevent_browser_cache",
            "value": "true"
        },
        {
            "displayName": "Response body content",
            "name": "response_body_content",
            "value": "json body"
        },
        {
            "displayName": "Response content type",
            "name": "response_content_type",
            "value": "application/xml"
        },
        {
            "displayName": "Response status code",
            "name": "response_status_code",
            "value": "403"
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List custom deny actions, select and id value, and store it as a customDenyId.

  4. Run Get a custom deny action.

  5. Modify the CustomDeny object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny/{customDenyId}.

The operation responds with a CustomDeny object.

Remove a custom deny action

Beta. Delete a custom deny action. You can’t delete a custom deny action that is actively in use. To delete the custom deny action, first activate an older configuration version or create a new version without the policy in place. Contact your account team if you’d like to perform this operation.

DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny/{customDenyId}

Sample: /appsec/v1/configs/17027/versions/25/custom-deny/112231

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
customDenyId String 112231 A unique identifier for each custom deny action.

Status 204

  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List custom deny actions, select and id value, and store it as a customDenyId.

  4. Make a DELETE request to /appsec/v1/configs/{configId}/versions/{versionNumber}/custom-deny/{customDenyId}.

List failover hostnames

Beta. Get a list of the failover hostnames in a configuration. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/failover-hostnames

Status 200 application/json

Object type: SelectedHostnames

Download schema: hostnameList.json

Response body:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}

Get the IP/Geo firewall settings

Beta. Lists which network lists are used in the IP/Geo Firewall settings. In Control Center this method is called mode. In this API the method is called blocked. The response shows blocked and allowed IPs depending on which network lists you include and which version of the mode you choose. If you want to add or remove IP addresses from the network lists, use the Network Lists API. Note: Subnet controls are a legacy item in Control Center and are not available through this API. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/ip-geo-firewall

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/ip-geo-firewall

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for each security policy.

Status 200 application/json

Download schema: ipGeoFirewallGetSuccess.json

Response body:

{
    "block": "blockSpecificIPGeo",
    "geoControls": {
        "blockedIPNetworkLists": {
            "networkList": [
                "72138_TEST1"
            ]
        }
    },
    "ipControls": {
        "allowedIPNetworkLists": {
            "networkList": [
                "56921_TEST"
            ]
        },
        "blockedIPNetworkLists": {
            "networkList": [
                "53712_TESTLIST123"
            ]
        }
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/ip-geo-firewall.

The operation responds with an IPGeoFirewall object.

Update the IP/Geo firewall settings

Beta. Update the method and which network lists to use for IP/Geo firewall blocking. In Control Center this method is called mode. In this API the method is called blocked. Use blockSpecificIPGeo to block any IPs, geographies, or network lists you choose with this setting. Use blockAllTrafficExceptAllowedIPs to allow specific IPs or geographies that you choose to let through while the rest remain blocked. IPs you want to allow are contained in the allowedIPNetworkLists. It’s important to verify the IPs you block are the ones you intend to block as it’s easy to block wanted traffic by accident. Note: Subnet controls are a legacy item in Control Center and are not available through this API. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/ip-geo-firewall

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/ip-geo-firewall

Content-Type: application/json

Object type: IPGeoFirewall

Download schema: ipGeoFirewallSetRequest.json

Request body:

{
    "block": "blockSpecificIPGeo",
    "geoControls": {
        "blockedIPNetworkLists": {
            "networkList": [
                "72138_TEST1"
            ]
        }
    },
    "ipControls": {
        "allowedIPNetworkLists": {
            "networkList": [
                "56921_TEST"
            ]
        },
        "blockedIPNetworkLists": {
            "networkList": [
                "53712_TESTLIST123"
            ]
        }
    }
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for each security policy.

Status 200 application/json

Download schema: ipGeoFirewallSetSuccess.json

Response body:

{
    "block": "blockSpecificIPGeo",
    "geoControls": {
        "blockedIPNetworkLists": {
            "networkList": [
                "72138_TEST1"
            ]
        }
    },
    "ipControls": {
        "allowedIPNetworkLists": {
            "networkList": [
                "56921_TEST"
            ]
        },
        "blockedIPNetworkLists": {
            "networkList": [
                "53712_TESTLIST123"
            ]
        }
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run Get the IP/Geo Firewall settings.

  5. Modify the IPGeoFirewall object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/ip-geo-firewall.

The operation responds with an IPGeoFirewall object.

Get the bypass network lists settings

Beta. Lists which network lists are used in the bypass network lists settings. If you want to add or remove IP addresses from the network lists, use the Network Lists API. Note: Subnet controls are a legacy item in Control Center and are not available through this API. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/bypass-network-lists

Sample: /appsec/v1/configs/17027/versions/25/bypass-network-lists

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Download schema: bypassNetworklists.json

Response body:

{
    "networkLists": [
        {
            "name": "Test network list 1",
            "id": "888518_ACDDCKERS"
        },
        {
            "name": "Test network list 2",
            "id": "1304427_AAXXBBLIST"
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/bypass-network-lists.

The operation responds with a BypassNetworkList object.

Modify the bypass network lists settings

Beta. Update which network lists to use in the bypass network lists settings. If you want to add or remove IP addresses from the network lists, use the Network Lists API. Note: Subnet controls are a legacy item in Control Center and are not available through this API. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/bypass-network-lists

Sample: /appsec/v1/configs/17027/versions/25/bypass-network-lists

Content-Type: application/json

Object type: BypassNetworkList

Download schema: bypassNetworklists-put.json

Request body:

{
    "networkLists": [
        "1304427_AAXXBBLIST",
        "888518_ACDDCKERS"
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: BypassNetworkList

Download schema: bypassNetworklists-put.json

Response body:

{
    "block": "blockSpecificIPGeo",
    "geoControls": {
        "blockedIPNetworkLists": {
            "networkList": [
                "72138_TEST1"
            ]
        }
    },
    "ipControls": {
        "allowedIPNetworkLists": {
            "networkList": [
                "56921_TEST"
            ]
        },
        "blockedIPNetworkLists": {
            "networkList": [
                "53712_TESTLIST123"
            ]
        }
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run Get the bypass network lists settings.

  4. Modify the BypassNetworkList object.

  5. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/bypass-network-lists.

The operation responds with a BypassNetworkList object.

List rate policies

Beta. Returns rate policies for a specific security configuration version. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies

Sample: /appsec/v1/configs/17027/versions/25/rate-policies

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: RatePolicy

Download schema: ratePoliciesList.json

Response body:

{
    "ratePolicies": [
        {
            "id": 484616,
            "matchType": "path",
            "type": "WAF",
            "name": "Test_Paths 2",
            "description": "AFW Test Extensions",
            "averageThreshold": 5,
            "burstThreshold": 10,
            "clientIdentifier": "ip",
            "useXForwardForHeaders": true,
            "requestType": "ClientRequest",
            "sameActionOnIpv6": false,
            "path": {
                "positiveMatch": true,
                "values": [
                    "/login/",
                    "/path/"
                ]
            },
            "pathMatchType": "Custom",
            "pathUriPositiveMatch": true,
            "fileExtensions": {
                "positiveMatch": false,
                "values": [
                    "3g2",
                    "3gp",
                    "aif",
                    "aiff",
                    "au",
                    "avi",
                    "bin",
                    "bmp",
                    "cab"
                ]
            },
            "hostnames": [
                "www.ludin.org"
            ],
            "additionalMatchOptions": [
                {
                    "positiveMatch": true,
                    "type": "IpAddressCondition",
                    "values": [
                        "198.129.76.39"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "RequestMethodCondition",
                    "values": [
                        "GET"
                    ]
                }
            ],
            "queryParameters": [
                {
                    "name": "productId",
                    "values": [
                        "BUB_12",
                        "SUSH_11"
                    ],
                    "positiveMatch": true,
                    "valueInRange": false
                }
            ],
            "createDate": "2016-07-22 18:57:08.0",
            "updateDate": "2017-02-22 00:05:41.0",
            "used": false
        },
        {
            "id": 484617,
            "matchType": "api",
            "type": "WAF",
            "name": "Test_Paths 2",
            "description": "AFW Test Extensions",
            "averageThreshold": 5,
            "burstThreshold": 10,
            "clientIdentifier": "ip",
            "useXForwardForHeaders": true,
            "requestType": "ClientRequest",
            "sameActionOnIpv": false,
            "apiSelectors": [
                {
                    "apiDefinitionId": 602,
                    "resourceIds": [
                        748
                    ]
                }
            ],
            "fileExtensions": {
                "positiveMatch": false,
                "values": [
                    "avi",
                    "bmp",
                    "jpg"
                ]
            },
            "hostnames": [
                "www.soasta.com"
            ],
            "additionalMatchOptions": [
                {
                    "positiveMatch": false,
                    "values": [
                        "18198_DSWINTERNALTESTIPADDRES",
                        "7054_FEOSERVERS"
                    ],
                    "type": "NetworkListCondition"
                },
                {
                    "positiveMatch": false,
                    "values": [
                        "soasta",
                        "MovableInk"
                    ],
                    "type": "UserAgentCondition"
                }
            ],
            "queryParameters": [
                {
                    "name": "productId",
                    "values": [
                        "BUB_12",
                        "SUSH_11"
                    ],
                    "positiveMatch": true,
                    "valueInRange": false
                }
            ],
            "bodyParameters": [
                {
                    "name": "Country",
                    "values": [
                        "USA",
                        "Canada"
                    ],
                    "positiveMatch": true,
                    "valueInRange": false
                }
            ],
            "createDate": "2016-07-22 18:57:08.0",
            "updateDate": "2017-02-22 00:05:41.0",
            "used": false
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions, select a version value, and store it as a versionNumber path parameter.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies.

The operation responds with an array of RatePolicy objects.

Create a rate policy

Beta. Create a new rate policy for a specific configuration version. Contact your account team if you’d like to run this operation.

POST /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies

Sample: /appsec/v1/configs/17027/versions/25/rate-policies

Content-Type: application/json

Object type: RatePolicy

Download schema: ratePolicy.json

Request body:

{
    "matchType": "path",
    "type": "WAF",
    "name": "Test_Paths 2",
    "description": "AFW Test Extensions",
    "averageThreshold": 5,
    "burstThreshold": 10,
    "clientIdentifier": "ip",
    "useXForwardForHeaders": true,
    "requestType": "ClientRequest",
    "sameActionOnIpv6": false,
    "path": {
        "positiveMatch": true,
        "values": [
            "/login/",
            "/path/"
        ]
    },
    "pathMatchType": "Custom",
    "pathUriPositiveMatch": true,
    "fileExtensions": {
        "positiveMatch": false,
        "values": [
            "3g2",
            "3gp",
            "aif",
            "aiff",
            "au",
            "avi",
            "bin",
            "bmp",
            "cab"
        ]
    },
    "hostnames": [
        "www.ludin.org"
    ],
    "additionalMatchOptions": [
        {
            "positiveMatch": true,
            "type": "IpAddressCondition",
            "values": [
                "198.129.76.39"
            ]
        },
        {
            "positiveMatch": true,
            "type": "RequestMethodCondition",
            "values": [
                "GET"
            ]
        }
    ],
    "queryParameters": [
        {
            "name": "productId",
            "values": [
                "BUB_12",
                "SUSH_11"
            ],
            "positiveMatch": true,
            "valueInRange": false
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 201 application/json

Object type: RatePolicy

Download schema: ratePolicy.json

Response body:

{
    "id": 484616,
    "policyId": 2234,
    "matchType": "path",
    "type": "WAF",
    "name": "Test_Paths 2",
    "description": "AFW Test Extensions",
    "averageThreshold": 5,
    "burstThreshold": 10,
    "clientIdentifier": "ip",
    "useXForwardForHeaders": true,
    "requestType": "ClientRequest",
    "sameActionOnIpv6": false,
    "path": {
        "positiveMatch": true,
        "values": [
            "/login/",
            "/path/"
        ]
    },
    "pathMatchType": "Custom",
    "pathUriPositiveMatch": true,
    "fileExtensions": {
        "positiveMatch": false,
        "values": [
            "3g2",
            "3gp",
            "aif",
            "aiff",
            "au",
            "avi",
            "bin",
            "bmp",
            "cab"
        ]
    },
    "hostnames": [
        "www.ludin.org"
    ],
    "additionalMatchOptions": [
        {
            "positiveMatch": true,
            "type": "IpAddressCondition",
            "values": [
                "198.129.76.39"
            ]
        },
        {
            "positiveMatch": true,
            "type": "RequestMethodCondition",
            "values": [
                "GET"
            ]
        }
    ],
    "queryParameters": [
        {
            "name": "productId",
            "values": [
                "BUB_12",
                "SUSH_11"
            ],
            "positiveMatch": true,
            "valueInRange": false
        }
    ],
    "createDate": "2016-07-22 18:57:08.0",
    "updateDate": "2017-02-22 00:05:41.0",
    "used": false
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions, select a version value, and store it as a versionNumber path parameter.

  3. Build a new RatePolicy object.

  4. POST the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies.

The operation responds with a RatePolicy object.

Get a rate policy

Beta. Returns the specified rate policy. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies/{ratePolicyId}

Sample: /appsec/v1/configs/17027/versions/25/rate-policies/112231

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
ratePolicyId Integer 112231 A unique identifier for each rate policy.

Status 200 application/json

Object type: RatePolicy

Download schema: ratePolicy.json

Response body:

{
    "id": 484616,
    "policyId": 2234,
    "matchType": "path",
    "type": "WAF",
    "name": "Test_Paths 2",
    "description": "AFW Test Extensions",
    "averageThreshold": 5,
    "burstThreshold": 10,
    "clientIdentifier": "ip",
    "useXForwardForHeaders": true,
    "requestType": "ClientRequest",
    "sameActionOnIpv6": false,
    "path": {
        "positiveMatch": true,
        "values": [
            "/login/",
            "/path/"
        ]
    },
    "pathMatchType": "Custom",
    "pathUriPositiveMatch": true,
    "fileExtensions": {
        "positiveMatch": false,
        "values": [
            "3g2",
            "3gp",
            "aif",
            "aiff",
            "au",
            "avi",
            "bin",
            "bmp",
            "cab"
        ]
    },
    "hostnames": [
        "www.ludin.org"
    ],
    "additionalMatchOptions": [
        {
            "positiveMatch": true,
            "type": "IpAddressCondition",
            "values": [
                "198.129.76.39"
            ]
        },
        {
            "positiveMatch": true,
            "type": "RequestMethodCondition",
            "values": [
                "GET"
            ]
        }
    ],
    "queryParameters": [
        {
            "name": "productId",
            "values": [
                "BUB_12",
                "SUSH_11"
            ],
            "positiveMatch": true,
            "valueInRange": false
        }
    ],
    "createDate": "2016-07-22 18:57:08.0",
    "updateDate": "2017-02-22 00:05:41.0",
    "used": false
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions, select a version value, and store it as a versionNumber path parameter.

  3. Run List rate policies, select a an id value, and store it as a ratePolicyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies/{ratePolicyId}.

The operation responds with a RatePolicy object.

Modify a rate policy

Beta. Update details for a specific rate policy. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies/{ratePolicyId}

Sample: /appsec/v1/configs/17027/versions/25/rate-policies/112231

Content-Type: application/json

Object type: RatePolicy

Download schema: ratePolicy.json

Request body:

{
    "id": 2234,
    "matchType": "path",
    "type": "WAF",
    "name": "Test_Paths 2",
    "description": "AFW Test Extensions",
    "averageThreshold": 5,
    "burstThreshold": 10,
    "clientIdentifier": "ip",
    "useXForwardForHeaders": true,
    "requestType": "ClientRequest",
    "sameActionOnIpv6": false,
    "path": {
        "positiveMatch": true,
        "values": [
            "/login/",
            "/path/"
        ]
    },
    "pathMatchType": "Custom",
    "pathUriPositiveMatch": true,
    "fileExtensions": {
        "positiveMatch": false,
        "values": [
            "3g2",
            "3gp",
            "aif",
            "aiff",
            "au",
            "avi",
            "bin",
            "bmp",
            "cab"
        ]
    },
    "hostnames": [
        "www.ludin.org"
    ],
    "additionalMatchOptions": [
        {
            "positiveMatch": true,
            "type": "IpAddressCondition",
            "values": [
                "198.129.76.39"
            ]
        },
        {
            "positiveMatch": true,
            "type": "RequestMethodCondition",
            "values": [
                "GET"
            ]
        }
    ],
    "queryParameters": [
        {
            "name": "productId",
            "values": [
                "BUB_12",
                "SUSH_11"
            ],
            "positiveMatch": true,
            "valueInRange": false
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
ratePolicyId Integer 112231 A unique identifier for each rate policy.

Status 200 application/json

Object type: RatePolicy

Download schema: ratePolicy.json

Response body:

{
    "id": 484616,
    "policyId": 2234,
    "matchType": "path",
    "type": "WAF",
    "name": "Test_Paths 2",
    "description": "AFW Test Extensions",
    "averageThreshold": 5,
    "burstThreshold": 10,
    "clientIdentifier": "ip",
    "useXForwardForHeaders": true,
    "requestType": "ClientRequest",
    "sameActionOnIpv6": false,
    "path": {
        "positiveMatch": true,
        "values": [
            "/login/",
            "/path/"
        ]
    },
    "pathMatchType": "Custom",
    "pathUriPositiveMatch": true,
    "fileExtensions": {
        "positiveMatch": false,
        "values": [
            "3g2",
            "3gp",
            "aif",
            "aiff",
            "au",
            "avi",
            "bin",
            "bmp",
            "cab"
        ]
    },
    "hostnames": [
        "www.ludin.org"
    ],
    "additionalMatchOptions": [
        {
            "positiveMatch": true,
            "type": "IpAddressCondition",
            "values": [
                "198.129.76.39"
            ]
        },
        {
            "positiveMatch": true,
            "type": "RequestMethodCondition",
            "values": [
                "GET"
            ]
        }
    ],
    "queryParameters": [
        {
            "name": "productId",
            "values": [
                "BUB_12",
                "SUSH_11"
            ],
            "positiveMatch": true,
            "valueInRange": false
        }
    ],
    "createDate": "2016-07-22 18:57:08.0",
    "updateDate": "2017-02-22 00:05:41.0",
    "used": false
}
  1. Run List configurations, select an id value and store it as a configId parameter.

  2. Run List configuration versions, select a version value, and store it as a versionNumber path parameter.

  3. Run List rate policies, select a an id value, and store it as a ratePolicyId parameter.

  4. Run Get a rate policy.

  5. Modify the RatePolicy response object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies/{ratePolicyId}.

The operation responds with a RatePolicy object.

Remove a rate policy

Beta. Delete the specified rate policy. You can’t delete a rate policy that is actively in use. To delete the rate policy, first activate an older configuration version or create a new version without the policy in place. Contact your account team if you’d like to perform this operation.

DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies/{ratePolicyId}

Sample: /appsec/v1/configs/17027/versions/25/rate-policies/112231

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
ratePolicyId Integer 112231 A unique identifier for each rate policy.

Status 204

  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions, select a version value, and store it as a versionNumber path parameter.

  3. Run List rate policies, select a an id value, and store it as a ratePolicyId parameter.

  4. Make a DELETE request to /appsec/v1/configs/{configId}/versions/{versionNumber}/rate-policies/{ratePolicyId}.

List rate policy actions

Beta. Returns a list of all rate policies currently in use with the actions each policy takes when conditions are met. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rate-policies

Sample: /appsec/v1/configs/8277/versions/25/security-policies/WC_3/rate-policies

Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String WC_3 A unique identifier for each security policy.

Status 200 application/json

Object type: RatePolicyAction

Download schema: ratePolicyActions.json

Response body:

{
    "ratePolicies": [
        {
            "id": 102718,
            "ipv4Action": "alert",
            "ipv6Action": "none"
        },
        {
            "id": 102719,
            "ipv4Action": "deny",
            "ipv6Action": "deny"
        },
        {
            "id": 102720,
            "ipv4Action": "alert",
            "ipv6Action": "deny"
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions, select a version value, and store it as a versionNumber path parameter.

  3. Run List rate policies, select an id value, and store it as a ratePolicyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rate-policies.

The operation responds with a CustomRuleActions object.

Modify a rate policy action

Beta. Updates the actions in a rate policy. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rate-policies/{ratePolicyId}

Sample: /appsec/v1/configs/8277/versions/25/security-policies/WC_3/rate-policies/661699

Content-Type: application/json

Object type: RatePolicyAction

Download schema: updateRatePolicyAction.json

Request body:

{
    "ipv4Action": "alert",
    "ipv6Action": "alert"
}
Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String WC_3 A unique identifier for each security policy.
ratePolicyId Integer 661699 A unique identifier for each rate policy.

Status 200 application/json

Object type: RatePolicyAction

Download schema: updateRatePolicyAction.json

Response body:

{
    "ipv4Action": "alert",
    "ipv6Action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions, select a version value, and store it as a versionNumber path parameter.

  3. Run List security policies, select an id value and save it as a policyId parameter.

  4. Run List rate policies, select a an id value, and store it as a ratePolicyId parameter.

  5. Modify the RatePolicy response object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rate-policies/{ratePolicyId}.

The operation responds with a RatePolicy object.

Get Slow POST protection settings

Beta. Get Slow POST protection settings for a specific configuration. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/slow-post

Sample: /appsec/v1/configs/17027/versions/1/security-policies/WC_3/slow-post

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 1 A unique identifier for each version of a configuration.
policyId String WC_3 A unique identifier for each security policy.

Status 200 application/json

Object type: SlowPostProtection

Download schema: slowPostProtectionDto.json

Response body:

{
    "action": "alert",
    "slowRateThreshold": {
        "rate": 10,
        "period": 50
    },
    "durationThreshold": {
        "timeout": 5
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions, select a version value, and store it as a versionNumber path parameter.

  3. Run List security policies, select an id value and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/slow-post.

The response is a SlowPostProtection object.

Modify slow POST protection settings

Beta. Update slow POST protection settings for a specific configuration. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/slow-post

Sample: /appsec/v1/configs/17027/versions/1/security-policies/WC_3/slow-post

Content-Type: application/json

Object type: SlowPostProtection

Download schema: slowPostProtectionDto.json

Request body:

{
    "action": "alert",
    "slowRateThreshold": {
        "rate": 10,
        "period": 50
    },
    "durationThreshold": {
        "timeout": 5
    }
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 1 A unique identifier for each version of a configuration.
policyId String WC_3 A unique identifier for each security policy.

Status 200 application/json

Object type: SlowPostProtection

Download schema: slowPostProtectionDto.json

Response body:

{
    "action": "alert",
    "slowRateThreshold": {
        "rate": 10,
        "period": 50
    },
    "durationThreshold": {
        "timeout": 5
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions, select a version value, and store it as a versionNumber path parameter.

  3. Run List security policies, select an id value and save it as a policyId parameter.

  4. Run Get Slow POST protection settings

  5. Modify the SlowPostProtection response object.

  6. PUT the object back to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/slow-post.

Get the current mode

Beta. When using Web Application Firewall in your security policy, this mode conveys how you’re planning to keep the rules up to date, either KRS for manual updates or AAG for automatic updates. This operation returns which mode your rules are currently set to. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/mode

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/mode

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Object type: Mode

Download schema: securityPolicyGetModeSuccess.json

Response body:

{
    "mode": "KRS",
    "current": "KRS 1.0 (Apr 20, 2020)",
    "eval": "disabled"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/mode.

The operation responds with a Mode object.

Modify the mode

Beta. The mode you set determines how your rule sets are updated. Use KRS mode to update the rule sets manually, or AAG to have them update automatically. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/mode

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/mode

Content-Type: application/json

Object type: Mode

Download schema: securityPolicySetModeRequest.json

Request body:

{
    "mode": "KRS"
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Object type: Mode

Download schema: securityPolicySetModeSuccess.json

Response body:

{
    "mode": "KRS",
    "current": "KRS 1.0 (Apr 20, 2020)"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run Get the current mode.

  5. Modify the Mode object. Use KRS for manual updates and AAG for automatic updates.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/mode.

The operation responds with a Mode object.

List attack groups

Beta. Return a list of attack groups with their associated actions. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/attack-groups

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Object type: AttackGroup

Download schema: securityPolicyGetAttackGroupsActionsSuccess.json

Response body:

{
    "attackGroupActions": [
        {
            "action": "deny",
            "group": "TOOL"
        },
        {
            "action": "none",
            "group": "PROTOCOL"
        },
        {
            "action": "alert",
            "group": "SQL"
        },
        {
            "action": "deny",
            "group": "XSS"
        },
        {
            "action": "deny",
            "group": "LFI"
        },
        {
            "action": "deny",
            "group": "RFI"
        },
        {
            "action": "deny",
            "group": "CMDI"
        },
        {
            "action": "none",
            "group": "PLATFORM"
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups.

The operation responds with an AttackGroup object.

Get the action for an attack group

Beta. Currently the only member in the response object is action, which displays the action for the attack group. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/attack-groups/CMD

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.
attackGroupId String CMD A unique identifier for each attack group.

Status 200 application/json

Object type: AttackGroup

Download schema: securityPolicyGetAttackGroupActionSuccess.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List attack groups, select a group value and save it as the attackGroupId parameter.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}.

The operation responds with an AttackGroup object.

Modify the action for an attack group

Beta. Update what action to take when an attack group’s rule triggers. Use alert to record the trigger of the event, deny to block the request, or none to take no action. Currently the only member in the attack group object is action. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/attack-groups/CMD

Content-Type: application/json

Object type: AttackGroup

Download schema: securityPolicySetAttackGroupActionRequest.json

Request body:

{
    "action": "alert"
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.
attackGroupId String CMD A unique identifier for each attack group.

Status 200 application/json

Download schema: securityPolicySetAttackGroupActionSuccess.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List attack groups, select a group value and save it as the attackGroupId parameter.

  5. Run Get an attack group.

  6. Modify the AttackGroup object. Use alert to record the trigger of the event, deny to block the request, or none to take no action.

  7. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}.

The operation responds with an AttackGroup object.

Get the exceptions of an attack group

Beta. List an attack group’s exceptions. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}/condition-exception

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/attack-groups/CMD/condition-exception

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.
attackGroupId String CMD A unique identifier for each attack group.

Status 200 application/json

Object type: Exception

Download schema: securityPolicyGetConditionExceptionSuccess.json

Response body:

{
    "advancedExceptions": {
        "specificHeaderCookieParamXmlOrJsonNames": [
            {
                "criteria": [
                    {
                        "hostnames": [
                            "www.host.com"
                        ],
                        "paths": [
                            "/*"
                        ]
                    }
                ],
                "selector": "REQUEST_HEADERS_NAMES",
                "wildcard": true
            },
            {
                "criteria": [
                    {
                        "hostnames": [
                            "ALL"
                        ],
                        "names": [
                            "header1"
                        ],
                        "paths": [
                            "/orders"
                        ]
                    }
                ],
                "names": [
                    "header2"
                ],
                "selector": "REQUEST_HEADERS",
                "wildcard": false
            },
            {
                "criteria": [
                    {
                        "hostnames": [
                            "ALL"
                        ],
                        "paths": [
                            "/*"
                        ]
                    }
                ],
                "selector": "ARGS_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "param-name"
                ],
                "selector": "ARGS",
                "wildcard": true
            },
            {
                "selector": "JSON_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "json1"
                ],
                "selector": "JSON_PAIRS",
                "wildcard": true
            },
            {
                "selector": "REQUEST_COOKIES_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "cookie1",
                    "cookie2"
                ],
                "selector": "REQUEST_COOKIES",
                "wildcard": true
            },
            {
                "selector": "REQUEST_BODY",
                "wildcard": true
            },
            {
                "selector": "REQBODY_PROCESSOR_ERROR",
                "wildcard": true
            },
            {
                "selector": "FILES_NAMES",
                "wildcard": true
            },
            {
                "selector": "REQUEST_PROTOCOL",
                "wildcard": true
            },
            {
                "selector": "REQUEST_METHOD",
                "wildcard": true
            },
            {
                "selector": "REQUEST_URI",
                "wildcard": true
            },
            {
                "selector": "QUERY_STRING",
                "wildcard": true
            },
            {
                "selector": "REQUEST_FILENAME",
                "wildcard": true
            },
            {
                "selector": "REQUEST_PATH_SEGMENT",
                "wildcard": true
            }
        ],
        "headerCookieOrParamValues": [
            {
                "values": [
                    "header1",
                    "cookie1",
                    "param1"
                ]
            }
        ],
        "specificHeaderCookieOrParamNameValue": [
            {
                "namesValues": [
                    {
                        "names": [
                            "header1"
                        ],
                        "values": [
                            "value1"
                        ]
                    }
                ],
                "selector": "REQUEST_HEADERS",
                "wildcard": true
            },
            {
                "namesValues": [
                    {
                        "names": [
                            "param-name"
                        ],
                        "values": [
                            "param-value"
                        ]
                    }
                ],
                "selector": "ARGS",
                "wildcard": true
            },
            {
                "namesValues": [
                    {
                        "names": [
                            "json-param1"
                        ],
                        "values": [
                            "json-value1"
                        ]
                    }
                ],
                "selector": "JSON_PAIRS",
                "wildcard": true
            },
            {
                "namesValues": [
                    {
                        "names": [
                            "cookie-name"
                        ],
                        "values": [
                            "cookie1"
                        ]
                    }
                ],
                "selector": "REQUEST_COOKIES",
                "wildcard": true
            }
        ],
        "conditions": [
            {
                "type": "filenameMatch",
                "filenames": [
                    "*.aspx",
                    "*.js"
                ],
                "positiveMatch": true
            },
            {
                "type": "pathMatch",
                "paths": [
                    "/catalog"
                ],
                "positiveMatch": true
            }
        ]
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List attack groups, select a group value and save it as the attackGroupId parameter.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}/condition-exception.

The operation responds with an Exception object.

Modify the exceptions of an attack group

Beta. Update an attack group exceptions. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}/condition-exception

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/attack-groups/CMD/condition-exception

Content-Type: application/json

Object type: Exception

Download schema: securityPolicySetConditionExceptionRequest.json

Request body:

{
    "exception": {
        "specificHeaderCookieParamXmlOrJsonNames": [
            {
                "selector": "REQUEST_HEADERS_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "header2",
                    "header1"
                ],
                "selector": "REQUEST_HEADERS",
                "wildcard": false
            },
            {
                "selector": "REQUEST_COOKIES_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "cookie1",
                    "cookie2"
                ],
                "selector": "REQUEST_COOKIES",
                "wildcard": true
            },
            {
                "selector": "ARGS_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "param-name"
                ],
                "selector": "ARGS",
                "wildcard": true
            },
            {
                "selector": "JSON_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "json1"
                ],
                "selector": "JSON_PAIRS",
                "wildcard": true
            },
            {
                "selector": "REQUEST_PROTOCOL",
                "wildcard": true
            },
            {
                "selector": "REQUEST_METHOD",
                "wildcard": true
            },
            {
                "selector": "REQUEST_URI",
                "wildcard": true
            },
            {
                "selector": "QUERY_STRING",
                "wildcard": true
            },
            {
                "selector": "REQUEST_FILENAME",
                "wildcard": true
            },
            {
                "selector": "REQUEST_PATH_SEGMENT",
                "wildcard": true
            },
            {
                "selector": "REQUEST_BODY",
                "wildcard": true
            },
            {
                "selector": "REQBODY_PROCESSOR_ERROR",
                "wildcard": true
            },
            {
                "selector": "FILES_NAMES",
                "wildcard": true
            }
        ]
    }
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.
attackGroupId String CMD A unique identifier for each attack group.

Status 200 application/json

Object type: Exception

Download schema: securityPolicySetConditionExceptionSuccess.json

Response body:

{
    "exception": {
        "specificHeaderCookieParamXmlOrJsonNames": [
            {
                "selector": "REQUEST_HEADERS_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "header2",
                    "header1"
                ],
                "selector": "REQUEST_HEADERS",
                "wildcard": false
            },
            {
                "selector": "REQUEST_COOKIES_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "cookie1",
                    "cookie2"
                ],
                "selector": "REQUEST_COOKIES",
                "wildcard": true
            },
            {
                "selector": "ARGS_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "param-name"
                ],
                "selector": "ARGS",
                "wildcard": true
            },
            {
                "selector": "JSON_NAMES",
                "wildcard": true
            },
            {
                "names": [
                    "json1"
                ],
                "selector": "JSON_PAIRS",
                "wildcard": true
            },
            {
                "selector": "REQUEST_PROTOCOL",
                "wildcard": true
            },
            {
                "selector": "REQUEST_METHOD",
                "wildcard": true
            },
            {
                "selector": "REQUEST_URI",
                "wildcard": true
            },
            {
                "selector": "QUERY_STRING",
                "wildcard": true
            },
            {
                "selector": "REQUEST_FILENAME",
                "wildcard": true
            },
            {
                "selector": "REQUEST_PATH_SEGMENT",
                "wildcard": true
            },
            {
                "selector": "REQUEST_BODY",
                "wildcard": true
            },
            {
                "selector": "REQBODY_PROCESSOR_ERROR",
                "wildcard": true
            },
            {
                "selector": "FILES_NAMES",
                "wildcard": true
            }
        ]
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List attack groups, select a group value and save it as the attackGroupId parameter.

  5. Run Get an attack group’s exceptions.

  6. Modify the Exception object.

  7. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/attack-groups/{attackGroupId}/condition-exception.

The operation responds with an Exception object.

List rules

Beta. Returns the action taken for each rule in a policy. The action occurs when the rules are triggered by a request. These are not the same rules as Custom Rules that you configure yourself. These rules are maintained by Akamai. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/rules

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Object type: Action

Download schema: securityPolicyGetRuleActionsSuccess.json

Response body:

{
    "ruleActions": [
        {
            "action": "alert",
            "id": 699989
        },
        {
            "action": "alert",
            "id": 699990
        },
        {
            "action": "alert",
            "id": 699991
        },
        {
            "action": "alert",
            "id": 699992
        },
        {
            "action": "alert",
            "id": 699993
        },
        {
            "action": "alert",
            "id": 699994
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules.

The operation responds with an Action array.

Upgrade KRS ruleset

Beta. Upgrade to the most recent version of the KRS rule set. Akamai periodically updates these rules to keep protections current. However, the rules you use in your security policies do not automatically upgrade to the latest version when setting mode to KRS. These rules do update automatically when you have mode set to AAG. Before you upgrade, run Get upgrade details to see which rules have changed. If you want to test how these rules would operate with live traffic before committing to the upgrade, run them in evaluation mode. This applies to KRS rules only and does not allow you to make any changes to the rules themselves. The response is the same as the mode response. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/rules

Content-Type: application/json

Request body:

{
    "upgrade": true
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Object type: Mode

Download schema: securityPolicyGetModeSuccess.json

Response body:

{
    "mode": "KRS",
    "current": "KRS 1.0 (Apr 20, 2020)",
    "eval": "disabled"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Build the request object. The request object is "upgrade" : true.

  5. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules.

  6. The operation responds with an Upgrade object.

Get the action for a rule

Beta. Return the action a rule takes when triggered. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/rules/699989

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.
ruleId Integer 699989 A unique identifier for rule.

Status 200 application/json

Download schema: securityPolicyGetRuleActionSuccess.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List rules, select an id value, and save it as a ruleId.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}.

The operation responds with an Action object.

Modify the action for a rule

Beta. Update what action a rule takes when it’s triggered. Use alert to record the trigger of the event, deny to block the request, or none to take no action. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/rules/699989

Content-Type: application/json

Download schema: securityPolicySetRuleActionRequest.json

Request body:

{
    "action": "alert"
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.
ruleId Integer 699989 A unique identifier for rule.

Status 200 application/json

Download schema: securityPolicySetRuleActionSuccess.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List rules, select an id value, and save it as a ruleId.

  5. Run Get a rule’s action.

  6. Modify the Action object.

  7. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}.

The operation responds with a Action object.

Get the conditions and exceptions of a rule

Beta. List a KRS rule’s conditions and exceptions. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}/condition-exception

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/rules/699989/condition-exception

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.
ruleId Integer 699989 A unique identifier for rule.

Status 200 application/json

Object type: Exception

Download schema: securityPolicyGetConditionExceptionSuccess.json

Response body:

{
    "conditions": [
        {
            "type": "extensionMatch",
            "extensions": [
                "test"
            ],
            "positiveMatch": true
        },
        {
            "type": "filenameMatch",
            "filenames": [
                "test2"
            ],
            "positiveMatch": true
        },
        {
            "type": "hostMatch",
            "hosts": [
                "www.test.com"
            ],
            "positiveMatch": true
        },
        {
            "type": "ipMatch",
            "ips": [
                "123.123.123.123"
            ],
            "positiveMatch": true,
            "useHeaders": true
        },
        {
            "type": "uriQueryMatch",
            "caseSensitive": true,
            "name": "test3",
            "nameCase": false,
            "positiveMatch": true,
            "value": "test4",
            "wildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "header": "referer",
            "positiveMatch": true,
            "value": "test5",
            "valueCase": false,
            "valueWildcard": false
        },
        {
            "type": "requestMethodMatch",
            "methods": [
                "GET"
            ],
            "positiveMatch": true
        },
        {
            "type": "pathMatch",
            "paths": [
                "/test6"
            ],
            "positiveMatch": true
        }
    ],
    "exception": {
        "headerCookieOrParamValues": [
            "test"
        ],
        "specificHeaderCookieOrParamNameValue": {
            "name": "test",
            "selector": "REQUEST_HEADERS",
            "value": "test"
        },
        "specificHeaderCookieOrParamNames": [
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_HEADERS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_COOKIES"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "ARGS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "JSON_PAIRS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "XML_PAIRS"
            }
        ],
        "specificHeaderCookieOrParamPrefix": {
            "prefix": "test",
            "selector": "REQUEST_HEADERS"
        }
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List rules, select an id value, and save it as a ruleId.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}/condition-exception.

The operation responds with an Exception object.

Modify the conditions and exceptions of a rule

Beta. Update a rule’s conditions and exceptions. When the conditions are met, the rule’s actions are ignored and not applied to that specific traffic. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}/condition-exception

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/rules/699989/condition-exception

Content-Type: application/json

Object type: Exception

Download schema: securityPolicySetConditionExceptionRequest.json

Request body:

{
    "conditions": [
        {
            "type": "extensionMatch",
            "extensions": [
                "test"
            ],
            "positiveMatch": true
        },
        {
            "type": "filenameMatch",
            "filenames": [
                "test2"
            ],
            "positiveMatch": true
        },
        {
            "type": "hostMatch",
            "hosts": [
                "www.test.com"
            ],
            "positiveMatch": true
        },
        {
            "type": "ipMatch",
            "ips": [
                "123.123.123.123"
            ],
            "positiveMatch": true,
            "useHeaders": true
        },
        {
            "type": "uriQueryMatch",
            "caseSensitive": true,
            "name": "test3",
            "nameCase": false,
            "positiveMatch": true,
            "value": "test4",
            "wildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "header": "referer",
            "positiveMatch": true,
            "value": "test5",
            "valueCase": false,
            "valueWildcard": false
        },
        {
            "type": "requestMethodMatch",
            "methods": [
                "GET"
            ],
            "positiveMatch": true
        },
        {
            "type": "pathMatch",
            "paths": [
                "/test6"
            ],
            "positiveMatch": true
        }
    ],
    "exception": {
        "headerCookieOrParamValues": [
            "test"
        ],
        "specificHeaderCookieOrParamNameValue": {
            "name": "test",
            "selector": "REQUEST_HEADERS",
            "value": "test"
        },
        "specificHeaderCookieOrParamNames": [
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_HEADERS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_COOKIES"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "ARGS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "JSON_PAIRS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "XML_PAIRS"
            }
        ],
        "specificHeaderCookieOrParamPrefix": {
            "prefix": "test",
            "selector": "REQUEST_HEADERS"
        }
    }
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.
ruleId Integer 699989 A unique identifier for rule.

Status 200 application/json

Object type: Exception

Download schema: securityPolicySetConditionExceptionSuccess.json

Response body:

{
    "conditions": [
        {
            "type": "extensionMatch",
            "extensions": [
                "test"
            ],
            "positiveMatch": true
        },
        {
            "type": "filenameMatch",
            "filenames": [
                "test2"
            ],
            "positiveMatch": true
        },
        {
            "type": "hostMatch",
            "hosts": [
                "www.test.com"
            ],
            "positiveMatch": true
        },
        {
            "type": "ipMatch",
            "ips": [
                "123.123.123.123"
            ],
            "positiveMatch": true,
            "useHeaders": true
        },
        {
            "type": "uriQueryMatch",
            "caseSensitive": true,
            "name": "test3",
            "nameCase": false,
            "positiveMatch": true,
            "value": "test4",
            "wildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "header": "referer",
            "positiveMatch": true,
            "value": "test5",
            "valueCase": false,
            "valueWildcard": false
        },
        {
            "type": "requestMethodMatch",
            "methods": [
                "GET"
            ],
            "positiveMatch": true
        },
        {
            "type": "pathMatch",
            "paths": [
                "/test6"
            ],
            "positiveMatch": true
        }
    ],
    "exception": {
        "headerCookieOrParamValues": [
            "test"
        ],
        "specificHeaderCookieOrParamNameValue": {
            "name": "test",
            "selector": "REQUEST_HEADERS",
            "value": "test"
        },
        "specificHeaderCookieOrParamNames": [
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_HEADERS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_COOKIES"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "ARGS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "JSON_PAIRS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "XML_PAIRS"
            }
        ],
        "specificHeaderCookieOrParamPrefix": {
            "prefix": "test",
            "selector": "REQUEST_HEADERS"
        }
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List rules, select an id value, and save it as a ruleId parameter.

  5. Run Get a rule’s conditions and exceptions.

  6. Modify the Exception object.

  7. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}/condition-exception.

The operation responds with an Exception object.

Get upgrade details

Beta. Only applies to Kona rule sets. The KRS rule sets are maintained by Akamai’s security research team. Run this operation before you upgrade to verify changes in the rule sets. If you want to test how the updates affect your site, you can run the updated rules in evaluation mode. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/upgrade-details

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/rules/upgrade-details

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Object type: Upgrade

Download schema: rulesGetUpgrade.json

Response body:

{
    "current": "KRS 1.0 (Apr 20, 2020)",
    "evaluating": "KRS 1.0 (Mar 15, 2020)",
    "latest": "KRS 1.0 (June 15, 2020)",
    "KRSToEvalUpdates": {
        "updatedRules": [
            {
                "id": 3000080,
                "title": "Cross-site Scripting (XSS) Attack"
            },
            {
                "id": 3000081,
                "title": "PHP Injection Attack (Opening Tag)"
            }
        ],
        "newRules": [
            {
                "id": 3000082,
                "title": "Cross-site Scripting (XSS) Attack: Attribute Injection"
            },
            {
                "id": 3000083,
                "title": "IE XSS Filters - Attack Detected"
            }
        ]
    },
    "EvalToEvalUpdates": {
        "newRules": [
            {
                "id": 3000090,
                "title": "Cross-site Scripting (XSS) Attack: Attribute Injection"
            }
        ]
    },
    "KRSToLatestUpdates": {
        "deletedRules": [
            {
                "id": 3000048,
                "title": "MSSQL Code Execution and Information Gathering Attempts"
            }
        ],
        "newRules": [
            {
                "id": 3000090,
                "title": "Remote File Inclusion Attack"
            },
            {
                "id": 3000091,
                "title": "IE XSS Filters"
            }
        ]
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/upgrade-details.

The operation responds with an Upgrade object.

Set evaluation mode

Beta. Evaluation mode runs concurrently with your existing Web Application Firewall Rule settings and records how the rules would respond if they were applied to live traffic. The default action for evaluation rules is alert. Unlike other POST or PUT actions, this request object supports values other than enabled or disabled. Use START to begin evaluation mode. An evaluation period lasts four weeks unless you stop the evaluation. Once you begin, the rules you evaluate will respond to traffic as if they are your current rules. However, instead of taking an action the evaluation rules will log which action they would have taken if they were your active rules and not a test of future rules. Use STOP to end the evaluation before it completes on its own, and not upgrade your rules. Use RESTART to start an evaluation you previously stopped, or one that has expired. Use COMPLETE to stop your in-progress evaluation and automatically upgrade your existing KRS rules to the rule set you just evaluated. Use UPDATE to upgrade to the newest available version of evaluation rules. A request value of START, RESTART, or COMPLETE returns an eval value of enabled. A request value of STOP or UPDATE returns an eval value of disabled. Contact your account team if you’d like to run this operation.

POST /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/eval

Content-Type: application/json

Object type: EvalMode

Download schema: evalMode.json

Request body:

{
    "eval": "START"
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.

Status 201 application/json

Object type: EvalMode

Download schema: evalMode.json

Response body:

{
    "mode": "KRS",
    "current": "KRS 1.0 (Apr 20, 2020)",
    "eval": "enabled",
    "evaluating": "KRS 1.0 (June 25, 2020)",
    "expires": "2020-08-08T00:00:00Z"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Build a new EvalRule object.

  5. POST the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval.

The operation responds with an EvalRule object.

List evaluation rules

Beta. Return the rules available for evaluation and their actions. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/eval-rules

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.

Status 200 application/json

Object type: EvalRule

Download schema: securityPolicyGetEvalRuleActionsSuccess.json

Response body:

{
    "evalRuleActions": [
        {
            "action": "alert",
            "id": 699989
        },
        {
            "action": "alert",
            "id": 699990
        },
        {
            "action": "alert",
            "id": 699991
        },
        {
            "action": "alert",
            "id": 699992
        },
        {
            "action": "alert",
            "id": 699993
        },
        {
            "action": "alert",
            "id": 699994
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules.

The operation responds with an EvalRule object.

Get the action of an evaluation rule

Beta. Return the action for a specific rule you want to evaluate. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/eval-rules/699989

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.
ruleId Integer 699989 A unique identifier for each rule.

Status 200 application/json

Download schema: securityPolicyGetEvalRuleActionSuccess.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List evaluation rules, select an id value, and save it as a ruleId.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}.

The operation responds with an EvalRule object.

Modify the action of an evaluation rule

Beta. Update the action for a specific rule you want to evaluate. Like your current rules, actions are alert to record the trigger of the event, deny to block the request, or none to take no action. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/eval-rules/699989

Content-Type: application/json

Object type: EvalRule

Download schema: securityPolicySetEvalRuleActionRequest.json

Request body:

{
    "action": "alert"
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.
ruleId Integer 699989 A unique identifier for each rule.

Status 200 application/json

Download schema: securityPolicySetEvalRuleActionSuccess.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List evaluation rules, select an id value, and save it as a ruleId.

  5. Run Get an evaluation rule’s action.

  6. Modify the EvalRule object.

  7. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}.

The operation responds with an EvalRule object.

Get the conditions and exceptions for an evaluation rule

Beta. List the conditions and exceptions for a rule you want to evaluate. This operation returns the same object type as other condition and exception operations. Keep in mind that the response for this operation applies to the rules you’re evaluating even though the concept of conditions and exceptions is the same for all condition exception endpoints. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}/condition-exception

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/eval-rules/699989/condition-exception

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.
ruleId Integer 699989 A unique identifier for each rule.

Status 200 application/json

Download schema: securityPolicyGetEvalConditionExceptionSuccess.json

Response body:

{
    "conditions": [
        {
            "type": "extensionMatch",
            "extensions": [
                "test"
            ],
            "positiveMatch": true
        },
        {
            "type": "filenameMatch",
            "filenames": [
                "test2"
            ],
            "positiveMatch": true
        },
        {
            "type": "hostMatch",
            "hosts": [
                "www.test.com"
            ],
            "positiveMatch": true
        },
        {
            "type": "ipMatch",
            "ips": [
                "123.123.123.123"
            ],
            "positiveMatch": true,
            "useHeaders": true
        },
        {
            "type": "uriQueryMatch",
            "caseSensitive": true,
            "name": "test3",
            "nameCase": false,
            "positiveMatch": true,
            "value": "test4",
            "wildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "header": "referer",
            "positiveMatch": true,
            "value": "test5",
            "valueCase": false,
            "valueWildcard": false
        },
        {
            "type": "requestMethodMatch",
            "methods": [
                "GET"
            ],
            "positiveMatch": true
        },
        {
            "type": "pathMatch",
            "paths": [
                "/test6"
            ],
            "positiveMatch": true
        }
    ],
    "exception": {
        "headerCookieOrParamValues": [
            "test"
        ],
        "specificHeaderCookieOrParamNameValue": {
            "name": "test",
            "selector": "REQUEST_HEADERS",
            "value": "test"
        },
        "specificHeaderCookieOrParamNames": [
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_HEADERS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_COOKIES"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "ARGS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "JSON_PAIRS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "XML_PAIRS"
            }
        ],
        "specificHeaderCookieOrParamPrefix": {
            "prefix": "test",
            "selector": "REQUEST_HEADERS"
        }
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List evaluation rules, select an id value, and save it as a ruleId.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}/condition-exception.

The operation responds with an Exception object.

Modify the conditions and exceptions for an evaluation rule

Beta. Update an evaluation rule’s conditions and exceptions. When the conditions are met, the rule’s actions are ignored and not applied to that specific traffic. The rule action you update with this operation is for a rule you are evaluating and not a rule currently in use for your site or app. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-rules/{ruleId}/condition-exception

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/eval-rules/699989/condition-exception

Content-Type: application/json

Download schema: securityPolicySetEvalConditionExceptionRequest.json

Request body:

{
    "conditions": [
        {
            "type": "extensionMatch",
            "extensions": [
                "test"
            ],
            "positiveMatch": true
        },
        {
            "type": "filenameMatch",
            "filenames": [
                "test2"
            ],
            "positiveMatch": true
        },
        {
            "type": "hostMatch",
            "hosts": [
                "www.test.com"
            ],
            "positiveMatch": true
        },
        {
            "type": "ipMatch",
            "ips": [
                "123.123.123.123"
            ],
            "positiveMatch": true,
            "useHeaders": true
        },
        {
            "type": "uriQueryMatch",
            "caseSensitive": true,
            "name": "test3",
            "nameCase": false,
            "positiveMatch": true,
            "value": "test4",
            "wildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "header": "referer",
            "positiveMatch": true,
            "value": "test5",
            "valueCase": false,
            "valueWildcard": false
        },
        {
            "type": "requestMethodMatch",
            "methods": [
                "GET"
            ],
            "positiveMatch": true
        },
        {
            "type": "pathMatch",
            "paths": [
                "/test6"
            ],
            "positiveMatch": true
        }
    ],
    "exception": {
        "headerCookieOrParamValues": [
            "test"
        ],
        "specificHeaderCookieOrParamNameValue": {
            "name": "test",
            "selector": "REQUEST_HEADERS",
            "value": "test"
        },
        "specificHeaderCookieOrParamNames": [
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_HEADERS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_COOKIES"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "ARGS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "JSON_PAIRS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "XML_PAIRS"
            }
        ],
        "specificHeaderCookieOrParamPrefix": {
            "prefix": "test",
            "selector": "REQUEST_HEADERS"
        }
    }
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.
ruleId Integer 699989 A unique identifier for each rule.

Status 200 application/json

Download schema: securityPolicySetEvalConditionExceptionSuccess.json

Response body:

{
    "conditions": [
        {
            "type": "extensionMatch",
            "extensions": [
                "test"
            ],
            "positiveMatch": true
        },
        {
            "type": "filenameMatch",
            "filenames": [
                "test2"
            ],
            "positiveMatch": true
        },
        {
            "type": "hostMatch",
            "hosts": [
                "www.test.com"
            ],
            "positiveMatch": true
        },
        {
            "type": "ipMatch",
            "ips": [
                "123.123.123.123"
            ],
            "positiveMatch": true,
            "useHeaders": true
        },
        {
            "type": "uriQueryMatch",
            "caseSensitive": true,
            "name": "test3",
            "nameCase": false,
            "positiveMatch": true,
            "value": "test4",
            "wildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "header": "referer",
            "positiveMatch": true,
            "value": "test5",
            "valueCase": false,
            "valueWildcard": false
        },
        {
            "type": "requestMethodMatch",
            "methods": [
                "GET"
            ],
            "positiveMatch": true
        },
        {
            "type": "pathMatch",
            "paths": [
                "/test6"
            ],
            "positiveMatch": true
        }
    ],
    "exception": {
        "headerCookieOrParamValues": [
            "test"
        ],
        "specificHeaderCookieOrParamNameValue": {
            "name": "test",
            "selector": "REQUEST_HEADERS",
            "value": "test"
        },
        "specificHeaderCookieOrParamNames": [
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_HEADERS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_COOKIES"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "ARGS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "JSON_PAIRS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "XML_PAIRS"
            }
        ],
        "specificHeaderCookieOrParamPrefix": {
            "prefix": "test",
            "selector": "REQUEST_HEADERS"
        }
    }
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List evaluation rules, select an id value, and save it as a ruleId.

  5. Run Get the evaluation rule’s conditions and exceptions.

  6. Modify the Exception object.

  7. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}/condition-exception.

The operation responds with an Exception object.

Get the penalty box

Beta. Returns the penalty box settings for the security policy you specify. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/penalty-box

Sample: /appsec/v1/configs/17027/versions/1/security-policies/WC_3/penalty-box

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 1 A unique identifier for each version of a configuration.
policyId String WC_3 A unique identifier for each security policy.

Status 200 application/json

Object type: PenaltyBox

Download schema: penaltyBoxDto.json

Response body:

{
    "action": "alert",
    "penaltyBoxProtection": true
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/penalty-box.

The operation responds with a PenaltyBox object.

Modify the penalty box

Beta. Update the penalty box settings for your security policy. If set to on, you can choose to deny requests coming from a client in the penalty box, or trigger an alert instead. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/penalty-box

Sample: /appsec/v1/configs/17027/versions/1/security-policies/WC_3/penalty-box

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 1 A unique identifier for each version of a configuration.
policyId String WC_3 A unique identifier for each security policy.

Status 200 application/json

Object type: PenaltyBox

Download schema: penaltyBoxDto.json

Response body:

{
    "action": "alert",
    "penaltyBoxProtection": true
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run Get penalty box.

  5. Modify the PenaltyBox object.

  6. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/penalty-box.

The operation responds with a PenaltyBox object.

List custom rules

Lists custom rules defined in a security configuration.

GET /appsec/v1/configs/{configId}/custom-rules

Sample: /appsec/v1/configs/8277/custom-rules

Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.

Status 200 application/json

Object type: CustomRule

Download schema: customRules-schema.json

Response body:

{
    "customRules": [
        {
            "link": "/appsec/v1/configs/99999/customRules/111111",
            "name": "Example 1",
            "status": "activated",
            "id": 111111,
            "version": 1
        },
        {
            "link": "/appsec/v1/configs/99999/customRules/111112",
            "name": "Example 2",
            "status": "published",
            "id": 111112,
            "version": 1
        },
        {
            "link": "/appsec/v1/configs/99999/customRules/111113",
            "name": "Example 3",
            "status": "unused",
            "id": 111113,
            "version": 2
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Make a GET request to /appsec/v1/configs/{configId}/custom-rules.

The response is a CustomRule object.

Create a custom rule

Creates a new custom rule.

POST /appsec/v1/configs/{configId}/custom-rules

Sample: /appsec/v1/configs/8277/custom-rules

Content-Type: application/json

Object type: CustomRule

Download schema: customRule-schema.json

Request body:

{
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "tag": [
        "test"
    ],
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "He",
                "H",
                "Li"
            ]
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": "HTTP/0.9"
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ]
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "H",
                "He",
                "Li"
            ]
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "O",
                "N",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Carbon",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "Nitrogen",
                "N"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        },
        {
            "type": "clientCertPresentMatch",
            "positiveMatch": true
        },
        {
            "type": "clientCertValidMatch",
            "positiveMatch": false
        },
        {
            "type": "clientTlsFingerprintMatch",
            "positiveMatch": true,
            "value": [
                "aebbfa8e53e8661f"
            ]
        },
        {
            "type": "hostMatch",
            "positiveMatch": true,
            "value": [
                "Carbon.com",
                "Oxygen.info",
                "*.Nitrogen.gb"
            ]
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.

Status 200 application/json

Object type: CustomRule

Download schema: customRule-schema.json

Response body:

{
    "id": 661699,
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1,
    "ruleActivated": false,
    "tag": [
        "test"
    ],
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "He",
                "H",
                "Li"
            ]
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": "HTTP/0.9"
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ]
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "H",
                "He",
                "Li"
            ]
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "O",
                "N",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Carbon",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "Nitrogen",
                "N"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        },
        {
            "type": "clientCertPresentMatch",
            "positiveMatch": true
        },
        {
            "type": "clientCertValidMatch",
            "positiveMatch": true
        },
        {
            "type": "clientTlsFingerprintMatch",
            "positiveMatch": true,
            "value": [
                "aebbfa8e53e8661f"
            ]
        },
        {
            "type": "hostMatch",
            "positiveMatch": true,
            "value": [
                "Carbon.com",
                "Oxygen.info",
                "*.Nitrogen.gb"
            ]
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Create a CustomRule object.

  3. Make a POST request to /appsec/v1/configs/{configId}/custom-rules.

The response reflects the complete CustomRule object.

Get a custom rule

Returns the details of a custom rule.

GET /appsec/v1/configs/{configId}/custom-rules/{ruleId}

Sample: /appsec/v1/configs/8277/custom-rules/661699

Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
ruleId Integer 661699 A unique identifier for each custom rule.

Status 200 application/json

Object type: CustomRule

Download schema: customRule-schema.json

Response body:

{
    "id": 661699,
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1,
    "ruleActivated": false,
    "tag": [
        "test"
    ],
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "He",
                "H",
                "Li"
            ]
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": "HTTP/0.9"
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ]
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "H",
                "He",
                "Li"
            ]
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "O",
                "N",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Carbon",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "Nitrogen",
                "N"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        },
        {
            "type": "clientCertPresentMatch",
            "positiveMatch": true
        },
        {
            "type": "clientCertValidMatch",
            "positiveMatch": true
        },
        {
            "type": "clientTlsFingerprintMatch",
            "positiveMatch": true,
            "value": [
                "aebbfa8e53e8661f"
            ]
        },
        {
            "type": "hostMatch",
            "positiveMatch": true,
            "value": [
                "Carbon.com",
                "Oxygen.info",
                "*.Nitrogen.gb"
            ]
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List custom rules and select a ruleId.

  3. Make a GET request to /appsec/v1/configs/{configId}/custom-rules/{ruleId}.

The response is a CustomRule object.

Modify a custom rule

Updates an existing custom rule.

PUT /appsec/v1/configs/{configId}/custom-rules/{ruleId}

Sample: /appsec/v1/configs/8277/custom-rules/661699

Content-Type: application/json

Object type: CustomRule

Download schema: customRule-schema.json

Request body:

{
    "id": 661699,
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1,
    "tag": [
        "test"
    ],
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "He",
                "H",
                "Li"
            ]
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": "HTTP/0.9"
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ]
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "H",
                "He",
                "Li"
            ]
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "O",
                "N",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Carbon",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "Nitrogen",
                "N"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        },
        {
            "type": "clientCertPresentMatch",
            "positiveMatch": true
        },
        {
            "type": "clientCertValidMatch",
            "positiveMatch": false
        },
        {
            "type": "clientTlsFingerprintMatch",
            "positiveMatch": true,
            "value": [
                "aebbfa8e53e8661f"
            ]
        },
        {
            "type": "hostMatch",
            "positiveMatch": true,
            "value": [
                "Carbon.com",
                "Oxygen.info",
                "*.Nitrogen.gb"
            ]
        }
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
ruleId Integer 661699 A unique identifier for each custom rule.

Status 200 application/json

Object type: CustomRule

Download schema: customRule-schema.json

Response body:

{
    "id": 661699,
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1,
    "ruleActivated": false,
    "tag": [
        "test"
    ],
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "He",
                "H",
                "Li"
            ]
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": "HTTP/0.9"
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ]
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "H",
                "He",
                "Li"
            ]
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "O",
                "N",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Carbon",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "Nitrogen",
                "N"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        },
        {
            "type": "clientCertPresentMatch",
            "positiveMatch": true
        },
        {
            "type": "clientCertValidMatch",
            "positiveMatch": true
        },
        {
            "type": "clientTlsFingerprintMatch",
            "positiveMatch": true,
            "value": [
                "aebbfa8e53e8661f"
            ]
        },
        {
            "type": "hostMatch",
            "positiveMatch": true,
            "value": [
                "Carbon.com",
                "Oxygen.info",
                "*.Nitrogen.gb"
            ]
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List custom rules and select a ruleId.

  3. Run Get a custom rule.

  4. Modify the CustomRule object.

  5. Make a PUT request to /appsec/v1/configs/{configId}/custom-rules/{ruleId}.

The response reflects the modified CustomRule object.

Remove a custom rule

Deletes a custom rule as long as it isn’t activated.

DELETE /appsec/v1/configs/{configId}/custom-rules/{ruleId}

Sample: /appsec/v1/configs/8277/custom-rules/661699

Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
ruleId Integer 661699 A unique identifier for each custom rule.

Status 204

  1. Run List configurations and select a configId.

  2. Run List custom rules and select a ruleId.

  3. Make a DELETE request to /appsec/v1/configs/{configId}/custom-rules/{ruleId}.

List custom rule actions

Returns a list of all configured custom rules for the specified configuration. It includes information for rules that are associated with this policy, as well as the latest versions of the rules in the configuration that aren’t associated with the current policy. Unassociated rules have an action of none.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/custom-rules

Sample: /appsec/v1/configs/8277/versions/25/security-policies/WC_3/custom-rules

Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String WC_3 A unique identifier for the security policy.

Status 200 application/json

Object type: CustomRuleActions

Download schema: customRuleActions.json

Response body:

{
    "customRules": [
        {
            "action": "alert",
            "link": "/appsec/v1/configs/16400/custom-rules/622918",
            "name": "Custom Rule Example 1",
            "id": 622918
        },
        {
            "action": "none",
            "link": "/appsec/v1/configs/16400/custom-rules/657604",
            "name": "Custom Rule Example 2",
            "id": 657604
        },
        {
            "action": "deny",
            "link": "/appsec/v1/configs/16400/custom-rules/615894",
            "name": "Custom Rule Example 3",
            "id": 615894
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies and select a policyId.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules.

The response is a CustomRuleActions object.

Modify a custom rule action

Updates the action of a custom rule.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/custom-rules/{ruleId}

Sample: /appsec/v1/configs/8277/versions/25/security-policies/WC_3/custom-rules/661699

Content-Type: application/json

Object type: CustomRuleActions

Download schema: updateCustomRuleAction.json

Request body:

{
    "action": "alert"
}
Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String WC_3 A unique identifier for the security policy.
ruleId Integer 661699 A unique identifier for each custom rule.

Status 200 application/json

Object type: CustomRuleActions

Download schema: updateCustomRuleAction.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List custom rule actions and select a ruleId.

  5. Make a PUT request with a single-member object containing the specified action to /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules/{ruleId}.

The response reflects the modified single-member object.

List API request constraints and actions

Beta. Return a list of APIs with their constraints and associated actions. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-request-constraints

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/api-request-constraints

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Download schema: apiRequestConstraintsActionSuccess.json

Response body:

{
    "apiEndpoints": [
        {
            "id": 1941,
            "action": "alert"
        },
        {
            "id": 1942,
            "action": "alert"
        },
        {
            "id": 1943,
            "action": "alert"
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-request-constraints.

The operation responds with an API constraints object.

Modify the request constraint action for all API

Beta. Update what action to take when any API request constraint triggers. Use alert to record the trigger of the event, deny to block the request, ‘deny_custom_{Custom Deny ID}’ to apply a custom deny response. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-request-constraints

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/api-request-constraints

Content-Type: application/json

Object type: ApiConstraints

Download schema: apiRequestConstraintsActionPutRequest.json

Request body:

{
    "action": "alert"
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Download schema: apiRequestConstraintsActionSuccess.json

Response body:

{
    "apiEndpoints": [
        {
            "id": 1941,
            "action": "alert"
        },
        {
            "id": 1942,
            "action": "alert"
        },
        {
            "id": 1943,
            "action": "alert"
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List API request constraints and actions.

  5. Modify the API constraints object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-request-constraints.

The operation responds with an API constraints object.

Modify an API request constraint’s action

Beta. Update what action to take when the API request constraint triggers. This operation modifies an individual API constraint action. To use this operation, run List all API request constraints and actions and pick an API from the ApiConstraints list. Use alert to record the trigger of the event, deny to block the request, or none to take no action. Currently the only member in the API Request Constraints object is action. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-request-constraints/{apiId}

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/api-request-constraints/12345

Content-Type: application/json

Object type: ApiConstraints

Download schema: apiRequestConstraintsActionPutRequest.json

Request body:

{
    "action": "alert"
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.
apiId Integer 12345 A unique identifier for each API.

Status 200 application/json

Download schema: apiRequestConstraintsActionPutSuccess.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List API request constraints and actions, select an id value, and store it as an apiId.

  5. Modify the API constraints object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-request-constraints/{apiId}.

The operation responds with a API constraints object.

List API endpoints

Beta. List the API endpoints associated with a security policy. This operation lists the endpoints. To manage them, use the Register an endpoint from API Endpoint Definition API. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-endpoints

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/api-endpoints

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a security policy.

Status 200 application/json

Download schema: apiEndpointsGetSuccess.json

Response body:

{
    "apiEndpoints": [
        {
            "id": 619183,
            "name": "Orders",
            "basePath": "/v1/orders",
            "apiEndPointHosts": [
                "sg.akamai.com"
            ],
            "stagingVersion": {
                "status": "ACTIVE",
                "versionNumber": 1
            },
            "productionVersion": {
                "status": "ACTIVE",
                "versionNumber": 1
            },
            "requestConstraintsEnabled": false
        },
        {
            "id": 624913,
            "name": "Catalog",
            "basePath": "/v1/catalog",
            "apiEndPointHosts": [
                "sg.akamai.com"
            ],
            "stagingVersion": {
                "status": "ACTIVE",
                "versionNumber": 1
            },
            "productionVersion": {
                "status": "ACTIVE",
                "versionNumber": 1
            },
            "requestConstraintsEnabled": true
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/api-endpoints.

The operation responds with an Api Endpoints object.

List reputation profiles

Beta. Returns reputation profiles for a specific security configuration version. To use reputation profiles, you need to add Client Reputation to Kona Site Defender on your contract. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles

Sample: /appsec/v1/configs/17027/versions/25/reputation-profiles

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Download schema: reputationProfilesList.json

Response body:

{
    "reputationProfiles": [
        {
            "id": 146254,
            "name": "Scanning Tools (High Threat)",
            "context": "SCANTL",
            "contextReadable": "Scanning Tools",
            "threshold": 9,
            "sharedIpHandling": "NON_SHARED",
            "enabled": false
        },
        {
            "id": 146258,
            "name": "Web Attackers (Low Threat)",
            "context": "WEBATCK",
            "contextReadable": "Web Attackers",
            "threshold": 5,
            "sharedIpHandling": "SHARED_ONLY",
            "enabled": false
        },
        {
            "id": 146259,
            "name": "Custom Reputation Profile",
            "context": "WEBATCK",
            "contextReadable": "Web Attackers",
            "threshold": 3,
            "sharedIpHandling": "SHARED_ONLY",
            "description": "this is a customized reputation profile",
            "enabled": true,
            "condition": {
                "id": "2156",
                "name": "Rep condition",
                "description": "Rep condition description",
                "atomicConditions": [
                    {
                        "positiveMatch": true,
                        "value": [
                            "cookie"
                        ],
                        "nameWildcard": true,
                        "name": "cookie",
                        "valueWildcard": true,
                        "className": "RequestCookieCondition"
                    }
                ],
                "positiveMatch": true
            }
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles.

The operation responds with a Reputation Profile object.

Create a reputation profile

Beta. Create a new reputation profile for a specific configuration version. Contact your account team if you’d like to run this operation.

POST /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles

Sample: /appsec/v1/configs/17027/versions/25/reputation-profiles

Content-Type: application/json

Object type: ReputationProfile

Download schema: reputationProfile.json

Request body:

{
    "name": "Web Attack Rep Profile",
    "description": "Reputation profile description",
    "context": "WEBATCK",
    "threshold": 5,
    "sharedIpHandling": "NON_SHARED",
    "condition": {
        "positiveMatch": true,
        "atomicConditions": [
            {
                "positiveMatch": true,
                "className": "AsNumberCondition",
                "value": [
                    "1"
                ]
            },
            {
                "positiveMatch": true,
                "nameWildcard": true,
                "valueWildcard": true,
                "className": "RequestCookieCondition",
                "nameCase": true,
                "name": "x-header"
            },
            {
                "positiveMatch": true,
                "valueWildcard": true,
                "className": "HostCondition",
                "host": [
                    "*.com"
                ]
            }
        ]
    }
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 201 application/json

Object type: ReputationProfile

Download schema: reputationProfile.json

Response body:

{
    "id": 2509987,
    "name": "Web Attack Rep Profile",
    "context": "WEBATCK",
    "description": "Reputation profile description",
    "threshold": 5,
    "sharedIpHandling": "NON_SHARED",
    "condition": {
        "atomicConditions": [
            {
                "checkIps": "connecting",
                "className": "AsNumberCondition",
                "index": 1,
                "positiveMatch": true,
                "value": [
                    "1"
                ]
            },
            {
                "className": "RequestCookieCondition",
                "index": 2,
                "name": "x-header",
                "nameCase": true,
                "nameWildcard": true,
                "positiveMatch": true,
                "valueCase": false,
                "valueWildcard": true
            },
            {
                "className": "HostCondition",
                "host": [
                    "*.com"
                ],
                "index": 3,
                "positiveMatch": true,
                "valueWildcard": true
            }
        ],
        "positiveMatch": true
    },
    "enabled": false
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Build a new Reputation Profile object.

  4. POST the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles.

The operation responds with a Reputation Profile object.

Get a reputation profile

Beta. Returns the details for a specific reputation profile. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles/{reputationProfileId}

Sample: /appsec/v1/configs/17027/versions/25/reputation-profiles/112231

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
reputationProfileId Integer 112231 A unique identifier for each reputation profile.

Status 200 application/json

Object type: ReputationProfile

Download schema: reputationProfile.json

Response body:

{
    "id": 2509987,
    "name": "Web Attack Rep Profile",
    "context": "WEBATCK",
    "description": "Reputation profile description",
    "threshold": 5,
    "sharedIpHandling": "NON_SHARED",
    "condition": {
        "atomicConditions": [
            {
                "checkIps": "connecting",
                "className": "AsNumberCondition",
                "index": 1,
                "positiveMatch": true,
                "value": [
                    "1"
                ]
            },
            {
                "className": "RequestCookieCondition",
                "index": 2,
                "name": "x-header",
                "nameCase": true,
                "nameWildcard": true,
                "positiveMatch": true,
                "valueCase": false,
                "valueWildcard": true
            },
            {
                "className": "HostCondition",
                "host": [
                    "*.com"
                ],
                "index": 3,
                "positiveMatch": true,
                "valueWildcard": true
            }
        ],
        "positiveMatch": true
    },
    "enabled": false
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List reputation profiles, select an id value, and store it as a reputationProfileId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles/{reputationProfileId}.

The operation responds with a Reputation Profile object.

Modify a reputation profile

Beta. Update details for a specific reputation profile. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles/{reputationProfileId}

Sample: /appsec/v1/configs/17027/versions/25/reputation-profiles/112231

Content-Type: application/json

Object type: ReputationProfile

Download schema: reputationProfile.json

Request body:

{
    "id": 2509987,
    "name": "Web Attack Rep Profile",
    "context": "WEBATCK",
    "description": "Reputation profile description",
    "threshold": 5,
    "sharedIpHandling": "NON_SHARED",
    "condition": {
        "atomicConditions": [
            {
                "checkIps": "connecting",
                "className": "AsNumberCondition",
                "index": 1,
                "positiveMatch": true,
                "value": [
                    "1"
                ]
            },
            {
                "className": "RequestCookieCondition",
                "index": 2,
                "name": "x-header",
                "nameCase": true,
                "nameWildcard": true,
                "positiveMatch": true,
                "valueCase": false,
                "valueWildcard": true
            },
            {
                "className": "HostCondition",
                "host": [
                    "abc.com"
                ],
                "index": 3,
                "positiveMatch": true,
                "valueWildcard": true
            }
        ],
        "positiveMatch": true
    },
    "enabled": false
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
reputationProfileId Integer 112231 A unique identifier for each reputation profile.

Status 200 application/json

Object type: ReputationProfile

Download schema: reputationProfile.json

Response body:

{
    "id": 2509987,
    "name": "Web Attack Rep Profile",
    "context": "WEBATCK",
    "description": "Reputation profile description",
    "threshold": 5,
    "sharedIpHandling": "NON_SHARED",
    "condition": {
        "atomicConditions": [
            {
                "checkIps": "connecting",
                "className": "AsNumberCondition",
                "index": 1,
                "positiveMatch": true,
                "value": [
                    "1"
                ]
            },
            {
                "className": "RequestCookieCondition",
                "index": 2,
                "name": "x-header",
                "nameCase": true,
                "nameWildcard": true,
                "positiveMatch": true,
                "valueCase": false,
                "valueWildcard": true
            },
            {
                "className": "HostCondition",
                "host": [
                    "*.com"
                ],
                "index": 3,
                "positiveMatch": true,
                "valueWildcard": true
            }
        ],
        "positiveMatch": true
    },
    "enabled": false
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List reputation profiles, select an id value, and store it as a reputationProfileId parameter.

  4. Run Get a reputation profile.

  5. Modify the Reputation Profile object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles/{reputationProfileId}.

The operation responds with a ReputationProfile object.

Remove a reputation profile

Beta. Delete a reputation profile. You can’t delete a reputation profile that is actively in use. To delete the reputation profile, first activate an older configuration version or create a new version without that policy in place. Contact your account team if you’d like to perform this operation.

DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles/{reputationProfileId}

Sample: /appsec/v1/configs/17027/versions/25/reputation-profiles/112231

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
reputationProfileId Integer 112231 A unique identifier for each reputation profile.

Status 204

  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List reputation profiles, select an id value, and store it as a reputationProfileId parameter.

  4. Make a DELETE request to /appsec/v1/configs/{configId}/versions/{versionNumber}/reputation-profiles/{reputationProfileId}.

Get the reputation analysis settings

Beta. Return the current reputation analysis settings. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-analysis

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/reputation-analysis

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.

Status 200 application/json

Download schema: reputationAnalysisSettingsGetSuccess.json

Response body:

{
    "forwardToHTTPHeader": true,
    "forwardSharedIPToHTTPHeaderAndSIEM": true
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-analysis.

The operation responds with a ReputationAnalysis object.

Update the reputation analysis settings

Beta. Toggle the options forwardToHTTPHeader and forwardSharedIPToHTTPHeaderAndSIEM on and off. forwardToHTTPHeader is the option to add client reputation details to requests forwarded to origin in an HTTP header. forwardSharedIPToHTTPHeaderAndSIEM is the option to add value indicating that shared IPs are included in HTTP header and SIEM integration when used. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-analysis

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/reputation-analysis

Content-Type: application/json

Object type: ReputationAnalysis

Download schema: reputationAnalysisSettingsPutRequest.json

Request body:

{
    "forwardToHTTPHeader": true,
    "forwardSharedIPToHTTPHeaderAndSIEM": true
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.

Status 200 application/json

Download schema: reputationAnalysisSettingsPutSuccess.json

Response body:

{
    "forwardToHTTPHeader": true,
    "forwardSharedIPToHTTPHeaderAndSIEM": true
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run Get the reputation analysis settings.

  5. Modify the ReputationAnalysis object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-analysis.

The operation responds with a ReputationAnalysis object.

List reputation profile actions

Beta. Return a list of reputation profiles with their associated actions. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-profiles

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/reputation-profiles

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.

Status 200 application/json

Object type: ReputationProfileAction

Download schema: reputationProfileGetActionsSuccess.json

Response body:

{
    "reputationProfiles": [
        {
            "id": 102718,
            "action": "alert"
        },
        {
            "id": 102719,
            "action": "deny"
        }
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-profiles.

The operation responds with a ReputationProfileAction object.

Get the action for a reputation profile

Beta. Return the action a reputation profile takes when triggered. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-profiles/{reputationProfileId}

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/reputation-profiles/12345

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.
reputationProfileId Integer 12345 A unique identifier for each reputation profile.

Status 200 application/json

Download schema: reputationProfileGetActionSuccess.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List reputation profile actions, select an id value, and store is as a reputationProfileId parameter.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-profiles/{reputationProfileId}.

The operation responds with a ReputationProfileAction object.

Modify the action for a reputation profile

Beta. Update what action to take when reputation profile’s rule triggers. Use alert to record the trigger of the event, deny to block the request, or none to take no action. Currently the only member in the reputation profile object is action. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-profiles/{reputationProfileId}

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/reputation-profiles/12345

Content-Type: application/json

Download schema: reputationProfileSetActionRequest.json

Request body:

{
    "action": "alert"
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy.
reputationProfileId Integer 12345 A unique identifier for each reputation profile.

Status 200 application/json

Object type: ReputationProfileAction

Download schema: reputationProfileSetActionSuccess.json

Response body:

{
    "action": "alert"
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run List reputation profile actions, select an id value, and store is as a reputationProfileId parameter.

  5. Run Get a reputation profile’s action.

  6. Modify the ReputationProfileAction object.

  7. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/reputation-profiles/{reputationProfileId}.

The operation responds with a ReputationProfileAction object.

Get protections

Beta. Get the protections and whether they are enabled or disabled in a security policy. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/protections

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/protections

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy

Status 200 application/json

Object type: Protections

Download schema: securityPolicyGetProtectionsSuccess.json

Response body:

{
    "applyApiConstraints": true,
    "applyApplicationLayerControls": true,
    "applyNetworkLayerControls": true,
    "applyRateControls": true,
    "applySlowPostControls": true,
    "applyReputationControls": true
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/protections.

The operation responds with a Protections object.

Modify protections

Beta. Update the security policy protections. This applies a set of protections that you can enable individually. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/protections

Sample: /appsec/v1/configs/17027/versions/25/security-policies/boBF_19288/protections

Content-Type: application/json

Object type: Protections

Download schema: securityPolicySetProtectionsRequest.json

Request body:

{
    "applyApiConstraints": false,
    "applyApplicationLayerControls": true,
    "applyNetworkLayerControls": true,
    "applyRateControls": true,
    "applySlowPostControls": true,
    "applyReputationControls": true
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
policyId String boBF_19288 A unique identifier for a policy

Status 200 application/json

Download schema: securityPolicySetProtectionsSuccess.json

Response body:

{
    "applyApiConstraints": false,
    "applyApplicationLayerControls": true,
    "applyNetworkLayerControls": true,
    "applyRateControls": true,
    "applySlowPostControls": true,
    "applyReputationControls": true
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run List security policies, select an id value, and save it as a policyId parameter.

  4. Run Get protections.

  5. Modify the Protections object.

  6. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/protections.

The operation responds with a Protections object.

Get SIEM settings

Beta. Return SIEM settings for a specific configuration. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/siem

Sample: /appsec/v1/configs/17027/versions/1/siem

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 1 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: SIEM

Download schema: siemSettings.json

Response body:

{
    "enableForAllPolicies": false,
    "enableSiem": true,
    "enabledBotmanSiemEvents": false,
    "siemDefinitionId": 1,
    "firewallPolicyIds": [
        "qik2_38799",
        "4444_44572",
        "teet_39295",
        "ds22_48583"
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/siem.

The operation responds with a SIEM object.

Modify SIEM settings

Beta. Update SIEM settings for a specific configuration. Contact your account team if you’d like to run this operation.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/siem

Sample: /appsec/v1/configs/17027/versions/1/siem

Content-Type: application/json

Object type: SIEM

Download schema: siemSettings.json

Request body:

{
    "enableForAllPolicies": false,
    "enableSiem": true,
    "enabledBotmanSiemEvents": false,
    "siemDefinitionId": 1,
    "firewallPolicyIds": [
        "qik2_38799",
        "4444_44572",
        "teet_39295",
        "ds22_48583"
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 1 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: SIEM

Download schema: siemSettings.json

Response body:

{
    "enableForAllPolicies": false,
    "enableSiem": true,
    "enabledBotmanSiemEvents": false,
    "siemDefinitionId": 1,
    "firewallPolicyIds": [
        "qik2_38799",
        "4444_44572",
        "teet_39295",
        "ds22_48583"
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Run List configuration versions and select a versionNumber.

  3. Run Get SIEM settings.

  4. Modify the SIEM object.

  5. PUT the object to /appsec/v1/configs/{configId}/versions/{versionNumber}/siem.

The operation responds with a SIEM object.

Get SIEM versions

Beta. Get available SIEM versions. Contact your account team if you’d like to run this operation.

GET /appsec/v1/siem-definitions

Status 200 application/json

Download schema: siemVersionsList.json

Response body:

{
    "siemDefinitions": [
        {
            "id": 1,
            "name": "SIEM Version 01"
        }
    ]
}

List subscribers

Beta.List all subscribers to a feature for a security configuration. The response array is empty if no subscribers exist. Currently, the only feature is AAG_TUNING_REC for AAG rule sets. Contact your account team if you’d like to run this operation.

GET /appsec/v1/configs/{configId}/notification/subscription/{feature}

Sample: /appsec/v1/configs/17027/notification/subscription/AAG_TUNING_REC

Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
feature String AAG_TUNING_REC A unique identifier for each subscription feature.

Status 200 application/json

Download schema: appsecConfigSubscriptionResponse.json

Response body:

{
    "emails": [
        "subscriber1@email.com",
        "subscriber2@email.com",
        "subscriber3@email.com"
    ]
}
  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Use AAG_TUNING_REC for the feature parameter.

  3. Make a GET request to /appsec/v1/configs/{configId}/notification/subscription/{feature}.

The operation responds with a Subscription object.

Subscribe or unsubscribe to recommendation emails

Beta. Set the request object’s action to subscribe to add user emails to the subscription object. Use unsubscribe to remove them from the list. The lists are organized by features. Currently, the only feature is AAG_TUNING_REC for AAG rule sets. Contact your account team if you’d like to run this operation.

POST /appsec/v1/configs/{configId}/notification/subscription/{feature}

Sample: /appsec/v1/configs/17027/notification/subscription/AAG_TUNING_REC

Content-Type: application/json

Object type: Subscription

Download schema: appsecConfigSubscriptionRequest.json

Request body:

{
    "action": "subscribe",
    "emails": [
        "subscriber1@email.com",
        "subscriber2@email.com",
        "subscriber3@email.com"
    ]
}
Parameter Type Sample Description
URL path parameters
configId Integer 17027 A unique identifier for each configuration.
feature String AAG_TUNING_REC A unique identifier for each subscription feature.

Status 204

  1. Run List configurations, select an id value, and store it as a configId parameter.

  2. Use AAG_TUNING_REC for the feature parameter.

  3. Build a new Subscription object.

  4. POST the object to /appsec/v1/configs/{configId}/notification/subscription/{feature}.

Activate a configuration version

Activates one or more configurations globally.

POST /appsec/v1/activations

Content-Type: application/json

Object type: Activation

Download schema: activations-request.json

Request body:

{
    "action": "ACTIVATE",
    "network": "STAGING",
    "note": "Free text notes",
    "notificationEmails": [
        "a@abc.com",
        "b@abc.com"
    ],
    "activationConfigs": [
        {
            "configId": 1,
            "configVersion": 4
        }
    ]
}

Status 200 application/json

Object type: Activation

Download schema: activation-status.json

Response body:

{
    "dispatchCount": 1,
    "activationId": 1234,
    "action": "ACTIVATE",
    "status": "RECEIVED",
    "network": "PRODUCTION",
    "estimate": "PTM5",
    "createdBy": "user1",
    "createDate": "2013-10-07T17:41:52+00:00",
    "activationConfigs": [
        {
            "configId": 1,
            "configName": "config 1",
            "configVersion": 4,
            "previousConfigVersion": 2
        }
    ]
}

Status 202 application/json

Headers:

Location: /appsec/v1/activations/status/f81c92c5-b150-4c41-9b53-9cef7969150a

Download schema: activation-request-status-created.json

Response body:

{
    "statusId": "f81c92c5-b150-4c41-9b53-9cef7969150a",
    "createDate": "2018-06-19T11:27:55Z",
    "links": {
        "check-status": {
            "href": "/appsec/v1/activations/status/f81c92c5-b150-4c41-9b53-9cef7969150a"
        }
    }
}
  1. Create an Activation object.

  2. Make a POST request to /appsec/v1/activations.

The response reflects the complete Activation object.

Get an activation request status

Returns the status of a long-running activation request. Any errors that occur when generating the activation cause this API to respond with the underlying error status.

GET /appsec/v1/activations/status/{statusId}

Sample: /appsec/v1/activations/status/f81c92c5-b150-4c41-9b53-9cef7969150a

Parameter Type Sample Description
URL path parameters
statusId String f81c92c5-b150-4c41-9b53-9cef7969150a UUID of this activation request status.

Status 200 application/json

Headers:

Retry-After: 300

Download schema: activation-request-status-in-progress.json

Response body:

{
    "statusId": "f81c92c5-b150-4c41-9b53-9cef7969150a",
    "createDate": "2018-06-19T11:27:55Z"
}

Status 303 application/json

Headers:

Location: /appsec/v1/activations/1234

Download schema: activation-request-status-complete.json

Response body:

{
    "activationId": 1234
}
  1. Activate a configuration version, if you haven’t already done so, and note the statusId in the response.

  2. Make a GET request to /appsec/v1/activations/status/{statusId}.

  3. The response produces an object with an HTTP status code and relevant activation request data in the header.

  4. The optional Retry-After response header indicates the number of seconds to wait before submitting another status request.

  5. The optional Location response header indicates the URL of the specified activation.

Get activation status

Returns the status of an activation.

GET /appsec/v1/activations/{activationId}

Sample: /appsec/v1/activations/1234

Parameter Type Sample Description
URL path parameters
activationId Number 1234 A unique identifier for an activation.

Status 200 application/json

Object type: Activation

Download schema: activation-status.json

Response body:

{
    "dispatchCount": 1,
    "activationId": 1234,
    "action": "ACTIVATE",
    "status": "RECEIVED",
    "network": "PRODUCTION",
    "estimate": "PTM5",
    "createdBy": "user1",
    "createDate": "2013-10-07T17:41:52+00:00",
    "activationConfigs": [
        {
            "configId": 1,
            "configName": "config 1",
            "configVersion": 4,
            "previousConfigVersion": 2
        }
    ]
}
  1. Run Activate a configuration version and note the activationId in the response object.

  2. Make a GET request to /appsec/v1/activations/{activationId}.

The response is an Activation object.

Export a configuration version

Returns comprehensive details about a security configuration version. This operation returns more data than Get configuration version details, including rate and security policies, rules, hostnames, and numerous additional settings.

GET /appsec/v1/export/configs/{configId}/versions/{versionNumber}

Sample: /appsec/v1/export/configs/8277/versions/2

Parameter Type Sample Description
URL path parameters
configId Integer 8277 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.

Status 200 application/json

Object type: Export

Download schema: export.json

Response body:

{
    "configId": 8277,
    "configName": "New Security Config",
    "version": 2,
    "basedOn": 1,
    "createDate": "2017-09-08T22:24:41Z",
    "createdBy": "disharma",
    "selectableHosts": [
        "www.example1.com",
        "www.example2.com"
    ],
    "selectedHosts": [
        "www.example3.com",
        "www.example4.com"
    ],
    "staging": {
        "status": "Inactive"
    },
    "production": {
        "status": "Inactive"
    },
    "matchTargets": {
        "websiteTargets": [
            {
                "type": "website",
                "defaultFile": "NO_MATCH",
                "id": 1362593,
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "sequence": 1,
                "fileExtensions": [
                    "jpg"
                ],
                "filePaths": [
                    "/path"
                ],
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyApiConstraints": true,
                    "applyNetworkLayerControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": false,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "qik3_38800"
                },
                "bypassNetworkLists": [
                    {
                        "id": "11212_BYPASSURR",
                        "name": "bypass-URR"
                    }
                ]
            },
            {
                "type": "website",
                "defaultFile": "NO_MATCH",
                "id": 1362594,
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "sequence": 2,
                "filePaths": [
                    "/images",
                    "/image1",
                    "/path"
                ],
                "hostnames": [
                    "b2c.div1.akamaniac.com"
                ],
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyApiConstraints": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "qik2_38799"
                }
            }
        ],
        "apiTargets": [
            {
                "type": "api",
                "id": 1362597,
                "sequence": 6,
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": false,
                    "applyApiConstraints": false,
                    "applyNetworkLayerControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": false,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "99e_47293"
                },
                "apis": [
                    {
                        "id": 1041,
                        "name": "hmm test"
                    }
                ],
                "bypassNetworkLists": [
                    {
                        "id": "1024_AMAZONELASTICCOMPUTECLOU",
                        "name": "Ec2 Akamai Network List"
                    },
                    {
                        "id": "1283_MICROSOFTWINDOWSAZUREDAT",
                        "name": "Azure IP range cloud services"
                    }
                ]
            },
            {
                "type": "api",
                "id": 1362598,
                "sequence": 7,
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": false,
                    "applyApiConstraints": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": false,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "4444_44572"
                },
                "apis": [
                    {
                        "id": 1001,
                        "name": "1001"
                    },
                    {
                        "id": 1041,
                        "name": "hmm test"
                    }
                ],
                "bypassNetworkLists": [
                    {
                        "id": "11212_BYPASSURR",
                        "name": "bypass-URR"
                    }
                ]
            }
        ]
    },
    "siem": {
        "configId": 17027,
        "configVersion": 22,
        "enableForAllPolicies": false,
        "enableSiem": true,
        "enabledBotmanSiemEvents": false,
        "siemDefinitionId": 1,
        "firewallPolicyIds": [
            "qik2_38799",
            "4444_44572",
            "teet_39295",
            "ds22_48583"
        ]
    },
    "advancedOptions": {
        "logging": {
            "allowSampling": true,
            "cookies": {
                "type": "exclude",
                "values": [
                    "_updated_By_SoapUI",
                    "w",
                    "NEW_VAL_ADDED_BY_SoapUI"
                ]
            },
            "customHeaders": {
                "type": "only",
                "values": [
                    "112",
                    "sdasd",
                    "ds"
                ]
            },
            "standardHeaders": {
                "type": "only"
            }
        },
        "prefetch": {
            "allExtensions": false,
            "enableAppLayer": true,
            "enableRateControls": false,
            "extensions": [
                "cgi",
                "jsp",
                "EMPTY_STRING",
                "aspx",
                "php",
                "py",
                "asp"
            ]
        },
        "pragmaHeader": {
            "action": "REMOVE",
            "conditionOperator": "AND",
            "excludeCondition": [
                {
                    "header": "Expect",
                    "positiveMatch": true,
                    "type": "requestHeaderValueMatch",
                    "useHeaders": false,
                    "value": [
                        "dasd"
                    ],
                    "valueCase": true,
                    "valueWildcard": true
                },
                {
                    "positiveMatch": true,
                    "type": "networkList",
                    "useHeaders": true,
                    "value": [
                        "62569_AEPUAT1PARTNERSSTRICTWL"
                    ],
                    "valueCase": false,
                    "valueWildcard": false
                }
            ],
            "override": true
        }
    },
    "errorHosts": [
        {
            "reasonCode": 400,
            "hostname": "bankoflaverty.com",
            "reason": "property is not active in either production or staging"
        },
        {
            "reasonCode": 403,
            "hostname": "culledentropy.com",
            "reason": "You don't have access to this property"
        }
    ],
    "ratePolicies": [
        {
            "averageThreshold": 3,
            "burstThreshold": 2,
            "clientIdentifier": "",
            "createDate": "2017-09-08T22:24:42Z",
            "id": 672601,
            "matchType": "path",
            "name": "dsafsfdsf",
            "pathMatchType": "RequestDisabled",
            "pathUriPositiveMatch": true,
            "requestType": "ClientRequest",
            "sameActionOnIpv6": true,
            "type": "BOTMAN",
            "updateDate": "2017-09-08T22:24:42Z",
            "useXForwardForHeaders": false,
            "used": false,
            "queryParameters": [
                {
                    "name": "dasdasdasd*",
                    "positiveMatch": true,
                    "valueInRange": false,
                    "values": [
                        "dasdasdas8*&^"
                    ]
                }
            ]
        },
        {
            "averageThreshold": 1000,
            "burstThreshold": 10,
            "clientIdentifier": "ip",
            "createDate": "2017-09-08T22:24:42Z",
            "description": "These Shared Resources will be available to all policies within the Security Configuration",
            "id": 672607,
            "matchType": "path",
            "name": "These Shared Resources will be available to all policies within the Security Configuration",
            "pathMatchType": "Custom",
            "pathUriPositiveMatch": true,
            "requestType": "ClientRequest",
            "sameActionOnIpv6": true,
            "type": "WAF",
            "updateDate": "2017-09-08T22:24:42Z",
            "useXForwardForHeaders": false,
            "used": true,
            "additionalMatchOptions": [
                {
                    "positiveMatch": true,
                    "type": "NetworkListCondition",
                    "values": [
                        "25620_REPUTATIONWHITELIST174",
                        "11212_BYPASSURR"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "RequestMethodCondition",
                    "values": [
                        "GET",
                        "HTTP_DELETE"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "UserAgentCondition",
                    "values": [
                        "MOZILLA",
                        "Googlebot"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "RequestMethodCondition",
                    "values": [
                        "GET",
                        "POST",
                        "HEAD"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "ResponseStatusCondition",
                    "values": [
                        "400",
                        "401",
                        "402",
                        "403",
                        "404",
                        "405",
                        "406",
                        "407",
                        "408",
                        "409",
                        "410",
                        "500",
                        "501",
                        "502",
                        "503",
                        "504"
                    ]
                }
            ],
            "queryParameters": [
                {
                    "name": "param1",
                    "positiveMatch": false,
                    "valueInRange": true,
                    "values": [
                        "value1"
                    ]
                }
            ]
        }
    ],
    "reputationProfiles": [
        {
            "context": "SCANTL",
            "contextReadable": "Scanning Tools",
            "enabled": true,
            "id": 210588,
            "name": "Scanning Tools (Low Threat)",
            "threshold": 5
        },
        {
            "context": "WEBATCK",
            "contextReadable": "Web Attackers",
            "enabled": false,
            "id": 210578,
            "name": "Web Attackers (Low Threat)",
            "threshold": 5,
            "condition": {
                "canDelete": false,
                "configVersionId": 152889,
                "id": 88112456,
                "name": "Cloned of 87956156 for version 152889",
                "positiveMatch": true,
                "uuid": "SEC_COND_88112456",
                "version": 1504909482545,
                "atomicConditions": [
                    {
                        "className": "RequestHeaderCondition",
                        "index": 1,
                        "nameWildcard": false,
                        "positiveMatch": true,
                        "valueCase": false,
                        "valueWildcard": false,
                        "name": [
                            "test*"
                        ],
                        "value": [
                            "test*"
                        ]
                    },
                    {
                        "className": "RequestHeaderCondition",
                        "index": 2,
                        "nameWildcard": true,
                        "positiveMatch": true,
                        "valueCase": false,
                        "valueWildcard": true,
                        "name": [
                            "Head",
                            "Header"
                        ],
                        "value": [
                            "Header value"
                        ]
                    },
                    {
                        "checkIps": "connecting",
                        "className": "NetworkListCondition",
                        "index": 3,
                        "positiveMatch": true,
                        "value": [
                            "14121_IMAGEMANAGERSERVERS"
                        ]
                    },
                    {
                        "className": "RequestCookieCondition",
                        "index": 4,
                        "name": "cookieName",
                        "nameCase": false,
                        "nameWildcard": true,
                        "positiveMatch": true,
                        "valueCase": false,
                        "valueWildcard": true,
                        "value": [
                            "cookieValue"
                        ]
                    },
                    {
                        "checkIps": "connecting",
                        "className": "AsNumberCondition",
                        "index": 5,
                        "positiveMatch": true,
                        "value": [
                            "5"
                        ]
                    }
                ]
            }
        }
    ],
    "customRules": [
        {
            "configId": 17027,
            "id": 667828,
            "name": "UXR-715 RE2 Second Test with Flags",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "tagfor",
                "17.2"
            ],
            "conditions": [
                {
                    "type": "requestMethodMatch",
                    "positiveMatch": true,
                    "value": [
                        "GET"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "description": "Test CR",
            "id": 600001,
            "name": "Test CR",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "Test",
                "Tag"
            ],
            "conditions": [
                {
                    "type": "extensionMatch",
                    "positiveMatch": true,
                    "valueCase": true,
                    "valueWildcard": false,
                    "value": [
                        "fdf"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "description": "Test CR",
            "id": 600006,
            "name": "Test CR",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "k"
            ],
            "conditions": [
                {
                    "type": "cookieMatch",
                    "name": "kids",
                    "nameCase": true,
                    "nameWildcard": false,
                    "positiveMatch": true,
                    "valueCase": true,
                    "valueWildcard": true,
                    "value": [
                        "dsds",
                        "dasdqw",
                        "dsa",
                        "dqwd",
                        "csqw"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "id": 606713,
            "name": "Test",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "adsa"
            ],
            "conditions": [
                {
                    "type": "pathMatch",
                    "positiveMatch": true,
                    "value": [
                        "/login"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "description": "Test CR",
            "id": 690265,
            "name": "Test CR2",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "ee"
            ],
            "conditions": [
                {
                    "type": "argsPostMatch",
                    "name": "fvfv",
                    "positiveMatch": true,
                    "value": [
                        "fgbr"
                    ]
                },
                {
                    "type": "requestHeaderMatch",
                    "nameWildcard": true,
                    "positiveMatch": true,
                    "valueCase": false,
                    "valueWildcard": true,
                    "name": [
                        "test"
                    ],
                    "value": [
                        "test1"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "id": 667825,
            "inspectRequest": false,
            "inspectResponse": false,
            "metadata": "<match:variable name=\"MY_SAMPLE_THREAT_DETECTED\" result=\"true\" value=\"execute rule\">\n<match:regex impl=\"re2\" regex=\"^\\d+$\" result=\"false\" select=\"REQUEST_HEADERS:Content-Length\" strict-err-check-re2=\"on\" transform=\"urlDecodeUni\">\n<security:firewall.action>\n<msg>UXR-715 CRB Metadata testing</msg>\n<tag>CUSTOM/TEST</tag>\n<id>667825</id>\n<deny>%(WAF_CUSTOM_R667825_DENY)</deny>\n<data>threat indicated from data %(MY_SAMPLE_THREAT_DETECTED)</data>\n<http-status>403</http-status>\n</security:firewall.action>\n</match:regex>\n</match:variable>\n",
            "name": "UXR-715 RE27890",
            "ruleActivated": false,
            "structured": false,
            "version": 1
        }
    ],
    "rulesets": [
        {
            "id": 41,
            "rulesetVersionId": 327550,
            "type": "Kona",
            "releaseDate": "2017-04-21T16:00:38Z",
            "attackGroups": [
                {
                    "group": "DDOS",
                    "groupName": "Anomaly Score Exceeded for DDoS",
                    "threshold": 5
                },
                {
                    "group": "IN",
                    "groupName": "Anomaly Score Exceeded for Inbound",
                    "threshold": 30
                },
                {
                    "group": "SQL",
                    "groupName": "Anomaly Score Exceeded for SQL Injection",
                    "threshold": 19
                },
                {
                    "group": "TROJAN",
                    "groupName": "Anomaly Score Exceeded for Trojan",
                    "threshold": 4
                },
                {
                    "group": "XSS",
                    "groupName": "Anomaly Score Exceeded for Cross-Site Scripting",
                    "threshold": 9
                }
            ],
            "rules": [
                {
                    "id": 699989,
                    "inspectRequestBody": false,
                    "inspectResponseBody": false,
                    "ruleVersion": 1,
                    "score": 5,
                    "tag": "<AKAMAI/PRAGMA_DEFLECTION>",
                    "title": "Akamai-X debug Pragma header detected and removed"
                },
                {
                    "id": 699990,
                    "inspectRequestBody": false,
                    "inspectResponseBody": false,
                    "ruleVersion": 1,
                    "score": 5,
                    "tag": "<AKAMAI/EDGESCAPE_ANONYMOUS_PROXY_v1>",
                    "title": "Detected request from anonymous proxy"
                },
                {
                    "id": 981252,
                    "inspectRequestBody": true,
                    "inspectResponseBody": false,
                    "ruleVersion": 4,
                    "score": 5,
                    "tag": "<OWASP_CRS/WEB_ATTACK/SQL_INJECTION>",
                    "title": "MySQL Charset Switch and MSSQL DoS Attempts",
                    "attackGroups": [
                        "SQL",
                        "IN"
                    ]
                },
                {
                    "id": 3000060,
                    "inspectRequestBody": true,
                    "inspectResponseBody": false,
                    "ruleVersion": 2,
                    "score": 1000,
                    "tag": "<AKAMAI/AUTOMATION/MALICIOUS>",
                    "title": "Mirai / Kaiten DDoS Detection - HTTP Attacks",
                    "attackGroups": [
                        "IN",
                        "DDOS"
                    ]
                },
                {
                    "id": 3000061,
                    "inspectRequestBody": true,
                    "inspectResponseBody": false,
                    "ruleVersion": 1,
                    "score": 5,
                    "tag": "<AKAMAI/WEB_ATTACK/XSS>",
                    "title": "Referer Header From OpenBugBounty Website - Potential XSS",
                    "attackGroups": [
                        "XSS",
                        "IN"
                    ]
                }
            ]
        }
    ],
    "securityPolicies": [
        {
            "id": "qik2_38799",
            "name": "Generated Quick Policy - 4/10/17 7:13:18 PM GMT",
            "hasRatePolicyWithApiKey": false,
            "pragmaHeader": {
                "action": "REMOVE",
                "conditionOperator": "AND",
                "excludeCondition": [
                    {
                        "header": "Expect",
                        "positiveMatch": true,
                        "type": "requestHeaderValueMatch",
                        "useHeaders": false,
                        "value": [
                            "dasd"
                        ],
                        "valueCase": true,
                        "valueWildcard": true
                    },
                    {
                        "positiveMatch": true,
                        "type": "networkList",
                        "useHeaders": true,
                        "value": [
                            "62569_AEPUAT1PARTNERSSTRICTWL"
                        ],
                        "valueCase": false,
                        "valueWildcard": false
                    }
                ],
                "override": true
            },
            "networkLayerControls": {
                "block": "blockSpecificIPGeo",
                "geoControls": {
                    "blockedIPNetworkLists": {
                        "additional": [
                            "AF",
                            "AS"
                        ],
                        "networkList": [
                            "4389_BLANKLIST"
                        ]
                    }
                },
                "slowPost": {
                    "action": "alert",
                    "durationThreshold": {
                        "timeout": 5
                    },
                    "slowRateThreshold": {
                        "rate": 10,
                        "period": 60
                    }
                },
                "ipControls": {
                    "allowedIPNetworkLists": {
                        "additional": [
                            "2.2.2.2"
                        ],
                        "networkList": [
                            "12801_25000",
                            "19440_1671"
                        ]
                    },
                    "blockedIPNetworkLists": {
                        "additional": [
                            "1.1.1.1"
                        ],
                        "networkList": [
                            "16656_CPISERVERS",
                            "18460_166RELEASETESTING"
                        ]
                    }
                }
            },
            "ruleActions": [
                {
                    "action": "alert",
                    "id": 960912,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "alert",
                    "id": 960035,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "alert",
                    "id": 981300,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "deny",
                    "id": 3000001,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "alert",
                    "id": 970903,
                    "rulesetVersionId": 327550,
                    "exception": {
                        "values": [
                            "test",
                            "sdfasf"
                        ],
                        "selectors": [
                            {
                                "type": "GENERIC",
                                "selector": "REQUEST_COOKIES"
                            },
                            {
                                "type": "EXACT",
                                "name": "cccx",
                                "selector": "XML_PAIRS",
                                "value": "vvv"
                            },
                            {
                                "type": "GENERIC",
                                "selector": "REQUEST_COOKIES"
                            },
                            {
                                "type": "GENERIC",
                                "selector": "ARGS"
                            }
                        ]
                    },
                    "conditions": [
                        {
                            "type": "hostMatch",
                            "positiveMatch": true,
                            "hosts": [
                                "www.example.com",
                                "*.example.com"
                            ]
                        },
                        {
                            "type": "pathMatch",
                            "positiveMatch": false,
                            "paths": [
                                "/a/d",
                                "/test/"
                            ]
                        },
                        {
                            "type": "uriQueryMatch",
                            "caseSensitive": false,
                            "name": "test",
                            "nameCase": false,
                            "positiveMatch": false,
                            "value": "value",
                            "wildcard": false
                        },
                        {
                            "type": "requestHeaderMatch",
                            "header": "user-agent",
                            "positiveMatch": false,
                            "value": "test-agent-*",
                            "valueCase": false,
                            "valueWildcard": true
                        }
                    ]
                }
            ],
            "attackGroupActions": [
                {
                    "action": "deny",
                    "group": "SQL",
                    "rulesetVersionId": 327550,
                    "exception": {
                        "specificHeaderCookieParamXmlOrJsonNames": [
                            {
                                "selector": "REQUEST_HEADERS_NAMES",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "test"
                                ],
                                "selector": "REQUEST_HEADERS",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_COOKIES_NAMES",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "XSRF_TOKEN"
                                ],
                                "selector": "REQUEST_COOKIES",
                                "wildcard": true
                            },
                            {
                                "selector": "ARGS_NAMES",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "value"
                                ],
                                "selector": "ARGS",
                                "wildcard": true
                            },
                            {
                                "selector": "JSON_NAMES",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "val"
                                ],
                                "selector": "JSON_PAIRS",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "test"
                                ],
                                "selector": "XML_PAIRS",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_PROTOCOL",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_METHOD",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_URI",
                                "wildcard": true
                            },
                            {
                                "selector": "QUERY_STRING",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_FILENAME",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_PATH_SEGMENT",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_BODY",
                                "wildcard": true
                            },
                            {
                                "selector": "REQBODY_PROCESSOR_ERROR",
                                "wildcard": true
                            },
                            {
                                "selector": "FILES_NAMES",
                                "wildcard": true
                            }
                        ]
                    }
                },
                {
                    "action": "deny",
                    "group": "XSS",
                    "rulesetVersionId": 327550
                },
                {
                    "action": "deny",
                    "group": "IN",
                    "rulesetVersionId": 327550
                }
            ],
            "customRuleActions": [
                {
                    "action": "deny",
                    "id": 628035
                },
                {
                    "action": "alert",
                    "id": 628037
                }
            ],
            "reputationProfileActions": [
                {
                    "action": "alert",
                    "id": 281778
                },
                {
                    "action": "deny",
                    "id": 210588
                }
            ],
            "ratePolicyActions": [
                {
                    "id": 0,
                    "ipv4Action": "alert",
                    "ipv6Action": "deny"
                },
                {
                    "id": 0,
                    "ipv4Action": "alert",
                    "ipv6Action": "none"
                }
            ]
        },
        {
            "id": "qqqq_39297",
            "name": "qqqqqq",
            "hasRatePolicyWithApiKey": false
        },
        {
            "id": "178t_48704",
            "name": "Copy of Tet-a-Tet with 17.8",
            "hasRatePolicyWithApiKey": false,
            "networkLayerControls": {
                "block": "blockSpecificIPGeo",
                "ipControls": {
                    "blockedIPNetworkLists": {
                        "networkList": [
                            "24321_TESTNW"
                        ]
                    }
                }
            },
            "apiRequestConstraints": {
                "action": "",
                "apiEndpoints": [
                    {
                        "id": 1941,
                        "action": "alert"
                    },
                    {
                        "id": 1942,
                        "action": "alert"
                    },
                    {
                        "id": 1943,
                        "action": "alert"
                    }
                ]
            },
            "reputationProfileActions": [
                {
                    "action": "alert",
                    "id": 281778
                },
                {
                    "action": "alert",
                    "id": 281776
                }
            ]
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a versionNumber.

  3. Make a GET request to /appsec/v1/export/configs/{configId}/versions/{versionNumber}.

The response is a Configuration object containing all configured hostnames, match targets, and custom rules.

Data

This section provides you with the data model for the Application Security API.

Download the JSON schemas for this API.

This section’s data schema tables list membership requirements as follows:

Member is required in requests, or always present in responses, even if its value is empty or null.
Member is optional, and may be omitted in some cases.
Member is out of scope, and irrelevant to the specified interaction context. If you include the member in that context, it either triggers an error, or is ignored.

Configuration

Contains details about a security configuration.

Download schema: configListing.json

Sample GET response:

{
    "configurations": [
        {
            "id": 22330,
            "latestVersion": 5,
            "name": "CaroTestTransition2Versioning",
            "description": "(user notes)"
        },
        {
            "id": 7180,
            "latestVersion": 9,
            "name": "Corporate Sites WAF",
            "productionVersion": 1,
            "stagingVersion": 2,
            "productionHostnames": [
                "example.com",
                "www.example.net",
                "m.example.com"
            ]
        }
    ]
}

Configuration members

Member Type Required Description
Configuration: Contains details about a security configuration.
description String Describes the security configuration.
id Integer Uniquely identifies the security configuration.
latestVersion Integer The latest version of the security configuration.
name String The security configuration name.
productionHostnames Array The list of hostnames protected by this security configuration in the production network.
productionVersion Integer The latest security configuration version active in the production network.
stagingVersion Integer The latest security configuration version active in the staging network.

RenameConfiguration

Contains details of a security configuration.

Download schema: configRename.json

Sample PUT request:

{
    "name": "newapitest",
    "description": "description1"
}

RenameConfiguration members

Member Type Required Description
RenameConfiguration: Contains details of a security configuration.
description String Describes the security configuration.
name String The name you assigned to the security configuration.

ContractGroup

Specifies contracts and groups that have Kona Site Defender or Web Application Firewall.

Download schema: contractGroups.json

Sample GET response:

{
    "contract_groups": [
        {
            "contractId": "C-AVLN15",
            "displayName": "Acklands Grainger",
            "groupId": 42085
        },
        {
            "contractId": "C-AVLN15",
            "displayName": "AltQ",
            "groupId": 51308
        },
        {
            "contractId": "C-AVLN15",
            "displayName": "BV QA",
            "groupId": 41118
        }
    ]
}

ContractGroup members

Member Type Required Description
ContractGroup: Specifies contracts and groups that have Kona Site Defender or Web Application Firewall.
contractId String A unique identifier for a contract.
displayName String The display name for a contract group pair.
groupdId Integer A unique identifier for a group.

VersionList

Contains details about a security configuration’s versions.

Download schema: wafConfigVersionListDto.json

Sample GET response:

{
    "totalSize": 3,
    "pageSize": 3,
    "page": 1,
    "configId": 8277,
    "configName": "TestConfig",
    "stagingExpediteRequestId": 5861,
    "productionExpediteRequestId": 6951,
    "productionActiveVersion": 9,
    "stagingActiveVersion": 8,
    "lastCreatedVersion": 9,
    "versionList": [
        {
            "version": 9,
            "versionNotes": "Membership Benefits",
            "createDate": "2013-10-07T17:58:52Z",
            "createdBy": "user1",
            "basedOn": 8,
            "production": {
                "status": "Active",
                "time": "2014-07-08T07:40:00Z"
            },
            "staging": {
                "status": "Inactive"
            }
        },
        {
            "version": 8,
            "versionNotes": "Membership Benefits",
            "createDate": "2013-10-07T17:41:52Z",
            "createdBy": "user2",
            "basedOn": 7,
            "production": {
                "status": "Inactive"
            },
            "staging": {
                "status": "Active",
                "time": "2014-07-08T07:40:00Z"
            }
        },
        {
            "version": 7,
            "versionNotes": "Membership Benefits",
            "createDate": "2013-08-07T17:41:52Z",
            "createdBy": "user3",
            "production": {
                "status": "Inactive"
            },
            "staging": {
                "status": "Inactive"
            }
        }
    ]
}

VersionList members

Member Type Required Description
VersionList: Contains details about a security configuration’s versions.
configId Integer Uniquely identifies the security configuration.
configName String The name you assigned to the security configuration.
lastCreatedVersion Integer The version number of the security configuration that you created most recently.
page Integer The current page number.
pageSize Integer Represents the number of items per page.
productionActiveVersion Integer The version number of the security configuration that is currently active on the production network.
productionExpediteRequestId Integer Uniquely identifies the expedite activation request of the configuration version on the production network.
stagingActiveVersion Integer The version number of the security configuration that is currently active on the staging network.
stagingExpediteRequestId Integer Uniquely identifies the expedite activation request of the configuration version on the staging network.
totalSize Integer The total number of configuration versions.
versionList Version array The security configuration’s versions.

Version

Contains configuration version details.

Download schema: wafConfigVersionDto.json

Sample full GET response:

{
    "configId": 8277,
    "configName": "TestConfig",
    "version": 2,
    "versionNotes": "Membership Benefits",
    "createDate": "2013-10-07T17:58:52Z",
    "createdBy": "user1",
    "basedOn": 1,
    "production": {
        "status": "Active",
        "time": "2014-07-08T07:40:00Z"
    },
    "staging": {
        "status": "Inactive"
    }
}

Version members

Member Type Required Description
Version: Contains configuration version details.
basedOn Integer Read-only. The version from which you cloned this version.
configId Integer Read-only. Uniquely identifies the security configuration.
configName String The security configuration name.
createDate String Read-only. The date when you created the configuration version.
createdBy String Read-only. The user who created the configuration version.
production Version.production Read-only. The activation status of the configuration version in the production network.
staging Version.staging Read-only. The activation status of the configuration version in the staging network.
version Integer The security configuration version.
versionNotes String The notes you entered for the configuration version.
Version.production: The activation status of the configuration version in the production network.
action Enumeration The action taken on the configuration version. Either ACTIVATE or DEACTIVATE.
status Enumeration The activation status, either Pending, Active, Inactive, Deactivated, or Failed.
time String The activation time.
Version.staging: The activation status of the configuration version in the staging network.
action Enumeration The action taken on the configuration version. Either ACTIVATE or DEACTIVATE.
status Enumeration The activation status, either Pending, Active, Inactive, Deactivated, or Failed.
time String The ISO 8601 timestamp indicating the activation time.

VersionNotes

Specifies the setting for a version note update request.

Download schema: versionNotesSetRequest.json

VersionNotes members

Member Type Required Description
VersionNotes: Specifies the setting for a version note update request.
notes String The version notes.

ConfigurationClone

Specifies the settings for a new clone of a security configuration.

Download schema: configCloneCreate.json

Sample POST request:

{
    "createFromVersion": 1,
    "ruleUpdate": false
}

ConfigurationClone members

Member Type Required Description
ConfigurationClone: Specifies the settings for a new clone of a security configuration.
createFromVersion Integer The configuration version to clone from.
ruleUpdate Boolean Specifies whether the application rules should be migrated to the latest version.

SelectableHostnames

Contains the list of hostnames available for protection and its details.

Download schema: hostInfoInConfiguration.json

Sample GET response:

{
    "configId": 123,
    "configVersion": 2,
    "protectARLInclusionHost": true,
    "availableSet": [
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 5443,
            "configNameInProduction": "WAF Security File",
            "hostname": "example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": false,
            "activeInStaging": true,
            "configIdInProduction": 11882,
            "configNameInProduction": "A PUBLIC CONFIG",
            "hostname": "www.example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 6018,
            "configNameInProduction": "Other Security Configuration",
            "hostname": "www.example-123.com"
        }
    ],
    "errorSet": [
        {
            "hostname": "*.example.net",
            "reason": "property is not active in either production or staging",
            "reasonCode": 400
        },
        {
            "hostname": "test-example.net",
            "reason": "You don't have access to this property",
            "reasonCode": 403
        }
    ],
    "selectedSet": [
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 11887,
            "configNameInProduction": "Rbac Test Config",
            "hostname": "m.example.com"
        },
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": null,
            "configNameInProduction": null,
            "hostname": "m.example-123.com"
        }
    ]
}

SelectableHostnames members

Member Type Required Description
SelectableHostnames: Contains the list of hostnames available for protection and its details.
availableSet Set array The available hosts set for the current user.
configId Integer Uniquely identifies the security configuration.
configVersion Integer The security configuration version.
errorSet SelectableHostnames.errorSet[] The requested hosts aren’t available in this configuration version.
protectARLInclusionHost Boolean Whether the host defined in the ARL file has legacy WAF enabled in the configuration.
selectedSet Set array The selected set of hostnames in this configuration version.
SelectableHostnames.errorSet[]: The requested hosts aren’t available in this configuration version.
hostname String The hostname that triggers an error.
reason String The reason why the hosts aren’t protectable in this configuration version.
reasonCode Integer The error status code for the hostname.

Set

Contains details about the hostname and its status.

Download schema: hostNameObject.json

Set members

Member Type Required Description
Set: Contains details about the hostname and its status.
activeInProduction Boolean Whether the hostname is active in the production network.
activeInStaging Boolean Whether the hostname is active in the staging network.
arlInclusion Boolean Whether the hostname is Akamai Resource Locator (ARL) included.
configIdInProduction Integer Uniquely identifies the configuration that protects the hostname.
configNameInProduction String The name of the configuration that protects the hostname.
hostname String The hostname.

SelectedHostnames

Contains a list of selected hostnames for the specified configuration version.

Download schema: hostnameList.json

Sample GET response:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}

SelectedHostnames members

Member Type Required Description
SelectedHostnames: Contains a list of selected hostnames for the specified configuration version.
hostnameList SelectedHostnames.hostnameList[] The list of hostnames for a configuration version.
SelectedHostnames.hostnameList[]: The list of hostnames for a configuration version.
hostname String The hostname.

SecurityPolicy

Specifies the details of a security policy.

Download schema: securityPolicyDto.json

Sample POST response:

{
    "configId": 1232,
    "version": 8,
    "policies": [
        {
            "policyId": "NN3_61",
            "policyName": "NN FW 3",
            "hasRatePolicyWithApiKey": true,
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": true,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            }
        },
        {
            "policyId": "NN_2",
            "policyName": "NN FW 1",
            "hasRatePolicyWithApiKey": false,
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": false,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            }
        },
        {
            "policyId": "NN-2_3",
            "policyName": "NN FW 2",
            "hasRatePolicyWithApiKey": true,
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": false,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            }
        }
    ]
}

SecurityPolicy members

Member Type Required Description
SecurityPolicy: Specifies the details of a security policy.
configId Integer Uniquely identifies the security configuration.
hasRatePolicyWithApiKey Boolean Indicates whether this security policy has a rate policy which has API_KEY as a client identifier. APIs are managed using the API Endpoint Definition API.
policyId String Uniquely identifies the security policy.
policyName String The name of the security policy.
policySecurityControls SecurityControls The status of security controls defined in the security policy.
version Integer The version number of the security configuration.

SecurityPolicyClone

Specifies the settings for a new clone of a security policy.

Download schema: securityPolicyCloneRequest.json

Sample POST request:

{
    "createFromSecurityPolicy": "1_35752",
    "policyName": "Open Cloned IV 2",
    "policyPrefix": "bt17"
}

SecurityPolicyClone members

Member Type Required Description
SecurityPolicyClone: Specifies the settings for a new clone of a security policy.
createFromSecurityPolicy String The unique identifier (policyId) of the source policy to create the new policy from.
defaultSettings String The default settings on the policy. If not provided, the defaultSettings is true.
policyName String The name of the security policy. If not provided, the system generates a name automatically with the pattern ‘clone from ’.
policyPrefix String The four-character alphanumeric string prefix for the policyId. If not provided, the prefix is autogenerated.

HeaderLog

Describes the security policy HTTP header-logging settings.

Download schema: policyHttpHeaderLoggingSetRequest.json

Sample PUT request:

{
    "override": true,
    "allowSampling": true,
    "cookies": {
        "type": "all"
    },
    "customHeaders": {
        "type": "exclude",
        "values": [
            "csdasdad"
        ]
    },
    "standardHeaders": {
        "type": "only",
        "values": [
            "Accept"
        ]
    }
}

HeaderLog members

Member Type Required Description
HeaderLog: Describes the security policy HTTP header-logging settings.
allowSampling Boolean Whether you enabled the header data sampling.
cookies HeaderLog.cookies When enabled, filter requests whose headers you log by cookie.
customHeaders HeaderLog.customHeaders When enabled, filter requests you log by custom headers you specify.
override Boolean When enabled, your security configuration won’t log any header data for security events triggered by settings in the security configuration.
standardHeaders HeaderLog.standardHeaders When enabled, filter requests you log by standard headers you specify.
HeaderLog.cookies: When enabled, filter requests whose headers you log by cookie.
type Enumeration Use all to log headers for all requests with any standard header. Use none to exclude headers for any requests with any standard header from logging. Use exclude to exclude headers for requests with specific standard headers. Use only to include headers for requests with specific standard headers.
values Array List of headers to include or exclude depending on the type setting.
HeaderLog.customHeaders: When enabled, filter requests you log by custom headers you specify.
type Enumeration Use all to log headers for all requests with any standard header. Use none to exclude headers for any requests with any standard header from logging. Use exclude to exclude headers for requests with specific standard headers. Use only to include headers for requests with specific standard headers.
values Array List of headers to include or exclude depending on the type setting.
HeaderLog.standardHeaders: When enabled, filter requests you log by standard headers you specify.
type Enumeration Use all to log headers for all requests with any standard header. Use none to exclude headers for any requests with any standard header from logging. Use exclude to exclude headers for requests with specific standard headers. Use only to include headers for requests with specific standard headers.
values Array List of headers to include or exclude depending on the type setting.

ConfigHeaderLog

The PUT Request JSON for HTTP Header Logging.

Download schema: httpHeaderLoggingSetRequest.json

Sample PUT request:

{
    "allowSampling": true,
    "cookies": {
        "type": "all"
    },
    "customHeaders": {
        "type": "exclude",
        "values": [
            "csdasdad"
        ]
    },
    "standardHeaders": {
        "type": "only",
        "values": [
            "Accept"
        ]
    }
}

ConfigHeaderLog members

Member Type Required Description
ConfigHeaderLog: The PUT Request JSON for HTTP Header Logging.
allowSampling Boolean Whether to enable HTTP Header logging
cookies ConfigHeaderLog.cookies Settings for cookie headers.
customHeaders ConfigHeaderLog.customHeaders Settings for custom headers.
standardHeaders ConfigHeaderLog.standardHeaders Settings for standard headers.
ConfigHeaderLog.cookies: Settings for cookie headers.
type Enumeration Use all to log headers for all requests with any standard header. Use none to exclude headers for any requests with any standard header from logging. Use exclude to exclude headers for requests with specific standard headers. Use only to include headers for requests with specific standard headers.
values Array List of headers to include or exclude depending on the type setting.
ConfigHeaderLog.customHeaders: Settings for custom headers.
type Enumeration Use all to log headers for all requests with any standard header. Use none to exclude headers for any requests with any standard header from logging. Use exclude to exclude headers for requests with specific standard headers. Use only to include headers for requests with specific standard headers.
values Array List of headers to include or exclude depending on the type setting.
ConfigHeaderLog.standardHeaders: Settings for standard headers.
type Enumeration Use all to log headers for all requests with any standard header. Use none to exclude headers for any requests with any standard header from logging. Use exclude to exclude headers for requests with specific standard headers. Use only to include headers for requests with specific standard headers.
values Array List of headers to include or exclude depending on the type setting.

PrefetchRequest

The PUT Request JSON for Prefetch Requests.

Download schema: prefetchRequestSetRequest.json, prefetchRequestGetSuccess.json

Sample PUT request:

{
    "allExtensions": false,
    "enableAppLayer": true,
    "enableRateControls": false,
    "extensions": [
        "cgi",
        "jsp",
        "EMPTY_STRING",
        "aspx",
        "py",
        "php",
        "asp"
    ]
}

Sample GET response:

{
    "allExtensions": false,
    "enableAppLayer": true,
    "enableRateControls": false,
    "extensions": [
        "cgi",
        "jsp",
        "EMPTY_STRING",
        "aspx",
        "py",
        "php",
        "asp"
    ]
}

PrefetchRequest members

Member Type PUT GET Description
PrefetchRequest: The PUT Request JSON for Prefetch Requests.
allExtensions Boolean Whether to enable prefetch requests for all extensions.
enableAppLayer Boolean Whether to enable Prefetch Requests.
enableRateControls Boolean Whether to enable Prefetch Requests for rate controls.
extensions Array List of extensions.

PragmaHeader

Describes which headers you can exclude from inspection when you pass a Pragma debug header.

Download schema: pragmaHeaderDto.json

Sample PUT response:

{
    "action": "REMOVE",
    "conditionOperator": "AND",
    "excludeCondition": [
        {
            "type": "requestHeaderValueMatch",
            "positiveMatch": true,
            "header": "accept",
            "value": [
                "application/json",
                "application/xml"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "ipMatch",
            "positiveMatch": true,
            "value": [
                "1.1.1.1",
                "192.168.100.14/24"
            ],
            "useHeaders": false
        },
        {
            "type": "networkList",
            "positiveMatch": true,
            "value": [
                "123_3ALLOWEDIPS"
            ]
        },
        {
            "type": "queryParamNameValueMatch",
            "positiveMatch": true,
            "name": "type",
            "value": [
                "type A",
                "type B"
            ],
            "valueCase": true,
            "valueWildcard": false
        }
    ]
}

PragmaHeader members

Member Type Required Description
PragmaHeader: Describes which headers you can exclude from inspection when you pass a Pragma debug header.
action Enumeration The action to perform when a user passes a Pragma header. The only action currently supported is REMOVE.
conditionOperator Enumeration Use OR to match any condition, or AND to match on all conditions.
excludeCondition PragmaHeader.excludeCondition The conditions to exclude from the default remove action. Any condition you set in this object appears in the Pragma header debug response object.
PragmaHeader.excludeCondition: The conditions to exclude from the default remove action. Any condition you set in this object appears in the Pragma header debug response object.
header String The name of the request header. In the example, accept.
name String The name of the request header to ignore from inspection. In the example, type.
positiveMatch Boolean When true, matches the selected values. When false, matches on anything outside the selected values.
type Enumeration The header value you want to appear in the response. You can choose from requestHeaderValueMatch, ipMatch, networkList, or queryParamNameValueMatch.
useHeaders Boolean Whether the condition should include the X-Forwarded-For header (XFF) header. This only applies when the condition type is IP_MATCH or NETWORK_LIST.
value Array List of header values, query parameter values, IP addresses, or names of network lists. To manage networks lists, use the Network Lists API.
valueCase Boolean Whether to consider the case-sensitivity of the provided header value. This only applies when the condition type is REQUEST_HEADER_VALUE_MATCH.
valueWildcard Boolean Whether the provided header value includes wildcards, such as * or ?. This only applies to the REQUEST_HEADER_VALUE_MATCH condition type.

HostnameCoverage

Describes the coverage status for hostnames.

Download schema: hostnameCoverageGetSuccess.json

Sample GET response:

{
    "hostnameCoverage": [
        {
            "configuration": {
                "id": 30141,
                "name": "Grainger Mexico",
                "version": 37
            },
            "status": "covered",
            "hasMatchTarget": true,
            "hostname": "miembrosdeequipo.grainger.com.mx",
            "policyNames": [
                "Grainger Mexico"
            ]
        },
        {
            "configuration": {
                "id": 55851,
                "name": "WFSLTD and API gateway portal",
                "version": 2
            },
            "status": "covered",
            "hasMatchTarget": true,
            "hostname": "apiportal.grainger.com",
            "policyNames": [
                "AAG Sites"
            ]
        },
        {
            "configuration": {
                "id": 21246,
                "name": "Grainger Canada",
                "version": 53
            },
            "status": "covered",
            "hasMatchTarget": true,
            "hostname": "www.acklandsgrainger.com",
            "policyNames": [
                "Grainger Canada"
            ]
        }
    ]
}

HostnameCoverage members

Member Type Required Description
HostnameCoverage: Describes the coverage status for hostnames.
configuration HostnameCoverage.configuration The configuration details for hostname coverage.
hasMatchTarget Boolean Whether this hostname has a match target. Hostnames need at least one match target to be protected.
hostname String The hostname.
policyNames Array The policy name.
status Enumeration If covered, the hostname is protected by your security configuration. If not_covered, your hostname is not protected by your security configuration.
HostnameCoverage.configuration: The configuration details for hostname coverage.
id Integer The configuration ID.
name String The name of the configuration.
version String The configuration version number.

HostnameOverlap

Describes configurations that use the same hostname, causing overlapping coverage.

Download schema: hostnameCoverageOverlappingGetSuccess.json

HostnameOverlap members

Member Type Required Description
HostnameOverlap: Describes configurations that use the same hostname, causing overlapping coverage.
overLappingList HostnameOverlap.overLappingList[] The list of configurations that overlap coverage for the hostname.
HostnameOverlap.overLappingList[]: The list of configurations that overlap coverage for the hostname.
configId Integer The configuration ID.
configName String The configuration name.
configVersion Integer The configuration version.
contractId String The contract ID.
contractName String The contract name.
hostnames Array The version tag.

SecurityControls

Describes the operational status of security controls.

Download schema: securityControls.json

SecurityControls members

Member Type Description
SecurityControls: Describes the operational status of security controls.
applyApiConstraints Boolean Whether you enabled API constraints.
applyApplicationLayerControls Boolean Whether you enabled application layer controls.
applyBotmanControls Boolean Whether you enabled Bot Manager controls.
applyNetworkLayerControls Boolean Whether you enabled network layer controls.
applyRateControls Boolean Whether you enabled rate controls.
applyReputationControls Boolean Whether you enabled reputation controls.
applySlowPostControls Boolean Whether you enabled slow post controls.

Subscription

Specifies actions to subscribe a user to or remove a user from a subscription to tuning recommendation emails.

Download schema: appsecConfigSubscriptionRequest.json

Sample POST request:

{
    "action": "subscribe",
    "emails": [
        "subscriber1@email.com",
        "subscriber2@email.com",
        "subscriber3@email.com"
    ]
}

Subscription members

Member Type Required Description
Subscription: Specifies actions to subscribe a user to or remove a user from a subscription to tuning recommendation emails.
action Enumeration Use subscribe to add user emails to the subscription. Use unsubscribe to remove them from the subscription.
emails Array The user emails to add to or remove from subscription.

Upgrade

Specifies KRS rule set upgrade details.

Download schema: rulesGetUpgrade.json

Sample GET request:

{
    "current": "KRS 1.0 (Apr 20, 2020)",
    "evaluating": "KRS 1.0 (Mar 15, 2020)",
    "latest": "KRS 1.0 (June 15, 2020)",
    "KRSToEvalUpdates": {
        "updatedRules": [
            {
                "id": 3000080,
                "title": "Cross-site Scripting (XSS) Attack"
            },
            {
                "id": 3000081,
                "title": "PHP Injection Attack (Opening Tag)"
            }
        ],
        "newRules": [
            {
                "id": 3000082,
                "title": "Cross-site Scripting (XSS) Attack: Attribute Injection"
            },
            {
                "id": 3000083,
                "title": "IE XSS Filters - Attack Detected"
            }
        ]
    },
    "EvalToEvalUpdates": {
        "newRules": [
            {
                "id": 3000090,
                "title": "Cross-site Scripting (XSS) Attack: Attribute Injection"
            }
        ]
    },
    "KRSToLatestUpdates": {
        "deletedRules": [
            {
                "id": 3000048,
                "title": "MSSQL Code Execution and Information Gathering Attempts"
            }
        ],
        "newRules": [
            {
                "id": 3000090,
                "title": "Remote File Inclusion Attack"
            },
            {
                "id": 3000091,
                "title": "IE XSS Filters"
            }
        ]
    }
}

Upgrade members

Member Type Required Description
Upgrade: Specifies KRS rule set upgrade details.
current String The version of the KRS rule set you currently have.
evalToEvalUpdates Upgrade.evalToEvalUpdates Lists available updates to rules you’re currently evaluating but have not yet upgraded to.
evaluating String The rule set you are currently evaluating.
krsToEvalUpdates Upgrade.krsToEvalUpdates Lists any available updates for KRS rules. If the updatedRules array is empty, you have the latest available versions already.
krsToLatestUpdates Upgrade.krsToLatestUpdates Lists any available KRS rule updates for rules that have been added, deleted, or modified. If you’re evaluating rules, these updates may be newer than rules you’re evaluating.
latest String The latest available KRS rule set version.
Upgrade.evalToEvalUpdates: Lists available updates to rules you’re currently evaluating but have not yet upgraded to.
deletedRules Rule array The deleted rules.
newRules Rule array The new rules.
updatedRules Rule array The updated rules.
Upgrade.krsToEvalUpdates: Lists any available updates for KRS rules. If the updatedRules array is empty, you have the latest available versions already.
deletedRules Rule array The deleted rules.
newRules Rule array The new rules.
updatedRules Rule array The updated rules.
Upgrade.krsToLatestUpdates: Lists any available KRS rule updates for rules that have been added, deleted, or modified. If you’re evaluating rules, these updates may be newer than rules you’re evaluating.
deletedRules Rule array The deleted rules.
newRules Rule array The new rules.
updatedRules Rule array The updated rules.

Rule

The updated rules.

Download schema: rule.json

Rule members

Member Type Required Description
Rule: The updated rules.
id Integer Uniquely identifies the rule.
title String The rule title.

EvalRule

The GET Response JSON for eval rule actions.

Download schema: securityPolicyGetEvalRuleActionsSuccess.json, securityPolicySetEvalRuleActionRequest.json

Sample GET request:

{
    "evalRuleActions": [
        {
            "action": "alert",
            "id": 699989
        },
        {
            "action": "alert",
            "id": 699990
        },
        {
            "action": "alert",
            "id": 699991
        },
        {
            "action": "alert",
            "id": 699992
        },
        {
            "action": "alert",
            "id": 699993
        },
        {
            "action": "alert",
            "id": 699994
        }
    ]
}

Sample PUT request:

{
    "action": "alert"
}

EvalRule members

Member Type GET PUT Description
EvalRule: The GET Response JSON for eval rule actions.
action Enumeration The rule’s action, either alert, deny, or none. If the action is none, the rule is inactive in the policy.
evalRuleActions EvalRule.evalRuleActions[] Rule Action JSON Properties.
EvalRule.evalRuleActions[]: Rule Action JSON Properties.
action Enumeration The list of rule actions, either alert, deny, or none. Use deny_custom_{custom_deny_id} to apply a custom action instead of Akamai’s default. Run Modify a custom deny action to manage your custom deny actions. If the action is none, the rule is inactive in the policy.
id Integer The unique identifier for each rule.

EvalMode

Contains setting for eval mode action.

Download schema: evalMode.json

Sample GET response:

{
    "mode": "KRS",
    "current": "KRS 1.0 (Apr 20, 2020)",
    "eval": "enabled",
    "evaluating": "KRS 1.0 (June 25, 2020)",
    "expires": "2020-08-08T00:00:00Z"
}

EvalMode members

Member Type Required Description
EvalMode: Contains setting for eval mode action.
eval Enumeration Set eval to start, stop, restart, complete, or update to manage the evaluation of new rules you want to test before you upgrade. If you set eval to start, restart, or update, the response object will have an eval value of enabled. The value is disabled for requests of stop or complete. For more information see Set evaluation mode.

EvalHostname

Contains a list of evaluation hostnames for the specified configuration version.

Download schema: evalHostnames.json

Sample GET response:

{
    "hostnames": [
        "*.example.net",
        "example.com",
        "m.example.com"
    ]
}

EvalHostname members

Member Type Required Description
EvalHostname: Contains a list of evaluation hostnames for the specified configuration version.
hostnames Array The hostnames to match the request on.

HostnameTarget

Contains details about a hostname coverage match target.

Download schema: hostnameCoverageMatchTarget.json

Sample GET response:

{
    "matchTargets": {
        "apiTargets": [],
        "websiteTargets": [
            {
                "bypassNetworkLists": [
                    {
                        "id": "1410_BYPASSWAFLIST",
                        "name": "gus - BypassWAFList"
                    }
                ],
                "configId": 2481,
                "configVersion": 428,
                "defaultFile": "NO_MATCH",
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyBotmanControls": true,
                    "applyNetworkLayerControls": true,
                    "applyPageIntegrityControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": true
                },
                "fileExtensions": [],
                "filePaths": [
                    "/content/tealeaf"
                ],
                "firewallPolicy": {
                    "evaluated": false,
                    "policyId": "GRD_4186",
                    "policyName": "Grainger USA",
                    "policySecurityControls": {
                        "applyApiConstraints": false,
                        "applyApplicationLayerControls": true,
                        "applyBotmanControls": true,
                        "applyNetworkLayerControls": true,
                        "applyPageIntegrityControls": false,
                        "applyRateControls": true,
                        "applyReputationControls": true,
                        "applySlowPostControls": true
                    }
                },
                "hostnames": [
                    "failover-m.lt.gcom.grainger.com",
                    "www.grainger.com",
                    "m.grainger.com",
                    "failover-m.lt2.gcom.grainger.com",
                    "keepstockselectiontool.grainger.com",
                    "failover-m.grainger.com",
                    "m.new.grainger.com",
                    "template-www.grainger.com",
                    "a.gc1.co",
                    "safety.grainger.com",
                    "static.grainger.net",
                    "failover-www.grainger.com",
                    "s.gc1.co",
                    "static.grainger.com",
                    "lt2.gcom.grainger.com",
                    "m.lt2.gcom.grainger.com",
                    "images.grainger.com",
                    "akamai-test.qa.graingercloud.com",
                    "failover-lt2.gcom.grainger.com",
                    "www.keepstocksecuredemo.com",
                    "waffailover.grainger.com",
                    "espanol.grainger.com"
                ],
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "isTargetSecurityControlsEditable": false,
                "logicalId": 1730010,
                "sequence": 3,
                "targetId": 2555705,
                "targetSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyNetworkLayerControls": true,
                    "applyPageIntegrityControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": true
                },
                "type": "website"
            }
        ]
    }
}

HostnameTarget members

Member Type Required Description
HostnameTarget: Contains details about a hostname coverage match target.
apis HostnameTarget.apis[] The list of API endpoint identifiers and names. This applies only for api match targets.
bypassNetworkLists HostnameTarget.bypassNetworkLists[] The network lists’ identifiers and names in the match target.
defaultFile Enumeration Describes the rule to match on paths. Either NO_MATCH not to match on the default file, BASE_MATCH to match only requests for top-level hostnames ending in a trailing slash, or RECURSIVE_MATCH to match all requests for paths that end in a trailing slash. The default value is NO_MATCH.
effectiveSecurityControls HostnameTarget.effectiveSecurityControls Read-only. The security controls to apply. For a security control to be effectively turned on, you must enable it in both the match target and the security policy.
fileExtensions Array The list of file extensions to apply the match target to.
filePaths Array The list of file paths to apply the match target to.
hostnames Array The list of hostnames to protect.
isNegativeFileExtensionMatch Boolean Whether the match target applies when a match is found in the specified fileExtensions or when a match isn’t found.
isNegativePathMatch Boolean Whether the match target applies when a match is found in the specified filePaths or when a match isn’t found.
securityPolicy HostnameTarget.securityPolicy The security policy associated with the match target.
sequence Integer The match target’s position in the sequence of match targets.
targetId Integer Uniquely identifies the match target.
type Enumeration The type of match target. Either website or api.
validations HostnameTarget.validations Read-only. Contains details about warnings, errors, or notices determined by a validation of this resource.
HostnameTarget.apis[]: The list of API endpoint identifiers and names. This applies only for api match targets.
id Integer Uniquely identifies the API endpoint.
name String The API endpoint name.
HostnameTarget.bypassNetworkLists[]: The network lists’ identifiers and names in the match target.
id String Uniquely identifies the network list.
name String The name you assigned to the network list.
HostnameTarget.effectiveSecurityControls: The security controls to apply. For a security control to be effectively turned on, you must enable it in both the match target and the security policy.
applyApiConstraints Boolean Whether you enabled API constraints.
applyApplicationLayerControls Boolean Whether you enabled application layer controls.
applyBotmanControls Boolean Whether you enabled Bot Manager controls.
applyNetworkLayerControls Boolean Whether you enabled network layer controls.
applyRateControls Boolean Whether you enabled rate controls.
applyReputationControls Boolean Whether you enabled reputation controls.
applySlowPostControls Boolean Whether you enabled slow post controls.
HostnameTarget.securityPolicy: The security policy associated with the match target.
policyId String Uniquely identifies the security policy.
HostnameTarget.validations: Contains details about warnings, errors, or notices determined by a validation of this resource.
errors HostnameTarget.validations.errors[] Contains feedback on validation.
notices HostnameTarget.validations.notices[] Contains feedback on validation.
warnings HostnameTarget.validations.warnings[] Contains feedback on validation.
HostnameTarget.validations.errors[]: Contains feedback on validation.
detail String The explanation of the error message.
fieldName String The name of the field causing the validation problem.
jsonReference String The JSON reference to the field in the resource.
title String The title for the error.
type String The URL for the error type.
HostnameTarget.validations.notices[]: Contains feedback on validation.
detail String The explanation of the error message.
fieldName String The name of the field causing the validation problem.
jsonReference String The JSON reference to the field in the resource.
title String The title for the error.
type String The URL for the error type.
HostnameTarget.validations.warnings[]: Contains feedback on validation.
detail String The explanation of the error message.
fieldName String The name of the field causing the validation problem.
jsonReference String The JSON reference to the field in the resource.
title String The title for the error.
type String The URL for the error type.

Exception

Describes the conditions and exceptions you can configure in attack groups or KRS rules. When advanced is enabled, you can only specify attack group exception data in one basic or advancedExceptions section, and not both.

Download schema: securityPolicySetConditionExceptionRequest.json

Sample PUT request:

{
    "conditions": [
        {
            "type": "extensionMatch",
            "extensions": [
                "test"
            ],
            "positiveMatch": true
        },
        {
            "type": "filenameMatch",
            "filenames": [
                "test2"
            ],
            "positiveMatch": true
        },
        {
            "type": "hostMatch",
            "hosts": [
                "www.test.com"
            ],
            "positiveMatch": true
        },
        {
            "type": "ipMatch",
            "ips": [
                "123.123.123.123"
            ],
            "positiveMatch": true,
            "useHeaders": true
        },
        {
            "type": "uriQueryMatch",
            "caseSensitive": true,
            "name": "test3",
            "nameCase": false,
            "positiveMatch": true,
            "value": "test4",
            "wildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "header": "referer",
            "positiveMatch": true,
            "value": "test5",
            "valueCase": false,
            "valueWildcard": false
        },
        {
            "type": "requestMethodMatch",
            "methods": [
                "GET"
            ],
            "positiveMatch": true
        },
        {
            "type": "pathMatch",
            "paths": [
                "/test6"
            ],
            "positiveMatch": true
        }
    ],
    "exception": {
        "headerCookieOrParamValues": [
            "test"
        ],
        "specificHeaderCookieOrParamNameValue": {
            "name": "test",
            "selector": "REQUEST_HEADERS",
            "value": "test"
        },
        "specificHeaderCookieOrParamNames": [
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_HEADERS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "REQUEST_COOKIES"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "ARGS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "JSON_PAIRS"
            },
            {
                "names": [
                    "test"
                ],
                "selector": "XML_PAIRS"
            }
        ],
        "specificHeaderCookieOrParamPrefix": {
            "prefix": "test",
            "selector": "REQUEST_HEADERS"
        }
    }
}

Exception members

Member Type Required Description
Exception: Describes the conditions and exceptions you can configure in attack groups or KRS rules. When advanced is enabled, you can only specify attack group exception data in one basic or advancedExceptions section, and not both.
advancedExceptions Exception.advancedExceptions Describes the advanced exception members that allow you to conditionally exclude requests from inspection. This is only available for attack groups and when the advanced exception feature is enabled.
conditions Exception.conditions[] Describes what conditions can be set for an action to occur.
exception Exception.exception Describes the exception members that allow you to conditionally exclude requests from inspection.
Exception.advancedExceptions: Describes the advanced exception members that allow you to conditionally exclude requests from inspection. This is only available for attack groups and when the advanced exception feature is enabled.
conditions Exception.advancedExceptions.conditions[] Describes what conditions can be set for an action to occur.
headerCookieOrParamValues Exception.advancedExceptions.headerCookieOrParamValues[] The list of excepted values in headers, cookies, or query parameters.
specificHeaderCookieOrParamNameValue Exception.advancedExceptions.specificHeaderCookieOrParamNameValue[] Contains details about the excepted name-value pairs in a request.
specificHeaderCookieParamXmlOrJsonNames Exception.advancedExceptions.specificHeaderCookieParamXmlOrJsonNames[] Describes the advanced exception members that allow you to conditionally exclude requests from inspection. This is only available for attack groups and when the advanced exception feature is enabled.
Exception.advancedExceptions.conditions[]: Describes what conditions can be set for an action to occur.
caseSensitive Boolean Whether to consider the case-sensitivity of the provided query parameter value. This only applies to the uriQueryMatch condition type.
extensions Array The file extensions that trigger the condition. This only applies to the extensionMatch condition type.
filenames Array The filenames that trigger the condition. This only applies to the filenameMatch condition type.
header Enumeration The name of the HTTP header to check for. Either referer or user-agent. This only applies to the requestHeaderMatch condition type.
hosts Array The hostnames that trigger the condition. This only applies to the hostMatch condition type.
ips Array The IPs that trigger the condition. This only applies to the ipMatch condition type.
methods Array The HTTP request methods that trigger the condition. The possible values are GET, POST, HEAD, PUT, and DELETE. This only applies to the requestMethodMatch condition type.
name String The query parameter name that triggers the condition. This only applies to the uriQueryMatch condition type.
nameCase Boolean Whether to consider the case-sensitivity of the provided query parameter name. This only applies to the uriQueryMatch condition type.
paths Array The paths that trigger the condition. This only applies to the pathMatch condition type.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
type Enumeration The condition type to match on. See Export condition type values.
useHeaders Boolean Whether the condition should include X-Forwarded-For (XFF) header. This only applies to the ipMatch condition type.
value String The query parameter value if the condition type is uriQueryMatch and header value if the condition type is requestHeaderMatch. This only applies when the condition type is uriQueryMatch or requestHeaderMatch.
valueCase Boolean Whether to consider the case-sensitivity of the provided header value. This only applies to the requestHeaderMatch condition type.
valueWildcard Boolean Whether the provided header value is a wildcard. This only applies to the requestHeaderMatch condition type.
wildcard Boolean Whether the provided query parameter value is a wildcard. This only applies to the uriQueryMatch condition type.
Exception.advancedExceptions.headerCookieOrParamValues[]: The list of excepted values in headers, cookies, or query parameters.
criteria Exception.advancedExceptions.headerCookieOrParamValues[].criteria[] The host name and path criteria to limit the scope of exception.
values Array The list of request attribute names.
Exception.advancedExceptions.headerCookieOrParamValues[].criteria[]: The host name and path criteria to limit the scope of exception.
hostnames Array The list of excepted host names.
names Array The list of excepted names.
paths Array The list of excepted paths.
values Array The list of excepted values.
Exception.advancedExceptions.specificHeaderCookieOrParamNameValue[]: Contains details about the excepted name-value pairs in a request.
criteria Exception.advancedExceptions.specificHeaderCookieOrParamNameValue[].criteria[] The host name and path criteria to limit the scope of exception.
namesValues Exception.advancedExceptions.specificHeaderCookieOrParamNameValue[].namesValues[] A list of name-value pairs to except.
selector Enumeration The request attribute to exclude from inspection. See Exception selector values.
wildcard Boolean Whether the provided header name is a wildcard.
Exception.advancedExceptions.specificHeaderCookieOrParamNameValue[].criteria[]: The host name and path criteria to limit the scope of exception.
hostnames Array The list of excepted host names.
names Array The list of excepted names.
paths Array The list of excepted paths.
values Array The list of excepted values.
Exception.advancedExceptions.specificHeaderCookieOrParamNameValue[].namesValues[]: A list of name-value pairs to except.
names Array The list of request attribute names.
values Array The list of request attribute values.
Exception.advancedExceptions.specificHeaderCookieParamXmlOrJsonNames[]: Describes the advanced exception members that allow you to conditionally exclude requests from inspection. This is only available for attack groups and when the advanced exception feature is enabled.
criteria Exception.advancedExceptions.specificHeaderCookieParamXmlOrJsonNames[].criteria[] The host name and path criteria to limit the scope of exception.
names Array The list of request attribute names.
selector Enumeration The request attribute to exclude from inspection. See Exception selector values.
wildcard Boolean Whether the provided header name is a wildcard.
Exception.advancedExceptions.specificHeaderCookieParamXmlOrJsonNames[].criteria[]: The host name and path criteria to limit the scope of exception.
hostnames Array The list of excepted host names.
names Array The list of excepted names.
paths Array The list of excepted paths.
values Array The list of excepted values.
Exception.conditions[]: Describes what conditions can be set for an action to occur.
caseSensitive Boolean Whether to consider the case-sensitivity of the provided query parameter value. This only applies to the uriQueryMatch condition type.
extensions Array The file extensions that trigger the condition. This only applies to the extensionMatch condition type.
filenames Array The filenames that trigger the condition. This only applies to the filenameMatch condition type.
header Enumeration The name of the HTTP header to check for. Either referer or user-agent. This only applies to the requestHeaderMatch condition type.
hosts Array The hostnames that trigger the condition. This only applies to the hostMatch condition type.
ips Array The IPs that trigger the condition. This only applies to the ipMatch condition type.
methods Array The HTTP request methods that trigger the condition. The possible values are GET, POST, HEAD, PUT, and DELETE. This only applies to the requestMethodMatch condition type.
name String The query parameter name that triggers the condition. This only applies to the uriQueryMatch condition type.
nameCase Boolean Whether to consider the case-sensitivity of the provided query parameter name. This only applies to the uriQueryMatch condition type.
paths Array The paths that trigger the condition. This only applies to the pathMatch condition type.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
type Enumeration The condition type to match on. See Export condition type values.
useHeaders Boolean Whether the condition should include X-Forwarded-For (XFF) header. This only applies to the ipMatch condition type.
value String The query parameter value if the condition type is uriQueryMatch and header value if the condition type is requestHeaderMatch. This only applies when the condition type is uriQueryMatch or requestHeaderMatch.
valueCase Boolean Whether to consider the case-sensitivity of the provided header value. This only applies to the requestHeaderMatch condition type.
valueWildcard Boolean Whether the provided header value is a wildcard. This only applies to the requestHeaderMatch condition type.
wildcard Boolean Whether the provided query parameter value is a wildcard. This only applies to the uriQueryMatch condition type.
Exception.exception: Describes the exception members that allow you to conditionally exclude requests from inspection.
anyHeaderCookieOrParam Array The list of request attributes to treat as rule or attack group exceptions. The possible values are REQUEST_COOKIES, JSON_PAIRS for a JSON parameter, XML_PAIRS for an XML parameter, ARGS for a request parameter, and REQUEST_HEADERS for a request header. Use this option if you can’t get an exhaustive list of elements to exclude or the list is too large. You can exclude several attributes.
headerCookieOrParamValues Array The list of excepted values in headers, cookies, or query parameters.
specificHeaderCookieOrParamNames Exception.exception.specificHeaderCookieOrParamNames Contains details about the excepted request attribute name.
specificHeaderCookieOrParamNameValue Exception.exception.specificHeaderCookieOrParamNameValue Contains details about the excepted name-value pair in a request.
specificHeaderCookieOrParamPrefix Exception.exception.specificHeaderCookieOrParamPrefix Contains details about the excepted request attribute name prefix.
specificHeaderCookieParamXmlOrJsonNames Exception.exception.specificHeaderCookieParamXmlOrJsonNames[] Contains details about the excepted request attribute names. This is only available for attack groups and when advanced exception is not enabled.
Exception.exception.specificHeaderCookieOrParamNames: Contains details about the excepted request attribute name.
names Array The list of request attribute names.
selector Enumeration The request attribute that includes the excepted name. Either REQUEST_COOKIES, JSON_PAIRS for a JSON parameter, XML_PAIRS for an XML parameter, ARGS for a request parameter, or REQUEST_HEADERS for a request header.
Exception.exception.specificHeaderCookieOrParamNameValue: Contains details about the excepted name-value pair in a request.
name String The name of the request attribute.
selector Enumeration The request attribute that includes the excepted name-value pair. Either REQUEST_COOKIES, JSON_PAIRS for a JSON parameter, XML_PAIRS for an XML parameter, ARGS for a request parameter, or REQUEST_HEADERS for a request header.
value String The value of the request attribute.
Exception.exception.specificHeaderCookieOrParamPrefix: Contains details about the excepted request attribute name prefix.
prefix String The request attribute name prefix.
selector Enumeration The request attribute that includes the excepted name prefix. Either REQUEST_COOKIES, JSON_PAIRS for a JSON parameter, XML_PAIRS for an XML parameter, ARGS for a request parameter, or REQUEST_HEADERS for a request header.
Exception.exception.specificHeaderCookieParamXmlOrJsonNames[]: Contains details about the excepted request attribute names. This is only available for attack groups and when advanced exception is not enabled.
names Array The list of request attribute names.
selector Enumeration The request attribute to exclude from inspection. See Exception selector values.
wildcard Boolean Whether the provided header name is a wildcard.

Exception selector values

Selectors are segments of a request that Web Application Protector rules look in for attacks, which means no rule applies to an entire request all at once but by selector segment. You can use these selectors to add exceptions to your security policy rules. You can add exceptions to your rules if you know that the rules are throwing false positives, or you want to omit parts of a request from inspection.

For example,

Host: www.fakehostexample.com
Accept: application/json
Cookies: foo=examplecookie

{"first":1, "second":2, "third":3}

type value… Matches on…
ARGS_NAMES Argument names. In the example, session and fakeName.
ARGS A generic alias for the query string existing in both the body or the URL. Use this selector to match either the body or the URL.
REQUEST_HEADERS_NAMES The name of the request header to exclude from inspection. In the example, Host and Accept.
REQUEST_HEADERS The name and value of the request header. In the example, Host:www.fakehostexample.com and Accept:application/json.
REQUEST_COOKIES_NAMES The request cookie name value. In the example, foo.
REQUEST_COOKIES The request cookie name-value pair. In the example, foo=examplecookie.
JSON_NAMES The name of the JSON member. In the example, first, second, and third.
JSON_PAIRS Name/value pairs in JSON body. On its own, bypass network does all of them, json_pairs:”name of json key” will exclude that specific JSON name/value pair from inspection. In the example, "first":1, "second":2, and "third":3.
XML_PAIRS Name/value pairs in XML body.
REQUEST_PROTOCOL The request protocol to exclude from inspection. In the example, http.
REQUEST_METHOD The request method to exclude from inspection. In the example, GET.
REQUEST_URI The full URL segment without the request method. In the example, /one/two/three/four/my-file-name.mp3?session=3&name=fakeName.
QUERY_STRING In the example, 1?session=3&name=fakeName.
REQUEST_FILENAME The file name to exclude from inspection. In the example, my-file-name.mp3.
REQUEST_PATH_SEGMENT If *, the whole path is used. Otherwise, you can specify a part of the path. For example, /one/two/three/.
REQUEST_BODY The entire body of the request. In the example, {"first":1, "second":2, "third":3}
REQBODY_PROCESSOR_ERROR Whether an error occurred processing the request. Errors often indicate suspicious activity. It’s a good idea to inspect this element, and not exclude it from inspection.
FILES_NAMES name of MIME-encoded filename within a mime-encoded body to exclude from inspection.

MatchTarget

Contains information about a match target.

Download schema: matchTarget.json

Sample GET response:

{
    "targetId": 112231,
    "configId": 17027,
    "configVersion": 25,
    "type": "website",
    "sequence": 1,
    "isNegativePathMatch": false,
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "NO_MATCH",
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "effectiveSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": false,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": false
    },
    "bypassNetworkLists": [
        {
            "name": "Test network list 1",
            "id": "888518_ACDDCKERS"
        },
        {
            "name": "Test network list 2",
            "id": "1304427_AAXXBBLIST"
        }
    ]
}

MatchTarget members

Member Type Required Description
MatchTarget: Contains information about a match target.
apis MatchTarget.apis[] Contains a list of objects containing an API endpoint ID and name. This field applies only to API match targets.
bypassNetworkLists MatchTarget.bypassNetworkLists[] The list of network list identifiers and names.
configId Integer Uniquely identifies the security configuration.
configVersion Integer The version of security configuration.
defaultFile Enumeration Describes the rule to match on paths. Either NO_MATCH to not match on the default file, BASE_MATCH to match only requests for top-level hostnames ending in a trailing slash, or RECURSIVE_MATCH to match all requests for paths that end in a trailing slash.
effectiveSecurityControls SecurityControls Read-only. Defines the security controls to apply. For a security control to be effectively turned on, it has to be enabled in both the match target and the security policy.
fileExtensions Array The file extensions used in the path match.
filePaths Array The path used in the path match.
hostnames Array The hostnames to match the request on.
isNegativeFileExtensionMatch Boolean Describes whether the match target applies when a match is found in the specified fileExtensions or when a match isn’t found.
isNegativePathMatch Boolean Describes whether the match target applies when a match is found in the specified paths or when a match isn’t found.
securityPolicy MatchTarget.securityPolicy The security policy associated with the match target.
sequence Integer The position in the sequence of match targets.
targetId Integer Uniquely identifies the match target.
type Enumeration Describes the type of match target, either website or api.
validations MatchTarget.validations Read-only. Describes warnings, errors, or notices determined by a validation of this resource.
MatchTarget.apis[]: Contains a list of objects containing an API endpoint ID and name. This field applies only to API match targets.
id Integer Uniquely identifies the API endpoint.
name String The API endpoint name.
MatchTarget.bypassNetworkLists[]: The list of network list identifiers and names.
id String Uniquely identifies the network list.
name String The name of the network list.
MatchTarget.securityPolicy: The security policy associated with the match target.
policyId String Uniquely identifies the security policy.
MatchTarget.validations: Describes warnings, errors, or notices determined by a validation of this resource.
errors Validation array The list of errors.
notices Validation array The list of notices.
warnings Validation array The list of warnings.

CustomDeny

Contains details about a custom deny action.

Download schema: customDeny.json

Sample POST request:

{
    "description": "test description",
    "name": "new custom deny",
    "parameters": [
        {
            "displayName": "Prevent browser caching",
            "name": "prevent_browser_cache",
            "value": "true"
        },
        {
            "displayName": "Response body content",
            "name": "response_body_content",
            "value": "json desc"
        },
        {
            "displayName": "Response content type",
            "name": "response_content_type",
            "value": "application/xml"
        },
        {
            "displayName": "Response status code",
            "name": "response_status_code",
            "value": "403"
        }
    ]
}

CustomDeny members

Member Type Required Description
CustomDeny: Contains details about a custom deny action.
description String Describes the custom deny action.
id String Read-only. Uniquely identifies the custom deny action.
name String The name you assigned to the custom deny action.
parameters CustomDeny.parameters[] Contains a list of parameters for the custom deny action. These parameters are not the same type of parameters you usually include in the path of a request.
CustomDeny.parameters[]: Contains a list of parameters for the custom deny action. These parameters are not the same type of parameters you usually include in the path of a request.
displayName String The description of the custom deny parameter.
name Enumeration The custom deny parameter you choose instead of the Akamai default response. For available values, see Deny name values.
value String The value you assign to the custom deny parameter. For available values, see Deny name values.

Deny name values

These parameters help refine the custom deny action. You’ll create a custom deny response to use instead of Akamai’s default 403 response.

Parameter name Parameter value type Description
custom_deny_hostname Hostname Failover hostname for the failover site.
custom_deny_path URL path Locates your custom response page currently serving on the Akamai platform.
include_reference_id String A unique ID Akamai assigns to every request for tracking purposes.
include_true_ip Boolean The original connecting client IP address, not one from a X-Forwarded-For header.
prevent_browser_cache Boolean Choose this option to ensure nothing from the requesting browser is cached.
response_body_content String The body of your application/json or application/xml response.
response_content_type MIME type Whether your response body is application/json or application/xml.
response_header_name String The name of the custom response header you want to use to override Akamai’s standard response header.
response_header_value String The custom response header. For example, server: Apache.
response_status_code String The numerical response of the status code for your custom deny. The default response status code is 403. You can enter any numerical value between 100 and 999.

FailOverHostname

Contains a list of selected hostnames for the specified configuration version.

Download schema: hostnameList.json

Sample GET response:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}

FailOverHostname members

Member Type Required Description
FailOverHostname: Contains a list of selected hostnames for the specified configuration version.
hostnameList FailOverHostname.hostnameList[] The list of hostnames for a configuration version.
FailOverHostname.hostnameList[]: The list of hostnames for a configuration version.
hostname String The hostname.

IPGeoFirewall

Describes the mode of the IP Geo Firewall and the allowed and blocked IP lists.

Download schema: ipGeoFirewallSetRequest.json

Sample PUT response:

{
    "block": "blockSpecificIPGeo",
    "geoControls": {
        "blockedIPNetworkLists": {
            "networkList": [
                "72138_TEST1"
            ]
        }
    },
    "ipControls": {
        "allowedIPNetworkLists": {
            "networkList": [
                "56921_TEST"
            ]
        },
        "blockedIPNetworkLists": {
            "networkList": [
                "53712_TESTLIST123"
            ]
        }
    }
}

IPGeoFirewall members

Member Type Required Description
IPGeoFirewall: Describes the mode of the IP Geo Firewall and the allowed and blocked IP lists.
block Enumeration The method by which you block or allow requests by IP or geographic location. In Control Center, this is called mode. Use blockSpecificIPGeo to block any IPs, subnets, geographies, or network lists you specify. Use blockAllTrafficExceptAllowedIPs to allow requests from IPs, subnets, geographies or networks lists in your blockExceptions maintained in Network Lists API.
geoControls IPGeoFirewall.geoControls The network lists you block geographically.
ipControls IPGeoFirewall.ipControls The network lists you block or allow by IP.
IPGeoFirewall.geoControls: The network lists you block geographically.
blockedIPNetworkLists IPGeoFirewall.geoControls.blockedIPNetworkLists The list of networks. To edit the network lists, use the Network Lists API
IPGeoFirewall.geoControls.blockedIPNetworkLists: The list of networks. To edit the network lists, use the Network Lists API
networkList Array The specific network list you specify to block or allow, depending on the method you choose.
IPGeoFirewall.ipControls: The network lists you block or allow by IP.
allowedIPNetworkLists IPGeoFirewall.ipControls.allowedIPNetworkLists The list of networks. To edit the network lists, use the Network Lists API
blockedIPNetworkLists IPGeoFirewall.ipControls.blockedIPNetworkLists The list of networks. To edit the network lists, use the Network Lists API
IPGeoFirewall.ipControls.allowedIPNetworkLists: The list of networks. To edit the network lists, use the Network Lists API
networkList Array The specific network list you specify to block or allow, depending on the method you choose.
IPGeoFirewall.ipControls.blockedIPNetworkLists: The list of networks. To edit the network lists, use the Network Lists API
networkList Array The specific network list you specify to block or allow, depending on the method you choose.

BypassNetworkList

Contains bypass network lists for the specified configuration version.

Download schema: bypassNetworklists-put.json

Sample PUT response:

{
    "networkLists": [
        "1304427_AAXXBBLIST",
        "888518_ACDDCKERS"
    ]
}

BypassNetworkList members

Member Type Required Description
BypassNetworkList: Contains bypass network lists for the specified configuration version.
networkLists Array List of networkLists. The values are the networkLists’ IDs.

Validation

Contains feedback on validation.

Download schema: validation-dto.json

Validation members

Member Type Required Description
Validation: Contains feedback on validation.
detail String The explanation of the error message.
fieldName String The name of the field causing the validation problem.
jsonReference String The JSON reference to the field in the resource.
title String The title for the error.
type String The URL for the error type.

MatchTargetOrder

Contains match target settings and a list of objects containing match targets with their assigned sequence number.

Download schema: matchTargetsSequence.json

Sample PUT request:

{
    "type": "website",
    "targetSequence": [
        {
            "targetId": 1217289,
            "sequence": 1
        },
        {
            "targetId": 1217339,
            "sequence": 2
        }
    ]
}

MatchTargetOrder members

Member Type Required Description
MatchTargetOrder: Contains match target settings and a list of objects containing match targets with their assigned sequence number.
targetSequence MatchTargetOrder.targetSequence[] Contains the ID and sequence of a match target.
type Enumeration Describes the type of match target, either WEBSITE or API.
MatchTargetOrder.targetSequence[]: Contains the ID and sequence of a match target.
sequence Integer The position in the sequence of match targets.
targetId Integer Uniquely identifies the match target.

RatePolicy

Contains details about a rate policy.

Download schema: ratePolicy.json

Sample GET request:

{
    "ratePolicies": [
        {
            "id": 484616,
            "matchType": "path",
            "type": "WAF",
            "name": "Test_Paths 2",
            "description": "AFW Test Extensions",
            "averageThreshold": 5,
            "burstThreshold": 10,
            "clientIdentifier": "ip",
            "useXForwardForHeaders": true,
            "requestType": "ClientRequest",
            "sameActionOnIpv6": false,
            "path": {
                "positiveMatch": true,
                "values": [
                    "/login/",
                    "/path/"
                ]
            },
            "pathMatchType": "Custom",
            "pathUriPositiveMatch": true,
            "fileExtensions": {
                "positiveMatch": false,
                "values": [
                    "3g2",
                    "3gp",
                    "aif",
                    "aiff",
                    "au",
                    "avi",
                    "bin",
                    "bmp",
                    "cab"
                ]
            },
            "hostnames": [
                "www.ludin.org"
            ],
            "additionalMatchOptions": [
                {
                    "positiveMatch": true,
                    "type": "IpAddressCondition",
                    "values": [
                        "198.129.76.39"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "RequestMethodCondition",
                    "values": [
                        "GET"
                    ]
                }
            ],
            "queryParameters": [
                {
                    "name": "productId",
                    "values": [
                        "BUB_12",
                        "SUSH_11"
                    ],
                    "positiveMatch": true,
                    "valueInRange": false
                }
            ],
            "createDate": "2016-07-22 18:57:08.0",
            "updateDate": "2017-02-22 00:05:41.0",
            "used": false
        },
        {
            "id": 484617,
            "matchType": "api",
            "type": "WAF",
            "name": "Test_Paths 2",
            "description": "AFW Test Extensions",
            "averageThreshold": 5,
            "burstThreshold": 10,
            "clientIdentifier": "ip",
            "useXForwardForHeaders": true,
            "requestType": "ClientRequest",
            "sameActionOnIpv": false,
            "apiSelectors": [
                {
                    "apiDefinitionId": 602,
                    "resourceIds": [
                        748
                    ]
                }
            ],
            "fileExtensions": {
                "positiveMatch": false,
                "values": [
                    "avi",
                    "bmp",
                    "jpg"
                ]
            },
            "hostnames": [
                "www.soasta.com"
            ],
            "additionalMatchOptions": [
                {
                    "positiveMatch": false,
                    "values": [
                        "18198_DSWINTERNALTESTIPADDRES",
                        "7054_FEOSERVERS"
                    ],
                    "type": "NetworkListCondition"
                },
                {
                    "positiveMatch": false,
                    "values": [
                        "soasta",
                        "MovableInk"
                    ],
                    "type": "UserAgentCondition"
                }
            ],
            "queryParameters": [
                {
                    "name": "productId",
                    "values": [
                        "BUB_12",
                        "SUSH_11"
                    ],
                    "positiveMatch": true,
                    "valueInRange": false
                }
            ],
            "bodyParameters": [
                {
                    "name": "Country",
                    "values": [
                        "USA",
                        "Canada"
                    ],
                    "positiveMatch": true,
                    "valueInRange": false
                }
            ],
            "createDate": "2016-07-22 18:57:08.0",
            "updateDate": "2017-02-22 00:05:41.0",
            "used": false
        }
    ]
}

Sample PUT request:

{
    "id": 2234,
    "matchType": "path",
    "type": "WAF",
    "name": "Test_Paths 2",
    "description": "AFW Test Extensions",
    "averageThreshold": 5,
    "burstThreshold": 10,
    "clientIdentifier": "ip",
    "useXForwardForHeaders": true,
    "requestType": "ClientRequest",
    "sameActionOnIpv6": false,
    "path": {
        "positiveMatch": true,
        "values": [
            "/login/",
            "/path/"
        ]
    },
    "pathMatchType": "Custom",
    "pathUriPositiveMatch": true,
    "fileExtensions": {
        "positiveMatch": false,
        "values": [
            "3g2",
            "3gp",
            "aif",
            "aiff",
            "au",
            "avi",
            "bin",
            "bmp",
            "cab"
        ]
    },
    "hostnames": [
        "www.ludin.org"
    ],
    "additionalMatchOptions": [
        {
            "positiveMatch": true,
            "type": "IpAddressCondition",
            "values": [
                "198.129.76.39"
            ]
        },
        {
            "positiveMatch": true,
            "type": "RequestMethodCondition",
            "values": [
                "GET"
            ]
        }
    ],
    "queryParameters": [
        {
            "name": "productId",
            "values": [
                "BUB_12",
                "SUSH_11"
            ],
            "positiveMatch": true,
            "valueInRange": false
        }
    ]
}

RatePolicy members

Member Type Required Description
RatePolicy: Contains details about a rate policy.
additionalMatchOptions RatePolicy.additionalMatchOptions[] The list of additional match conditions.
apiSelectors RatePolicy.apiSelectors[] The API endpoints to match in incoming requests. This only applies to the api matchType.
averageThreshold Integer The allowed hits per second during any two-minute interval.
bodyParameters RatePolicy.bodyParameters[] The list of body parameters to match on.
burstThreshold Integer The allowed hits per second during any five-second interval.
clientIdentifier Enumeration The client identifier you want to use to identify and track request senders. The value is required only for WAF type, and api-key is supported only for API match criteria. Using ip-useragent is typically more specific than using ip alone when trying to identify a client. Tracking by cookie:value applies to requests per individual session, even if the IP address changes.
createDate String Read-only. The time stamp when you created the rate policy.
description String Descriptive text you provide about a policy.
fileExtensions RatePolicy.fileExtensions Contains the file extension match criteria.
hostnames Array The hostnames to match.
id Integer Read-only. Uniquely identifies each rate policy.
matchType Enumeration The match type in a rate policy. Either path to match website paths or api to match API paths.
name String The name you assign to a rate policy.
path RatePolicy.path Contains details about the path match criteria.
pathMatchType Enumeration The type of paths to match in incoming requests. Either AllRequests to match an empty path or any path that ends in a trailing slash (/), TopLevel to match top-level hostnames only, or Custom to match a specific path or path component. This applies only when the corresponding matchType member is path.
pathUriPositiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
queryParameters RatePolicy.queryParameters[] The list of query parameter objects to match on.
requestType Enumeration The type of requests to count towards the rate policy’s thresholds. Either ClientRequest to count client requests to edge servers, ClientResponse to count edge responses to the client, ForwardResponse to count origin responses to the client, or ForwardRequest to count edge requests to your origin.
sameActionOnIpv6 Boolean Whether to apply the same action to the IPv6 traffic as to the IPv4 traffic.
type Enumeration The rate policy type. Either WAF for Web Application Firewall, or BOTMAN for Bot Manager.
updateDate String Read-only. The ISO 8601 timestamp when you last updated the rate policy.
used Boolean Read-only. Whether you’re currently using the rate policy.
useXForwardForHeaders Boolean Whether to check the contents of the X-Forwarded-For header in incoming requests.
RatePolicy.additionalMatchOptions[]: The list of additional match conditions.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
type Enumeration The match condition type. See Export match condition type values.
values Array The list of values that trigger the condition on match.
RatePolicy.apiSelectors[]: The API endpoints to match in incoming requests. This only applies to the api matchType.
apiDefinitionId Integer Uniquely identifies each API endpoint.
resourceIds Array The unique identifiers of the endpoint’s resources.
RatePolicy.bodyParameters[]: The list of body parameters to match on.
name String The name you assign to a body parameter.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
valueInRange Boolean Whether to match a value inside or outside a range. The range format is min:max, for example: 2:4.
values Array The body parameter values.
RatePolicy.fileExtensions: Contains the file extension match criteria.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
values Array The file extensions to match on.
RatePolicy.path: Contains details about the path match criteria.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
values Array The list of paths to match on.
RatePolicy.queryParameters[]: The list of query parameter objects to match on.
name String The query parameter name.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
valueInRange Boolean Whether to match a value inside or outside a range. The range format is min:max, for example: 2:4.
values Array The list of query parameter values.

RatePolicyAction

Contains details about rate policy actions.

Download schema: ratePolicyActions.json

Sample PUT request:

{
    "ratePolicies": [
        {
            "id": 102718,
            "ipv4Action": "alert",
            "ipv6Action": "none"
        },
        {
            "id": 102719,
            "ipv4Action": "deny",
            "ipv6Action": "deny"
        },
        {
            "id": 102720,
            "ipv4Action": "alert",
            "ipv6Action": "deny"
        }
    ]
}

RatePolicyAction members

Member Type Required Description
RatePolicyAction: Contains details about rate policy actions.
ratePolicies RatePolicyAction.ratePolicies[] Contains settings for rate policy actions.
RatePolicyAction.ratePolicies[]: Contains settings for rate policy actions.
id String Read-only. Uniquely identifies each rate policy.
ipv4Action Enumeration The IPv4 action to assign to this rate policy, either alert, deny, or none. Use deny_custom_{custom_deny_id} to apply a custom action instead of Akamai’s default. Run Modify a custom deny action to manage your custom deny actions. If the action is none, the rate policy is inactive in the policy.
ipv6Action Enumeration The IPv6 action to assign to this rate policy, either alert, deny, or none. Use deny_custom_{custom_deny_id} to apply a custom action instead of Akamai’s default. Run Modify a custom deny action to manage your custom deny actions. If the action is none, the rate policy is inactive in the policy.

SlowPostProtection

Contains threshold and action settings for slow POST protection.

Download schema: slowPostProtectionDto.json

Sample GET request:

{
    "action": "alert",
    "slowRateThreshold": {
        "rate": 10,
        "period": 50
    },
    "durationThreshold": {
        "timeout": 5
    }
}

SlowPostProtection members

Member Type Required Description
SlowPostProtection: Contains threshold and action settings for slow POST protection.
action Enumeration Specifies the action that the rule should trigger. Either alert or abort.
durationThreshold SlowPostProtection.durationThreshold If the edge server doesn’t receive the first eight kilobytes of the POST body transfer within the specified time, the specified action in the policy is applied.
slowRateThreshold SlowPostProtection.slowRateThreshold The average rate in bytes per second over a period of time that you specify before an action (alert or abort) in the policy triggers. For example, if you set the slowRateThreshold to an average of 10 bytes per second in a 60 second period and a request comes in at an average of 5 bytes per second in a 60 second period, the action you specified in the policy triggers.
SlowPostProtection.durationThreshold: If the edge server doesn’t receive the first eight kilobytes of the POST body transfer within the specified time, the specified action in the policy is applied.
timeout Integer Number of seconds from the time a request starts to the value specified in the timeout. If the timeout value is reached, the action specified in the policy applies. For example, if the timeout is 30 seconds and a request reaches 30 seconds without completing, the action in the policy triggers.
SlowPostProtection.slowRateThreshold: The average rate in bytes per second over a period of time that you specify before an action (alert or abort) in the policy triggers. For example, if you set the slowRateThreshold to an average of 10 bytes per second in a 60 second period and a request comes in at an average of 5 bytes per second in a 60 second period, the action you specified in the policy triggers.
period Integer The slow rate period value. The amount of time in seconds of how long the server should accept a request to determine whether a POST request is too slow.
rate Integer The rate threshold value. How many bytes per second is considered a slow request. For example, 10 bytes or less per second.

CustomRule

Contains settings for a custom rule.

Download schema: customRule-schema.json, customRules-schema.json

Sample GET response:

{
    "id": 661699,
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1,
    "ruleActivated": false,
    "tag": [
        "test"
    ],
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "He",
                "H",
                "Li"
            ]
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": "HTTP/0.9"
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ]
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "H",
                "He",
                "Li"
            ]
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "valueCase": true,
            "valueWildcard": true,
            "value": [
                "O",
                "N",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "valueWildcard": true,
            "valueCase": true,
            "value": [
                "Carbon",
                "C"
            ]
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "valueWildcard": false,
            "valueCase": false,
            "value": [
                "Nitrogen",
                "N"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        },
        {
            "type": "clientCertPresentMatch",
            "positiveMatch": true
        },
        {
            "type": "clientCertValidMatch",
            "positiveMatch": true
        },
        {
            "type": "clientTlsFingerprintMatch",
            "positiveMatch": true,
            "value": [
                "aebbfa8e53e8661f"
            ]
        },
        {
            "type": "hostMatch",
            "positiveMatch": true,
            "value": [
                "Carbon.com",
                "Oxygen.info",
                "*.Nitrogen.gb"
            ]
        }
    ]
}

CustomRule members

Member Type Required Description
CustomRule: Contains settings for a custom rule.
conditions CustomRule.conditions[] Contains the details about the condition that triggers the custom rule.
description String The custom rule description.
id Integer Uniquely identifies the rule.
inspectRequest Boolean Read-only. Whether to inspect the HTTP request for unstructured custom rules.
inspectResponse Boolean Read-only. Whether to inspect the HTTP response for unstructured custom rules.
link String The link to the full custom rule definition. This member is only available when you run the List custom rules operation.
metadata String Read-only. The metadata you provided for unstructured custom rules.
name String The custom rule name.
ruleActivated Boolean Read-only. Whether the rule is active in the configuration.
status Enumeration The custom rule deployment status. Either activated if a rule is enabled in at least one security policy within a security configuration currently active in production, published if a rule is associated with at least one security policy in an inactive security configuration, or unused if a rule exists as a shared resource, but isn’t associated with any security policy. This member is only available when you run the List custom rules operation.
structured Boolean Read-only. Whether you created the rule with the structured custom rule builder or free-form XML.
tag Array A list of labels you assigned to a custom rule.
version Integer The custom rule version.
CustomRule.conditions[]: Contains the details about the condition that triggers the custom rule.
name Array, String The list of names that trigger the condition when matched or not matched. Depending on the condition type, can either be a string or an array.
nameCase Boolean Whether to consider the case-sensitivity of the provided query parameter name. This only applies to the uriQueryMatch condition type.
nameWildcard Boolean Whether the provided header name is a wildcard. This only applies to the requestHeaderMatch condition type.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
type Enumeration The type of condition. See CustomRule condition type values.
value Array, String The list of values that trigger the condition when matched or not matched. Depending on the condition type, can either be a string or an array.
valueCase Boolean Whether to consider the case-sensitivity of the provided header value. This only applies to the requestHeaderMatch condition type.
valueWildcard Boolean Whether the provided header value is a wildcard. This only applies to the requestHeaderMatch condition type.

CustomRule condition type values

You can specify any of these values as a CustomRule condition type:

type value… Matches on…
argsPostMatch POST request body parameters
argsPostNamesMatch POST request body parameter names
clientCertPresentMatch Presence of a client certificate
clientCertValidMatch Validity of a client certificate
clientTlsFingerprintMatch A client’s TLS fingerprint
cookieMatch Cookies
extensionMatch Extensions
filenameMatch File names
headerOrderMatch A specific order of headers
hostMatch Host templates
ipMatch IP addresses
pathMatch Paths
requestHeaderMatch Request headers
requestMethodMatch Request methods
requestProtocolVersionMatch Request protocol versions
uriQueryMatch Query parameters

CustomRuleActions

Contains settings for custom rule actions.

Download schema: customRuleActions.json

Sample GET response:

{
    "customRules": [
        {
            "action": "alert",
            "link": "/appsec/v1/configs/16400/custom-rules/622918",
            "name": "Custom Rule Example 1",
            "id": 622918
        },
        {
            "action": "none",
            "link": "/appsec/v1/configs/16400/custom-rules/657604",
            "name": "Custom Rule Example 2",
            "id": 657604
        },
        {
            "action": "deny",
            "link": "/appsec/v1/configs/16400/custom-rules/615894",
            "name": "Custom Rule Example 3",
            "id": 615894
        }
    ]
}

CustomRuleActions members

Member Type Required Description
CustomRuleActions: Contains settings for custom rule actions.
action Enumeration The action to assign to this custom rule, either alert, deny, or none. Use deny_custom_{custom_deny_id} to apply a custom action instead of Akamai’s default. Run Modify a custom deny action to manage your custom deny actions. If the action is none, the rule is inactive in the policy.
id Integer The rule ID.
link String Read-only. The link to additional information about the rule associated with this policy or the latest version of a rule if action is set to none (unassociated).
name String Read-only. The name you assign to the custom rule.
status Enumeration Read-only. The custom rule action’s activation status. The custom rule deployment status. Either activated if a rule is enabled in at least one security policy within a security configuration currently active in production, published if a rule is associated with at least one security policy in an inactive security configuration, or unused if a rule exists as a shared resource, but isn’t associated with any security policy.
version Integer Read-only. The rule version.

ApiConstraints

Sets various API constraint actions, which apply when an API constraint is triggered by a request.

Download schema: apiRequestConstraintsActionPutRequest.json

Sample PUT request:

{
    "action": "alert"
}

ApiConstraints members

Member Type Required Description
ApiConstraints: Sets various API constraint actions, which apply when an API constraint is triggered by a request.
action Enumeration The action to assign to API request constraints, either alert, deny, or none. Use deny_custom_{custom_deny_id} to apply a custom action instead of Akamai’s default. Run Modify a custom deny action to manage your custom deny actions. If the action is none, the rule is inactive in the policy.

ApiEndpoint

API Endpoint JSON Properties

Download schema: apiEndpoint.json

Sample GET request:

{
    "apiEndpoints": [
        {
            "id": 619183,
            "name": "Orders",
            "basePath": "/v1/orders",
            "apiEndPointHosts": [
                "sg.akamai.com"
            ],
            "stagingVersion": {
                "status": "ACTIVE",
                "versionNumber": 1
            },
            "productionVersion": {
                "status": "ACTIVE",
                "versionNumber": 1
            },
            "requestConstraintsEnabled": false
        },
        {
            "id": 624913,
            "name": "Catalog",
            "basePath": "/v1/catalog",
            "apiEndPointHosts": [
                "sg.akamai.com"
            ],
            "stagingVersion": {
                "status": "ACTIVE",
                "versionNumber": 1
            },
            "productionVersion": {
                "status": "ACTIVE",
                "versionNumber": 1
            },
            "requestConstraintsEnabled": true
        }
    ]
}

ApiEndpoint members

Member Type Required Description
ApiEndpoint: API Endpoint JSON Properties
apiEndPointHosts Array The set of hostnames that allow access to this API.
apiResources ApiEndpoint.apiResources[] A list of this API endpoint’s functional URL patterns.
basePath String The API endpoint’s base path.
categories ApiEndpoint.categories[] The categories this API endpoint belongs to.
id Number A unique identifier for an API endpoint.
name String The name for this API endpoint.
productionVersion ApiEndpoint.productionVersion Summarizes this API endpoint’s current deployment on Akamai’s production network.
requestConstraintsEnabled Boolean Whether to allow API constraints for this endpoint.
stagingVersion ApiEndpoint.stagingVersion Summarizes this API endpoint’s current deployment on Akamai’s staging network.
ApiEndpoint.apiResources[]: A list of this API endpoint’s functional URL patterns.
id Number A unique identifier an API resource.
name String The name for an API resource.
path String The path for an API resource.
ApiEndpoint.categories[]: The categories this API endpoint belongs to.
categoryId Number A unique identifier for a category.
categoryName String The name for a category.
ApiEndpoint.productionVersion: Summarizes this API endpoint’s current deployment on Akamai’s production network.
status String The production status.
versionNumber Number The production version number.
ApiEndpoint.stagingVersion: Summarizes this API endpoint’s current deployment on Akamai’s staging network.
status String The staging status.
versionNumber Number The staging version number.

AttackGroup

Describes the attack group object. Currently, the only member in an attack group object is the action.

Download schema: securityPolicyGetAttackGroupsActionsSuccess.json

Sample GET request:

{
    "attackGroupActions": [
        {
            "action": "deny",
            "group": "TOOL"
        },
        {
            "action": "none",
            "group": "PROTOCOL"
        },
        {
            "action": "alert",
            "group": "SQL"
        },
        {
            "action": "deny",
            "group": "XSS"
        },
        {
            "action": "deny",
            "group": "LFI"
        },
        {
            "action": "deny",
            "group": "RFI"
        },
        {
            "action": "deny",
            "group": "CMDI"
        },
        {
            "action": "none",
            "group": "PLATFORM"
        }
    ]
}

AttackGroup members

Member Type Required Description
AttackGroup: Describes the attack group object. Currently, the only member in an attack group object is the action.
attackGroupActions AttackGroup.attackGroupActions[] Attack Group JSON Properties.
AttackGroup.attackGroupActions[]: Attack Group JSON Properties.
action Enumeration The attack group action, either alert, deny, or none. If the action is none, the attack group is inactive in the security policy.
group String The ID for the attack group.

Mode

The GET Response JSON for the security policy mode

Download schema: securityPolicyGetModeSuccess.json

Sample GET response:

{
    "mode": "KRS",
    "current": "KRS 1.0 (Apr 20, 2020)",
    "eval": "disabled"
}

Mode members

Member Type Required Description
Mode: The GET Response JSON for the security policy mode
current String The current rule set version and the ISO 8601 date the rule set version was introduced. This date acts like a version number.
eval Boolean Whether the evaluation mode is enabled or disabled.
evaluating String The evaluation rule set version and the ISO 8601 date the evaluation starts.
expires String The ISO 8601 time stamp when the evaluation is expiring. This value only appears when eval is set to enabled.
mode Enumeration The security policy mode. Use KRS to update manually, or AAG to update automatically.

Action

Describes the members of a rule’s actions.

Download schema: securityPolicyGetRuleActionsSuccess.json

Sample GET response:

{
    "ruleActions": [
        {
            "action": "alert",
            "id": 699989
        },
        {
            "action": "alert",
            "id": 699990
        },
        {
            "action": "alert",
            "id": 699991
        },
        {
            "action": "alert",
            "id": 699992
        },
        {
            "action": "alert",
            "id": 699993
        },
        {
            "action": "alert",
            "id": 699994
        }
    ]
}

Action members

Member Type Required Description
Action: Describes the members of a rule’s actions.
ruleActions Action.ruleActions[] The list of rule actions, either alert, deny, deny_custom_{custom_deny_id}, or none. If the action is none, the rule is inactive in the policy.
Action.ruleActions[]: The list of rule actions, either alert, deny, deny_custom_{custom_deny_id}, or none. If the action is none, the rule is inactive in the policy.
action Enumeration The list of rule actions, either alert, deny, or none. Use deny_custom_{custom_deny_id} to apply a custom action instead of Akamai’s default. Run Modify a custom deny action to manage your custom deny actions. If the action is none, the rule is inactive in the policy.
id Integer The unique identifier for each rule.

PenaltyBox

Contains action settings for penalty box protection.

Download schema: penaltyBoxDto.json

Sample GET response:

{
    "action": "alert",
    "penaltyBoxProtection": true
}

PenaltyBox members

Member Type Required Description
PenaltyBox: Contains action settings for penalty box protection.
action Enumeration Specifies the action for penalty box. Either alert, deny, or none. Use deny_custom_{custom_deny_id} to apply a custom action instead of Akamai’s default. Run Modify a custom deny action to manage your custom deny actions.
penaltyBoxProtection Boolean Specifies whether penalty box protection is enabled for the security policy. When set to true the action occurs if triggered by a request.

ReputationProfile

Contains details about a reputation profile.

Download schema: reputationProfile.json

ReputationProfile members

Member Type Required Description
ReputationProfile: Contains details about a reputation profile.
condition ReputationProfile.condition Contains information about the criteria that trigger the reputation profile.
context Enumeration Identifies the reputation category. Web scrapers (WEBSCRP) crawl sites and collect data like hotel rates, product prices, store locations, and more. DoS attackers (DOSATCK) are web clients or botnets that use automated tools to launch volumetric Denial of Service (DoS) attacks. Web attackers (WEBATCK) target websites and web apps with techniques like SQL injection, remote file inclusion, or cross-site scripting. Scanning tools (SCANTL) probe web apps for vulnerabilities during an attack’s reconnaissance phase.
contextReadable String Read-only. Describes the reputation category.
description String Describes the reputation profile.
enabled Boolean Read-only. Whether you enabled the reputation profile.
id Integer Read-only. Uniquely identifies the reputation profile.
name String The name you assigned to the reputation profile.
sharedIpHandling Enumeration Identifies the IP sharing. Either NON_SHARED, SHARED_ONLY, BOTH.
threshold Number The threshold when the profile to triggers.
ReputationProfile.condition: Contains information about the criteria that trigger the reputation profile.
atomicConditions ReputationProfile.condition.atomicConditions[] The conditions that trigger the reputation profile.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
ReputationProfile.condition.atomicConditions[]: The conditions that trigger the reputation profile.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
type Enumeration The condition type. For available values, see Condition Values.
value Array The list of values that trigger the condition.
valueCase Boolean Whether to consider the character case when comparing the value string with the request value. The default is false, meaning that a value such as url would match a string UrL in the request.
valueWildcard Boolean Whether to treat the asterisk (*) and question mark (?) as wildcards when comparing the value string with the request value. Note that setting this to false isn’t supported by the host condition, and means that the value string must match exactly.

Condition values

Set these conditions to apply a reputation based on the content of the conditions. If you set multiple conditions, the request needs to match them all for the profile to apply.

Condition name Description
NetworkListCondition Apply the profile to requesting clients within specific network lists.
AsNumberCondition Autonomous System Number (ASN) identifies the network from which the request originated.
IpAddressCondition Apply the profile by the IP/CIDR of the requesting client.
RequestCookieCondition Apply the profile based on a cookie. Use the ? wildcard to replace any single character and * to replace a string of characters. You can also match on case sensitivity.
RequestHeaderCondition Match on a specific header and its value.
HostCondition Apply the reputation profile to specific domains. Use the ? wildcard to replace any single character and * to replace a string of characters.
UrlPatternCondition Apply the profile when a client requests a specific path.

ReputationProfileAction

The GET Response JSON for reputation profile actions.

Download schema: reputationProfileGetActionsSuccess.json

Sample GET request:

{
    "action": "alert"
}

ReputationProfileAction members

Member Type Required Description
ReputationProfileAction: The GET Response JSON for reputation profile actions.
reputationProfiles ReputationProfileAction.reputationProfiles[] Reputation Profile JSON Properties
ReputationProfileAction.reputationProfiles[]: Reputation Profile JSON Properties
action Enumeration The action for the reputation profile. Use alert to record the trigger of the event, deny to block the request, or none to take no action. Use deny_custom_{custom_deny_id} to apply a custom action instead of Akamai’s default. Run Modify a custom deny action to manage your custom deny actions.
id Integer The unique identifier for a Reputation Profile.

ReputationAnalysis

The PUT Request JSON for reputation analysis settings.

Download schema: reputationAnalysisSettingsPutRequest.json

Sample PUT request:

{
    "action": "alert"
}

ReputationAnalysis members

Member Type Required Description
ReputationAnalysis: The PUT Request JSON for reputation analysis settings.
forwardSharedIPToHTTPHeaderAndSIEM Boolean Whether to enable the option to add value indicating that shared IPs are included in HTTP header and SIEM integration when used.
forwardToHTTPHeader Boolean Whether to enable the option to add client reputation details to requests forwarded to origin in an HTTP header.

SIEM

Contains Security Information Event Management (SIEM) integration settings.

Download schema: siemSettings.json

Sample GET request:

{
    "enableForAllPolicies": false,
    "enableSiem": true,
    "enabledBotmanSiemEvents": false,
    "siemDefinitionId": 1,
    "firewallPolicyIds": [
        "qik2_38799",
        "4444_44572",
        "teet_39295",
        "ds22_48583"
    ]
}

SIEM members

Member Type Required Description
SIEM: Contains Security Information Event Management (SIEM) integration settings.
enabledBotmanSiemEvents Boolean Whether you enabled SIEM for the Bot Manager events.
enableForAllPolicies Boolean Whether you enabled SIEM for all the security policies in the configuration version.
enableSiem Boolean Whether you enabled SIEM in a security configuration version.
firewallPolicyIds Array The list of security policy identifiers for which to enable the SIEM integration.
siemDefinitionId Integer Uniquely identifies the SIEM settings.

Protections

The PUT Request JSON for security policy protections.

Download schema: securityPolicySetProtectionsRequest.json

Sample PUT request:

{
    "applyApiConstraints": false,
    "applyApplicationLayerControls": true,
    "applyNetworkLayerControls": true,
    "applyRateControls": true,
    "applySlowPostControls": true,
    "applyReputationControls": true
}

Protections members

Member Type Required Description
Protections: The PUT Request JSON for security policy protections.
applyApiConstraints Boolean When enabled, this protection responds to triggers with a specified action.
applyApplicationLayerControls Boolean When enabled, your security policy applies the Web Application Firewall controls to your traffic.
applyNetworkLayerControls Boolean When enabled, your security policy applies the network layer control settings to your traffic.
applyRateControls Boolean When enabled, your security policy applies the rate control settings to your traffic. Rate controls monitor and flag traffic too fast to be from a human.
applyReputationControls Boolean When enabled, your security policy applies the reputation profile settings to your traffic. Reputation profile analyzes IP addresses based on their prior interactions with Akamai customers, then alerts on or blocks potentially malicious IP addresses from issuing requests
applySlowPostControls Boolean When enabled, your security policy applies the slow post protection settings to your traffic. Slow post protection prevents requests that take too long to complete, tying up a web server and risking a Denial-of-Service to your users.

Activation

Contains activation settings for a configuration version.

Download schema: activations-request.json, activation-status.json

Sample POST request:

{
    "action": "ACTIVATE",
    "network": "STAGING",
    "note": "Free text notes",
    "notificationEmails": [
        "a@abc.com",
        "b@abc.com"
    ],
    "activationConfigs": [
        {
            "configId": 1,
            "configVersion": 4
        }
    ]
}

Sample GET response:

{
    "dispatchCount": 1,
    "activationId": 1234,
    "action": "ACTIVATE",
    "status": "RECEIVED",
    "network": "PRODUCTION",
    "estimate": "PTM5",
    "createdBy": "user1",
    "createDate": "2013-10-07T17:41:52+00:00",
    "activationConfigs": [
        {
            "configId": 1,
            "configName": "config 1",
            "configVersion": 4,
            "previousConfigVersion": 2
        }
    ]
}

Activation members

Member Type POST GET Description
Activation: Contains activation settings for a configuration version.
acknowledgedInvalidHosts Array The list of invalid hostnames in the security configuration to activate. In some cases, you may want to activate a security configuration with hostnames that WAF can’t protect (for example, hostnames not managed as Akamai properties, or managed under a different contract than the configuration). By default, the existence of invalid hostnames blocks activation with a warning. The warning includes the names of the invalid hostnames. If you want to activate a configuration with invalid hostnames, enter the hostnames in this array. This field is now deprecated. Use acknowledgedInvalidHostsByConfig instead.
acknowledgedInvalidHostsByConfig Activation.acknowledgedInvalidHostsByConfig[] The list of invalid hostnames per security configuration to activate. In some cases, you may want to activate a security configuration with hostnames that WAF can’t protect (for example, hostnames not managed as Akamai properties, or managed under a different contract than the configuration). By default, the existence of invalid hostnames blocks activation with a warning. The warning includes the names of the invalid hostnames. If you want to activate a configuration with invalid hostnames, enter the hostnames and the configuration ID in this array.
action Enumeration The action to take, either ACTIVATE or DEACTIVATE.
activationConfigs Activation.activationConfigs[] Specifies the security configuration and version to activate or deactivate.
activationId Number Uniquely identifies the activation.
completionDate String Read-only. The ISO 8601 timestamp at which the activation reaches a steady state and validates across the Akamai network.
createDate String Read-only. The ISO 8601 timestamp at which the activation request was submitted.
createdBy String Read-only. The user who created the activation request.
dispatchCount Integer Read-only. The number of times which this activation has been dispatched to the Akamai edge network. A number greater than 1 indicates that this activation may be retried due to network safety concerns.
estimate String The estimated time remaining to complete the activation in ISO 8601 duration format, starting when the response is generated.
network Enumeration The target Akamai activation environment, either STAGING or PRODUCTION.
note String The notes you entered for the activation.
notificationEmails Array The email addresses to notify when the activation happens.
status Enumeration The current activation status, either RECEIVED, LIVE, DEPLOYED, CANCELING, STOPPED, REMOVED, ROLLBACK, ACTIVATED, FAILED, CANCELLING, or UNDEPLOYED.
Activation.acknowledgedInvalidHostsByConfig[]: The list of invalid hostnames per security configuration to activate. In some cases, you may want to activate a security configuration with hostnames that WAF can’t protect (for example, hostnames not managed as Akamai properties, or managed under a different contract than the configuration). By default, the existence of invalid hostnames blocks activation with a warning. The warning includes the names of the invalid hostnames. If you want to activate a configuration with invalid hostnames, enter the hostnames and the configuration ID in this array.
configId Number Uniquely identifies the security configuration with invalid hostnames.
invalidHosts Array The list of invalid hostnames in the security configuration.
Activation.activationConfigs[]: Specifies the security configuration and version to activate or deactivate.
configId Number The origin identifier or destination configuration to activate.
configName String The name you assigned to the configuration. This field is provided for information purposes and only appears in the API output.
configVersion Number The origin version or destination configuration to activate.
previousConfigVersion Number Read-only. The previous active configuration version.

Export

Contains details about an exported security configuration version.

Download schema: export.json

Sample GET response:

{
    "configId": 8277,
    "configName": "New Security Config",
    "version": 2,
    "basedOn": 1,
    "createDate": "2017-09-08T22:24:41Z",
    "createdBy": "disharma",
    "selectableHosts": [
        "www.example1.com",
        "www.example2.com"
    ],
    "selectedHosts": [
        "www.example3.com",
        "www.example4.com"
    ],
    "staging": {
        "status": "Inactive"
    },
    "production": {
        "status": "Inactive"
    },
    "matchTargets": {
        "websiteTargets": [
            {
                "type": "website",
                "defaultFile": "NO_MATCH",
                "id": 1362593,
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "sequence": 1,
                "fileExtensions": [
                    "jpg"
                ],
                "filePaths": [
                    "/path"
                ],
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyApiConstraints": true,
                    "applyNetworkLayerControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": false,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "qik3_38800"
                },
                "bypassNetworkLists": [
                    {
                        "id": "11212_BYPASSURR",
                        "name": "bypass-URR"
                    }
                ]
            },
            {
                "type": "website",
                "defaultFile": "NO_MATCH",
                "id": 1362594,
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "sequence": 2,
                "filePaths": [
                    "/images",
                    "/image1",
                    "/path"
                ],
                "hostnames": [
                    "b2c.div1.akamaniac.com"
                ],
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyApiConstraints": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "qik2_38799"
                }
            }
        ],
        "apiTargets": [
            {
                "type": "api",
                "id": 1362597,
                "sequence": 6,
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": false,
                    "applyApiConstraints": false,
                    "applyNetworkLayerControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": false,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "99e_47293"
                },
                "apis": [
                    {
                        "id": 1041,
                        "name": "hmm test"
                    }
                ],
                "bypassNetworkLists": [
                    {
                        "id": "1024_AMAZONELASTICCOMPUTECLOU",
                        "name": "Ec2 Akamai Network List"
                    },
                    {
                        "id": "1283_MICROSOFTWINDOWSAZUREDAT",
                        "name": "Azure IP range cloud services"
                    }
                ]
            },
            {
                "type": "api",
                "id": 1362598,
                "sequence": 7,
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": false,
                    "applyApiConstraints": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": false,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "4444_44572"
                },
                "apis": [
                    {
                        "id": 1001,
                        "name": "1001"
                    },
                    {
                        "id": 1041,
                        "name": "hmm test"
                    }
                ],
                "bypassNetworkLists": [
                    {
                        "id": "11212_BYPASSURR",
                        "name": "bypass-URR"
                    }
                ]
            }
        ]
    },
    "siem": {
        "configId": 17027,
        "configVersion": 22,
        "enableForAllPolicies": false,
        "enableSiem": true,
        "enabledBotmanSiemEvents": false,
        "siemDefinitionId": 1,
        "firewallPolicyIds": [
            "qik2_38799",
            "4444_44572",
            "teet_39295",
            "ds22_48583"
        ]
    },
    "advancedOptions": {
        "logging": {
            "allowSampling": true,
            "cookies": {
                "type": "exclude",
                "values": [
                    "_updated_By_SoapUI",
                    "w",
                    "NEW_VAL_ADDED_BY_SoapUI"
                ]
            },
            "customHeaders": {
                "type": "only",
                "values": [
                    "112",
                    "sdasd",
                    "ds"
                ]
            },
            "standardHeaders": {
                "type": "only"
            }
        },
        "prefetch": {
            "allExtensions": false,
            "enableAppLayer": true,
            "enableRateControls": false,
            "extensions": [
                "cgi",
                "jsp",
                "EMPTY_STRING",
                "aspx",
                "php",
                "py",
                "asp"
            ]
        },
        "pragmaHeader": {
            "action": "REMOVE",
            "conditionOperator": "AND",
            "excludeCondition": [
                {
                    "header": "Expect",
                    "positiveMatch": true,
                    "type": "requestHeaderValueMatch",
                    "useHeaders": false,
                    "value": [
                        "dasd"
                    ],
                    "valueCase": true,
                    "valueWildcard": true
                },
                {
                    "positiveMatch": true,
                    "type": "networkList",
                    "useHeaders": true,
                    "value": [
                        "62569_AEPUAT1PARTNERSSTRICTWL"
                    ],
                    "valueCase": false,
                    "valueWildcard": false
                }
            ],
            "override": true
        }
    },
    "errorHosts": [
        {
            "reasonCode": 400,
            "hostname": "bankoflaverty.com",
            "reason": "property is not active in either production or staging"
        },
        {
            "reasonCode": 403,
            "hostname": "culledentropy.com",
            "reason": "You don't have access to this property"
        }
    ],
    "ratePolicies": [
        {
            "averageThreshold": 3,
            "burstThreshold": 2,
            "clientIdentifier": "",
            "createDate": "2017-09-08T22:24:42Z",
            "id": 672601,
            "matchType": "path",
            "name": "dsafsfdsf",
            "pathMatchType": "RequestDisabled",
            "pathUriPositiveMatch": true,
            "requestType": "ClientRequest",
            "sameActionOnIpv6": true,
            "type": "BOTMAN",
            "updateDate": "2017-09-08T22:24:42Z",
            "useXForwardForHeaders": false,
            "used": false,
            "queryParameters": [
                {
                    "name": "dasdasdasd*",
                    "positiveMatch": true,
                    "valueInRange": false,
                    "values": [
                        "dasdasdas8*&^"
                    ]
                }
            ]
        },
        {
            "averageThreshold": 1000,
            "burstThreshold": 10,
            "clientIdentifier": "ip",
            "createDate": "2017-09-08T22:24:42Z",
            "description": "These Shared Resources will be available to all policies within the Security Configuration",
            "id": 672607,
            "matchType": "path",
            "name": "These Shared Resources will be available to all policies within the Security Configuration",
            "pathMatchType": "Custom",
            "pathUriPositiveMatch": true,
            "requestType": "ClientRequest",
            "sameActionOnIpv6": true,
            "type": "WAF",
            "updateDate": "2017-09-08T22:24:42Z",
            "useXForwardForHeaders": false,
            "used": true,
            "additionalMatchOptions": [
                {
                    "positiveMatch": true,
                    "type": "NetworkListCondition",
                    "values": [
                        "25620_REPUTATIONWHITELIST174",
                        "11212_BYPASSURR"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "RequestMethodCondition",
                    "values": [
                        "GET",
                        "HTTP_DELETE"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "UserAgentCondition",
                    "values": [
                        "MOZILLA",
                        "Googlebot"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "RequestMethodCondition",
                    "values": [
                        "GET",
                        "POST",
                        "HEAD"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "ResponseStatusCondition",
                    "values": [
                        "400",
                        "401",
                        "402",
                        "403",
                        "404",
                        "405",
                        "406",
                        "407",
                        "408",
                        "409",
                        "410",
                        "500",
                        "501",
                        "502",
                        "503",
                        "504"
                    ]
                }
            ],
            "queryParameters": [
                {
                    "name": "param1",
                    "positiveMatch": false,
                    "valueInRange": true,
                    "values": [
                        "value1"
                    ]
                }
            ]
        }
    ],
    "reputationProfiles": [
        {
            "context": "SCANTL",
            "contextReadable": "Scanning Tools",
            "enabled": true,
            "id": 210588,
            "name": "Scanning Tools (Low Threat)",
            "threshold": 5
        },
        {
            "context": "WEBATCK",
            "contextReadable": "Web Attackers",
            "enabled": false,
            "id": 210578,
            "name": "Web Attackers (Low Threat)",
            "threshold": 5,
            "condition": {
                "canDelete": false,
                "configVersionId": 152889,
                "id": 88112456,
                "name": "Cloned of 87956156 for version 152889",
                "positiveMatch": true,
                "uuid": "SEC_COND_88112456",
                "version": 1504909482545,
                "atomicConditions": [
                    {
                        "className": "RequestHeaderCondition",
                        "index": 1,
                        "nameWildcard": false,
                        "positiveMatch": true,
                        "valueCase": false,
                        "valueWildcard": false,
                        "name": [
                            "test*"
                        ],
                        "value": [
                            "test*"
                        ]
                    },
                    {
                        "className": "RequestHeaderCondition",
                        "index": 2,
                        "nameWildcard": true,
                        "positiveMatch": true,
                        "valueCase": false,
                        "valueWildcard": true,
                        "name": [
                            "Head",
                            "Header"
                        ],
                        "value": [
                            "Header value"
                        ]
                    },
                    {
                        "checkIps": "connecting",
                        "className": "NetworkListCondition",
                        "index": 3,
                        "positiveMatch": true,
                        "value": [
                            "14121_IMAGEMANAGERSERVERS"
                        ]
                    },
                    {
                        "className": "RequestCookieCondition",
                        "index": 4,
                        "name": "cookieName",
                        "nameCase": false,
                        "nameWildcard": true,
                        "positiveMatch": true,
                        "valueCase": false,
                        "valueWildcard": true,
                        "value": [
                            "cookieValue"
                        ]
                    },
                    {
                        "checkIps": "connecting",
                        "className": "AsNumberCondition",
                        "index": 5,
                        "positiveMatch": true,
                        "value": [
                            "5"
                        ]
                    }
                ]
            }
        }
    ],
    "customRules": [
        {
            "configId": 17027,
            "id": 667828,
            "name": "UXR-715 RE2 Second Test with Flags",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "tagfor",
                "17.2"
            ],
            "conditions": [
                {
                    "type": "requestMethodMatch",
                    "positiveMatch": true,
                    "value": [
                        "GET"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "description": "Test CR",
            "id": 600001,
            "name": "Test CR",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "Test",
                "Tag"
            ],
            "conditions": [
                {
                    "type": "extensionMatch",
                    "positiveMatch": true,
                    "valueCase": true,
                    "valueWildcard": false,
                    "value": [
                        "fdf"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "description": "Test CR",
            "id": 600006,
            "name": "Test CR",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "k"
            ],
            "conditions": [
                {
                    "type": "cookieMatch",
                    "name": "kids",
                    "nameCase": true,
                    "nameWildcard": false,
                    "positiveMatch": true,
                    "valueCase": true,
                    "valueWildcard": true,
                    "value": [
                        "dsds",
                        "dasdqw",
                        "dsa",
                        "dqwd",
                        "csqw"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "id": 606713,
            "name": "Test",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "adsa"
            ],
            "conditions": [
                {
                    "type": "pathMatch",
                    "positiveMatch": true,
                    "value": [
                        "/login"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "description": "Test CR",
            "id": 690265,
            "name": "Test CR2",
            "ruleActivated": false,
            "structured": true,
            "version": 1,
            "tag": [
                "ee"
            ],
            "conditions": [
                {
                    "type": "argsPostMatch",
                    "name": "fvfv",
                    "positiveMatch": true,
                    "value": [
                        "fgbr"
                    ]
                },
                {
                    "type": "requestHeaderMatch",
                    "nameWildcard": true,
                    "positiveMatch": true,
                    "valueCase": false,
                    "valueWildcard": true,
                    "name": [
                        "test"
                    ],
                    "value": [
                        "test1"
                    ]
                }
            ]
        },
        {
            "configId": 17027,
            "id": 667825,
            "inspectRequest": false,
            "inspectResponse": false,
            "metadata": "<match:variable name=\"MY_SAMPLE_THREAT_DETECTED\" result=\"true\" value=\"execute rule\">\n<match:regex impl=\"re2\" regex=\"^\\d+$\" result=\"false\" select=\"REQUEST_HEADERS:Content-Length\" strict-err-check-re2=\"on\" transform=\"urlDecodeUni\">\n<security:firewall.action>\n<msg>UXR-715 CRB Metadata testing</msg>\n<tag>CUSTOM/TEST</tag>\n<id>667825</id>\n<deny>%(WAF_CUSTOM_R667825_DENY)</deny>\n<data>threat indicated from data %(MY_SAMPLE_THREAT_DETECTED)</data>\n<http-status>403</http-status>\n</security:firewall.action>\n</match:regex>\n</match:variable>\n",
            "name": "UXR-715 RE27890",
            "ruleActivated": false,
            "structured": false,
            "version": 1
        }
    ],
    "rulesets": [
        {
            "id": 41,
            "rulesetVersionId": 327550,
            "type": "Kona",
            "releaseDate": "2017-04-21T16:00:38Z",
            "attackGroups": [
                {
                    "group": "DDOS",
                    "groupName": "Anomaly Score Exceeded for DDoS",
                    "threshold": 5
                },
                {
                    "group": "IN",
                    "groupName": "Anomaly Score Exceeded for Inbound",
                    "threshold": 30
                },
                {
                    "group": "SQL",
                    "groupName": "Anomaly Score Exceeded for SQL Injection",
                    "threshold": 19
                },
                {
                    "group": "TROJAN",
                    "groupName": "Anomaly Score Exceeded for Trojan",
                    "threshold": 4
                },
                {
                    "group": "XSS",
                    "groupName": "Anomaly Score Exceeded for Cross-Site Scripting",
                    "threshold": 9
                }
            ],
            "rules": [
                {
                    "id": 699989,
                    "inspectRequestBody": false,
                    "inspectResponseBody": false,
                    "ruleVersion": 1,
                    "score": 5,
                    "tag": "<AKAMAI/PRAGMA_DEFLECTION>",
                    "title": "Akamai-X debug Pragma header detected and removed"
                },
                {
                    "id": 699990,
                    "inspectRequestBody": false,
                    "inspectResponseBody": false,
                    "ruleVersion": 1,
                    "score": 5,
                    "tag": "<AKAMAI/EDGESCAPE_ANONYMOUS_PROXY_v1>",
                    "title": "Detected request from anonymous proxy"
                },
                {
                    "id": 981252,
                    "inspectRequestBody": true,
                    "inspectResponseBody": false,
                    "ruleVersion": 4,
                    "score": 5,
                    "tag": "<OWASP_CRS/WEB_ATTACK/SQL_INJECTION>",
                    "title": "MySQL Charset Switch and MSSQL DoS Attempts",
                    "attackGroups": [
                        "SQL",
                        "IN"
                    ]
                },
                {
                    "id": 3000060,
                    "inspectRequestBody": true,
                    "inspectResponseBody": false,
                    "ruleVersion": 2,
                    "score": 1000,
                    "tag": "<AKAMAI/AUTOMATION/MALICIOUS>",
                    "title": "Mirai / Kaiten DDoS Detection - HTTP Attacks",
                    "attackGroups": [
                        "IN",
                        "DDOS"
                    ]
                },
                {
                    "id": 3000061,
                    "inspectRequestBody": true,
                    "inspectResponseBody": false,
                    "ruleVersion": 1,
                    "score": 5,
                    "tag": "<AKAMAI/WEB_ATTACK/XSS>",
                    "title": "Referer Header From OpenBugBounty Website - Potential XSS",
                    "attackGroups": [
                        "XSS",
                        "IN"
                    ]
                }
            ]
        }
    ],
    "securityPolicies": [
        {
            "id": "qik2_38799",
            "name": "Generated Quick Policy - 4/10/17 7:13:18 PM GMT",
            "hasRatePolicyWithApiKey": false,
            "pragmaHeader": {
                "action": "REMOVE",
                "conditionOperator": "AND",
                "excludeCondition": [
                    {
                        "header": "Expect",
                        "positiveMatch": true,
                        "type": "requestHeaderValueMatch",
                        "useHeaders": false,
                        "value": [
                            "dasd"
                        ],
                        "valueCase": true,
                        "valueWildcard": true
                    },
                    {
                        "positiveMatch": true,
                        "type": "networkList",
                        "useHeaders": true,
                        "value": [
                            "62569_AEPUAT1PARTNERSSTRICTWL"
                        ],
                        "valueCase": false,
                        "valueWildcard": false
                    }
                ],
                "override": true
            },
            "networkLayerControls": {
                "block": "blockSpecificIPGeo",
                "geoControls": {
                    "blockedIPNetworkLists": {
                        "additional": [
                            "AF",
                            "AS"
                        ],
                        "networkList": [
                            "4389_BLANKLIST"
                        ]
                    }
                },
                "slowPost": {
                    "action": "alert",
                    "durationThreshold": {
                        "timeout": 5
                    },
                    "slowRateThreshold": {
                        "rate": 10,
                        "period": 60
                    }
                },
                "ipControls": {
                    "allowedIPNetworkLists": {
                        "additional": [
                            "2.2.2.2"
                        ],
                        "networkList": [
                            "12801_25000",
                            "19440_1671"
                        ]
                    },
                    "blockedIPNetworkLists": {
                        "additional": [
                            "1.1.1.1"
                        ],
                        "networkList": [
                            "16656_CPISERVERS",
                            "18460_166RELEASETESTING"
                        ]
                    }
                }
            },
            "ruleActions": [
                {
                    "action": "alert",
                    "id": 960912,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "alert",
                    "id": 960035,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "alert",
                    "id": 981300,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "deny",
                    "id": 3000001,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "alert",
                    "id": 970903,
                    "rulesetVersionId": 327550,
                    "exception": {
                        "values": [
                            "test",
                            "sdfasf"
                        ],
                        "selectors": [
                            {
                                "type": "GENERIC",
                                "selector": "REQUEST_COOKIES"
                            },
                            {
                                "type": "EXACT",
                                "name": "cccx",
                                "selector": "XML_PAIRS",
                                "value": "vvv"
                            },
                            {
                                "type": "GENERIC",
                                "selector": "REQUEST_COOKIES"
                            },
                            {
                                "type": "GENERIC",
                                "selector": "ARGS"
                            }
                        ]
                    },
                    "conditions": [
                        {
                            "type": "hostMatch",
                            "positiveMatch": true,
                            "hosts": [
                                "www.example.com",
                                "*.example.com"
                            ]
                        },
                        {
                            "type": "pathMatch",
                            "positiveMatch": false,
                            "paths": [
                                "/a/d",
                                "/test/"
                            ]
                        },
                        {
                            "type": "uriQueryMatch",
                            "caseSensitive": false,
                            "name": "test",
                            "nameCase": false,
                            "positiveMatch": false,
                            "value": "value",
                            "wildcard": false
                        },
                        {
                            "type": "requestHeaderMatch",
                            "header": "user-agent",
                            "positiveMatch": false,
                            "value": "test-agent-*",
                            "valueCase": false,
                            "valueWildcard": true
                        }
                    ]
                }
            ],
            "attackGroupActions": [
                {
                    "action": "deny",
                    "group": "SQL",
                    "rulesetVersionId": 327550,
                    "exception": {
                        "specificHeaderCookieParamXmlOrJsonNames": [
                            {
                                "selector": "REQUEST_HEADERS_NAMES",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "test"
                                ],
                                "selector": "REQUEST_HEADERS",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_COOKIES_NAMES",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "XSRF_TOKEN"
                                ],
                                "selector": "REQUEST_COOKIES",
                                "wildcard": true
                            },
                            {
                                "selector": "ARGS_NAMES",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "value"
                                ],
                                "selector": "ARGS",
                                "wildcard": true
                            },
                            {
                                "selector": "JSON_NAMES",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "val"
                                ],
                                "selector": "JSON_PAIRS",
                                "wildcard": true
                            },
                            {
                                "names": [
                                    "test"
                                ],
                                "selector": "XML_PAIRS",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_PROTOCOL",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_METHOD",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_URI",
                                "wildcard": true
                            },
                            {
                                "selector": "QUERY_STRING",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_FILENAME",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_PATH_SEGMENT",
                                "wildcard": true
                            },
                            {
                                "selector": "REQUEST_BODY",
                                "wildcard": true
                            },
                            {
                                "selector": "REQBODY_PROCESSOR_ERROR",
                                "wildcard": true
                            },
                            {
                                "selector": "FILES_NAMES",
                                "wildcard": true
                            }
                        ]
                    }
                },
                {
                    "action": "deny",
                    "group": "XSS",
                    "rulesetVersionId": 327550
                },
                {
                    "action": "deny",
                    "group": "IN",
                    "rulesetVersionId": 327550
                }
            ],
            "customRuleActions": [
                {
                    "action": "deny",
                    "id": 628035
                },
                {
                    "action": "alert",
                    "id": 628037
                }
            ],
            "reputationProfileActions": [
                {
                    "action": "alert",
                    "id": 281778
                },
                {
                    "action": "deny",
                    "id": 210588
                }
            ],
            "ratePolicyActions": [
                {
                    "id": 0,
                    "ipv4Action": "alert",
                    "ipv6Action": "deny"
                },
                {
                    "id": 0,
                    "ipv4Action": "alert",
                    "ipv6Action": "none"
                }
            ]
        },
        {
            "id": "qqqq_39297",
            "name": "qqqqqq",
            "hasRatePolicyWithApiKey": false
        },
        {
            "id": "178t_48704",
            "name": "Copy of Tet-a-Tet with 17.8",
            "hasRatePolicyWithApiKey": false,
            "networkLayerControls": {
                "block": "blockSpecificIPGeo",
                "ipControls": {
                    "blockedIPNetworkLists": {
                        "networkList": [
                            "24321_TESTNW"
                        ]
                    }
                }
            },
            "apiRequestConstraints": {
                "action": "",
                "apiEndpoints": [
                    {
                        "id": 1941,
                        "action": "alert"
                    },
                    {
                        "id": 1942,
                        "action": "alert"
                    },
                    {
                        "id": 1943,
                        "action": "alert"
                    }
                ]
            },
            "reputationProfileActions": [
                {
                    "action": "alert",
                    "id": 281778
                },
                {
                    "action": "alert",
                    "id": 281776
                }
            ]
        }
    ]
}

Export members

Member Type Required Description
Export: Contains details about an exported security configuration version.
advancedOptions Export.advancedOptions[] The logging and prefetch settings in the configuration version.
basedOn Integer The version from which you cloned this version. If it’s the first version, this member is omitted from the response.
configId Integer Uniquely identifies each security configuration.
configName String The name that you assign to the security configuration.
createDate String The date when you created the security configuration.
createdBy String The user who created the configuration version.
customRules Export.customRules[] The custom rule details in the configuration version.
errorHosts Export.errorHosts[] Specifies the set of hostnames unavailable for protection in this configuration version.
evaluating Export.evaluating Describes security controls and information for hostnames you want to evaluate.
matchTargets Export.matchTargets[] The match target details in the configuration version.
Export.advancedOptions[]: The logging and prefetch settings in the configuration version.
logging Export.advancedOptions[].logging Contains the configuration version level settings for header logging.
pragmaHeader Export.advancedOptions[].pragmaHeader Contains the configuration version level settings for pragma header
prefetch Export.advancedOptions[].prefetch Contains the configuration version level prefetch settings. Use this object to apply application firewall rules and rate controls to prefetch requests.
Export.advancedOptions[].logging: Contains the configuration version level settings for header logging.
allowSampling Boolean Whether you enabled the header data sampling.
cookies Export.advancedOptions[].logging.cookies The sampling settings for the cookie data.
customHeaders Export.advancedOptions[].logging.customHeaders The sampling settings for the custom headers.
standardHeaders Export.advancedOptions[].logging.standardHeaders The sampling settings for the standard headers.
Export.advancedOptions[].logging.cookies: The sampling settings for the cookie data.
type Enumeration The directive for including cookies. Either all to include all cookies, exclude to exclude specific cookies, none not to include any cookies, or only to include only specific cookies.
values Array The cookie names to log or exclude. This applies only when the type is either only or exclude.
Export.advancedOptions[].logging.customHeaders: The sampling settings for the custom headers.
type Enumeration The directive for including custom headers. Either all to include all custom headers, exclude to exclude specific custom headers, none not to include any custom headers, or only to include only specific custom headers.
values Array The custom headers to log or exclude. This applies only when the type is either only or exclude.
Export.advancedOptions[].logging.standardHeaders: The sampling settings for the standard headers.
type Enumeration The directive for including standard headers. Either all to include all standard headers, exclude to exclude specific standard headers, none not to include any standard headers, or only to include only specific standard headers.
values Array The standard headers to log or exclude. This is applies only when the type is either only or exclude. For available header values, see Export header values.
Export.advancedOptions[].pragmaHeader: Contains the configuration version level settings for pragma header
action Enumeration The action to perform when a user passes a Pragma header. The only action currently supported is REMOVE.
conditionOperator Enumeration Use OR to match any condition, or AND to match on all conditions.
excludeCondition Export.advancedOptions[].pragmaHeader.excludeCondition The conditions to exclude from the default remove action. Any condition you set in this object appears in the Pragma header debug response object.
Export.advancedOptions[].pragmaHeader.excludeCondition: The conditions to exclude from the default remove action. Any condition you set in this object appears in the Pragma header debug response object.
header String The name of the request header. In the example, accept.
name String The name of the request header to ignore from inspection. In the example, type.
positiveMatch Boolean When true, matches the selected values. When false, matches on anything outside the selected values.
type Enumeration The header value you want to appear in the response. You can choose from requestHeaderValueMatch, ipMatch, networkList, or queryParamNameValueMatch.
useHeaders Boolean Whether the condition should include the X-Forwarded-For header (XFF) header. This only applies when the condition type is IP_MATCH or NETWORK_LIST.
value Array List of header values, query parameter values, IP addresses, or names of network lists. To manage networks lists, use the Network Lists API.
valueCase Boolean Whether to consider the case-sensitivity of the provided header value. This only applies when the condition type is REQUEST_HEADER_VALUE_MATCH.
valueWildcard Boolean Whether the provided header value includes wildcards, such as * or ?. This only applies to the REQUEST_HEADER_VALUE_MATCH condition type.
Export.advancedOptions[].prefetch: Contains the configuration version level prefetch settings. Use this object to apply application firewall rules and rate controls to prefetch requests.
allExtensions Boolean Whether to enable the prefetch settings for all file extensions. This only applies if the enableAppLayer member is true.
enableAppLayer Boolean Whether to enable the application layer rules for the prefetch requests.
enableRateControls Boolean Whether to enable the rate controls for the prefetch requests.
extensions Array The file extensions to apply the settings to. This only applies if the enableAppLayer member is true.
Export.customRules[]: The custom rule details in the configuration version.
conditions Export.customRules[].conditions[] Contains the details about the condition that triggers the custom rule.
description String The custom rule description.
id Integer Uniquely identifies the rule.
inspectRequest Boolean Whether to inspect the HTTP request for unstructured custom rules.
inspectResponse Boolean Whether to inspect the HTTP response for unstructured custom rules.
metadata String The metadata you provided for unstructured custom rules.
name String The custom rule name.
ruleActivated Boolean Whether the rule is active in the configuration.
structured Boolean Whether you created the rule with the structured custom rule builder or free-form XML.
tag Array The list of the labels you assigned to the custom rule.
version Integer The custom rule version.
Export.customRules[].conditions[]: Contains the details about the condition that triggers the custom rule.
positiveMatch Boolean Whether the condition should trigger on a match (true) or a lack of match (false).
type Enumeration The type of condition. See CustomRule condition type values.
value Array, String The value that triggers the condition when matched or not matched. The value can either be a string or an array.
Export.errorHosts[]: Specifies the set of hostnames unavailable for protection in this configuration version.
hostname String The hostname unavailable for protection.
reason String Describes why WAF can’t protect the hostname.
reasonCode Integer The HTTP error code indicating why WAF can’t protect the hostname.
Export.evaluating: Describes security controls and information for hostnames you want to evaluate.
effectiveSecurityControls Export.evaluating.effectiveSecurityControls The security controls to apply. For a security control to be effectively turned on, you must enable it in both the match target and the security policy.
hostnames Array The evaluation hostnames in the configuration version.
message String Evaluation message.
Export.evaluating.effectiveSecurityControls: The security controls to apply. For a security control to be effectively turned on, you must enable it in both the match target and the security policy.
applyApiConstraints Boolean Whether you enabled API constraints.
applyApplicationLayerControls Boolean Whether you enabled application layer controls.
applyBotmanControls Boolean Whether you enabled Bot Manager controls.
applyNetworkLayerControls Boolean Whether you enabled network layer controls.
applyRateControls Boolean Whether you enabled rate controls.
applyReputationControls Boolean Whether you enabled reputation controls.
applySlowPostControls Boolean Whether you enabled slow post controls.
Export.matchTargets[]: The match target details in the configuration version.
matchTargets Export.matchTargets[].matchTargets Contains the API and website match targets defined in the security configuration version.
Export.matchTargets[].matchTargets: Contains the API and website match targets defined in the security configuration version.
apiTargets Export.matchTargets[].matchTargets.apiTargets[] The list of api match targets.
websiteTargets Export.matchTargets[].matchTargets.websiteTargets[] The list of website match targets.
Export.matchTargets[].matchTargets.apiTargets[]: The list of api match targets.
apis Export.matchTargets[].matchTargets.apiTargets[].apis[] The list of API endpoint identifiers and names. This applies only for api match targets.
bypassNetworkLists Export.matchTargets[].matchTargets.apiTargets[].bypassNetworkLists[] The network lists’ identifiers and names in the match target.
defaultFile Enumeration Describes the rule to match on paths. Either NO_MATCH not to match on the default file, BASE_MATCH to match only requests for top-level hostnames ending in a trailing slash, or RECURSIVE_MATCH to match all requests for paths that end in a trailing slash. The default value is NO_MATCH.
effectiveSecurityControls SecurityControls The security controls to apply. For a security control to be effectively turned on, you must enable it in both the match target and the security policy.
fileExtensions Array The list of file extensions to apply the match target to.
filePaths Array The list of file paths to apply the match target to.
hostnames Array The list of hostnames to protect.
isNegativeFileExtensionMatch Boolean Whether the match target applies when a match is found in the specified fileExtensions or when a match isn’t found.
isNegativePathMatch Boolean Whether the match target applies when a match is found in the specified filePaths or when a match isn’t found.
securityPolicy Export.matchTargets[].matchTargets.apiTargets[].securityPolicy The security policy associated with the match target.
sequence Integer The match target’s position in the sequence of match targets.
targetId Integer Uniquely identifies the match target.
type Enumeration The type of match target. Either website or api.
validations Export.matchTargets[].matchTargets.apiTargets[].validations Contains details about warnings, errors, or notices determined by a validation of this resource.
Export.matchTargets[].matchTargets.apiTargets[].apis[]: The list of API endpoint identifiers and names. This applies only for api match targets.
id Integer Uniquely identifies the API endpoint.
name String The API endpoint name.
Export.matchTargets[].matchTargets.apiTargets[].bypassNetworkLists[]: The network lists’ identifiers and names in the match target.
id String Uniquely identifies the network list.
name String The name you assigned to the network list.
Export.matchTargets[].matchTargets.apiTargets[].securityPolicy: The security policy associated with the match target.
policyId String Uniquely identifies the security policy.
Export.matchTargets[].matchTargets.apiTargets[].validations: Contains details about warnings, errors, or notices determined by a validation of this resource.
errors Validation array The list of errors.
notices Validation array The list of notices.
warnings Validation array The list of warnings.
Export.matchTargets[].matchTargets.websiteTargets[]: The list of website match targets.
apis Export.matchTargets[].matchTargets.websiteTargets[].apis[] The list of API endpoint identifiers and names. This applies only for api match targets.
bypassNetworkLists Export.matchTargets[].matchTargets.websiteTargets[].bypassNetworkLists[] The network lists’ identifiers and names in the match target.
defaultFile Enumeration Describes the rule to match on paths. Either NO_MATCH not to match on the default file, BASE_MATCH to match only requests for top-level hostnames ending in a trailing slash, or RECURSIVE_MATCH to match all requests for paths that end in a trailing slash. The default value is NO_MATCH.
effectiveSecurityControls SecurityControls The security controls to apply. For a security control to be effectively turned on, you must enable it in both the match target and the security policy.
fileExtensions Array The list of file extensions to apply the match target to.
filePaths Array The list of file paths to apply the match target to.
hostnames Array The list of hostnames to protect.
isNegativeFileExtensionMatch Boolean Whether the match target applies when a match is found in the specified fileExtensions or when a match isn’t found.
isNegativePathMatch Boolean Whether the match target applies when a match is found in the specified filePaths or when a match isn’t found.
securityPolicy Export.matchTargets[].matchTargets.websiteTargets[].securityPolicy The security policy associated with the match target.
sequence Integer The match target’s position in the sequence of match targets.
targetId Integer Uniquely identifies the match target.
type Enumeration The type of match target. Either website or api.
validations Export.matchTargets[].matchTargets.websiteTargets[].validations Contains details about warnings, errors, or notices determined by a validation of this resource.
Export.matchTargets[].matchTargets.websiteTargets[].apis[]: The list of API endpoint identifiers and names. This applies only for api match targets.
id Integer Uniquely identifies the API endpoint.
name String The API endpoint name.
Export.matchTargets[].matchTargets.websiteTargets[].bypassNetworkLists[]: The network lists’ identifiers and names in the match target.
id String Uniquely identifies the network list.
name String The name you assigned to the network list.
Export.matchTargets[].matchTargets.websiteTargets[].securityPolicy: The security policy associated with the match target.
policyId String Uniquely identifies the security policy.
Export.matchTargets[].matchTargets.websiteTargets[].validations: Contains details about warnings, errors, or notices determined by a validation of this resource.
errors Validation array The list of errors.
notices Validation array The list of notices.
warnings Validation array The list of warnings.

Export condition type values

You can specify any of these values as an Export condition type:

type value… Matches on…
extensionMatch File extensions
filenameMatch Filenames
hostMatch Hostnames
ipMatch IP addresses
pathMatch Paths
requestHeaderMatch Request headers
requestMethodMatch Request methods
uriQueryMatch Query parameters

Export match condition type values

You can specify any of these values as an Export match condition type:

type value… Matches on…
AsNumberCondition The requesting client’s autonomous number
IpAddressCondition IP addresses
NetworkListCondition Network lists
RequestHeaderCondition Request headers
RequestMethodCondition Request HTTP methods
ResponseHeaderCondition Response headers
ResponseStatusCondition Response statuses
UserAgentCondition Specific software like a browser or browser version

Export header values

When exporting a configuration version, you can specify these headers:

Accept
Accept-Charset
Accept-Encoding
Accept-Language
Accept-Ranges
Access-Control-Allow-Origin
Age
Allow
Cache-Control
Connection
Content-Disposition
Content-Encoding
Content-Language
Content-Length
Content-Location
Content-MD5
Content-Range
Content-Security-Policy
Content-Type
DNT
Date
Etag
Expect
Expires
From
Host
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Last-Modified
Link
Location
Max-Forwards
Origin
P3P
Pragma
Proxy-Authenticate
Range
Referer
Refresh
Retry-After
Server
Strict-Transport-Security
TE
Trailer
Transfer-Encoding
Upgrade
User-Agent
Vary
Via
WWW-Authenticate
Warning
X-Content-Security-Policy
X-Content-Type-Options
X-Forwarded-For
X-Forwarded-Proto
X-Frame-Options
X-Powered-By
X-Requested-With
X-UA-Compatible
X-WebKit-CSP
X-XSS-Protection

Errors

This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.

Error responses

EdgeGrid responds with HTTP Problem error objects that provide details useful for debugging. For example:

{
    "type": "https://problems.luna.akamaiapis.net/appsec-resource/error-types/ACCESS-DENIED",
    "title": "Forbidden",
    "status":403,
    "detail": "You do not have the necessary access to perform this operation or the requested resource cannot be modified",
    "instance": "https://problems.luna.akamaiapis.net/appsec/error-instances/d54686b5-21cb-4ab7-a8d6-a92282cf1749"
}

HTTP status codes

The API returns these HTTP status codes for both success and failure scenarios:

Code Description
200 The operation was successful.
201 Resource successfully created.
400 Bad Request.
403 Access is forbidden.
404 Resource not found.
409 Conflict with current state of resource.