Avi WafPolicy Object API

CLI ``` - configure wafpolicy - show wafpolicy ```
More information: https://avinetworks.com/contact-us
Contact Info: support@avinetworks.com
Version: 18.2.9
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html

Access

  1. HTTP Basic Authentication

Methods

[ Jump to Models ]

Table of Contents

  1. get /wafpolicy
  2. post /wafpolicy
  3. delete /wafpolicy/{uuid}
  4. get /wafpolicy/{uuid}
  5. patch /wafpolicy/{uuid}
  6. put /wafpolicy/{uuid}
Up
get /wafpolicy
(wafpolicyGet)

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

WafPolicyApiResponse

Example data

Content-Type: application/json
{
  "count" : 123,
  "results" : [ {
    "positive_security_model" : {
      "group_refs" : [ "aeiou" ]
    },
    "pre_crs_groups" : [ "" ],
    "description" : "aeiou",
    "learning" : {
      "arg_summarization_threshold" : 123,
      "enable" : true,
      "confidence" : 123,
      "sampling_percent" : 123,
      "path_summarization_threshold" : 123
    },
    "whitelist" : {
      "rules" : [ {
        "enable" : true,
        "match" : {
          "path" : {
            "match_criteria" : "aeiou",
            "string_group_refs" : [ "aeiou" ],
            "match_str" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "protocol" : {
            "match_criteria" : "aeiou",
            "protocols" : "aeiou"
          },
          "cookie" : {
            "match_criteria" : "aeiou",
            "name" : "aeiou",
            "value" : "aeiou",
            "match_case" : "aeiou"
          },
          "method" : {
            "match_criteria" : "aeiou",
            "methods" : [ "aeiou" ]
          },
          "host_hdr" : {
            "match_criteria" : "aeiou",
            "value" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "query" : {
            "match_criteria" : "aeiou",
            "string_group_refs" : [ "aeiou" ],
            "match_str" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "vs_port" : {
            "match_criteria" : "aeiou",
            "ports" : [ "" ]
          },
          "client_ip" : {
            "group_refs" : [ "aeiou" ],
            "match_criteria" : "aeiou",
            "prefixes" : [ "" ],
            "ranges" : [ {
              "end" : "",
              "begin" : ""
            } ],
            "addrs" : [ "" ]
          },
          "hdrs" : [ {
            "match_criteria" : "aeiou",
            "hdr" : "aeiou",
            "value" : [ "aeiou" ],
            "match_case" : "aeiou"
          } ],
          "version" : {
            "match_criteria" : "aeiou",
            "versions" : [ "aeiou" ]
          }
        },
        "name" : "aeiou",
        "description" : "aeiou",
        "index" : 123,
        "actions" : [ "aeiou" ]
      } ]
    },
    "allow_mode_delegation" : true,
    "created_by" : "aeiou",
    "uuid" : "aeiou",
    "url" : "aeiou",
    "_last_modified" : "aeiou",
    "mode" : "aeiou",
    "tenant_ref" : "aeiou",
    "name" : "aeiou",
    "post_crs_groups" : [ "" ],
    "crs_groups" : [ {
      "force_detection" : true,
      "enable" : true,
      "name" : "aeiou",
      "index" : 123,
      "rules" : [ {
        "mode" : "aeiou",
        "rule_id" : "aeiou",
        "force_detection" : true,
        "enable" : true,
        "name" : "aeiou",
        "index" : 123,
        "rule" : "aeiou",
        "exclude_list" : [ "" ],
        "tags" : [ "aeiou" ]
      } ],
      "exclude_list" : [ {
        "client_subnet" : {
          "ip_addr" : {
            "addr" : "aeiou",
            "type" : "aeiou"
          },
          "mask" : 123
        },
        "match_element" : "aeiou",
        "uri_path" : "aeiou",
        "uri_match_criteria" : "",
        "match_element_criteria" : {
          "match_op" : "aeiou",
          "match_case" : "aeiou"
        },
        "description" : "aeiou"
      } ]
    } ],
    "waf_crs_ref" : "aeiou",
    "enable_app_learning" : true,
    "failure_mode" : "aeiou",
    "paranoia_level" : "aeiou",
    "waf_profile_ref" : "aeiou"
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicyApiResponse

401

log in failed

Up
post /wafpolicy
(wafpolicyPost)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — WafPolicy object creation

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ "" ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ "" ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "allow_mode_delegation" : true,
  "created_by" : "aeiou",
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "mode" : "aeiou",
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "post_crs_groups" : [ "" ],
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ {
      "mode" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ "" ],
      "tags" : [ "aeiou" ]
    } ],
    "exclude_list" : [ {
      "client_subnet" : {
        "ip_addr" : {
          "addr" : "aeiou",
          "type" : "aeiou"
        },
        "mask" : 123
      },
      "match_element" : "aeiou",
      "uri_path" : "aeiou",
      "uri_match_criteria" : "",
      "match_element_criteria" : {
        "match_op" : "aeiou",
        "match_case" : "aeiou"
      },
      "description" : "aeiou"
    } ]
  } ],
  "waf_crs_ref" : "aeiou",
  "enable_app_learning" : true,
  "failure_mode" : "aeiou",
  "paranoia_level" : "aeiou",
  "waf_profile_ref" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up
delete /wafpolicy/{uuid}
(wafpolicyUuidDelete)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name

Return type

String

Example data

Content-Type: application/json
"aeiou"

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

204

object deleted String

404

not found

Up
get /wafpolicy/{uuid}
(wafpolicyUuidGet)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ "" ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ "" ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "allow_mode_delegation" : true,
  "created_by" : "aeiou",
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "mode" : "aeiou",
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "post_crs_groups" : [ "" ],
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ {
      "mode" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ "" ],
      "tags" : [ "aeiou" ]
    } ],
    "exclude_list" : [ {
      "client_subnet" : {
        "ip_addr" : {
          "addr" : "aeiou",
          "type" : "aeiou"
        },
        "mask" : 123
      },
      "match_element" : "aeiou",
      "uri_path" : "aeiou",
      "uri_match_criteria" : "",
      "match_element_criteria" : {
        "match_op" : "aeiou",
        "match_case" : "aeiou"
      },
      "description" : "aeiou"
    } ]
  } ],
  "waf_crs_ref" : "aeiou",
  "enable_app_learning" : true,
  "failure_mode" : "aeiou",
  "paranoia_level" : "aeiou",
  "waf_profile_ref" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up
patch /wafpolicy/{uuid}
(wafpolicyUuidPatch)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — WafPolicy object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ "" ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ "" ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "allow_mode_delegation" : true,
  "created_by" : "aeiou",
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "mode" : "aeiou",
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "post_crs_groups" : [ "" ],
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ {
      "mode" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ "" ],
      "tags" : [ "aeiou" ]
    } ],
    "exclude_list" : [ {
      "client_subnet" : {
        "ip_addr" : {
          "addr" : "aeiou",
          "type" : "aeiou"
        },
        "mask" : 123
      },
      "match_element" : "aeiou",
      "uri_path" : "aeiou",
      "uri_match_criteria" : "",
      "match_element_criteria" : {
        "match_op" : "aeiou",
        "match_case" : "aeiou"
      },
      "description" : "aeiou"
    } ]
  } ],
  "waf_crs_ref" : "aeiou",
  "enable_app_learning" : true,
  "failure_mode" : "aeiou",
  "paranoia_level" : "aeiou",
  "waf_profile_ref" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up
put /wafpolicy/{uuid}
(wafpolicyUuidPut)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — WafPolicy object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ "" ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ "" ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "allow_mode_delegation" : true,
  "created_by" : "aeiou",
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "mode" : "aeiou",
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "post_crs_groups" : [ "" ],
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ {
      "mode" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ "" ],
      "tags" : [ "aeiou" ]
    } ],
    "exclude_list" : [ {
      "client_subnet" : {
        "ip_addr" : {
          "addr" : "aeiou",
          "type" : "aeiou"
        },
        "mask" : 123
      },
      "match_element" : "aeiou",
      "uri_path" : "aeiou",
      "uri_match_criteria" : "",
      "match_element_criteria" : {
        "match_op" : "aeiou",
        "match_case" : "aeiou"
      },
      "description" : "aeiou"
    } ]
  } ],
  "waf_crs_ref" : "aeiou",
  "enable_app_learning" : true,
  "failure_mode" : "aeiou",
  "paranoia_level" : "aeiou",
  "waf_profile_ref" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up

Models

[ Jump to Methods ]

Table of Contents

  1. CookieMatch
  2. HTTPVersionMatch
  3. HdrMatch
  4. HostHdrMatch
  5. IpAddr
  6. IpAddrMatch
  7. IpAddrPrefix
  8. IpAddrRange
  9. MatchTarget
  10. MethodMatch
  11. PathMatch
  12. PortMatch
  13. ProtocolMatch
  14. QueryMatch
  15. WafExcludeListEntry
  16. WafExclusionType
  17. WafLearning
  18. WafPolicy
  19. WafPolicyApiResponse
  20. WafPolicyWhitelist
  21. WafPolicyWhitelistRule
  22. WafPositiveSecurityModel
  23. WafRule
  24. WafRuleGroup

CookieMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching the cookie in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL.
name
String Name of the cookie.
value (optional)
String String value in the cookie.

HTTPVersionMatch Up

match_criteria
String Criterion to use for HTTP version matching the version used in the HTTP request. Enum options - IS_IN, IS_NOT_IN.
versions (optional)
array[String] HTTP protocol version. Enum options - ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO.

HdrMatch Up

hdr
String Name of the HTTP header whose value is to be matched.
match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching headers in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL.
value (optional)
array[String] String values to match in the HTTP header.

HostHdrMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for the host header value match. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL.
value (optional)
array[String] String value(s) in the host header.

IpAddr Up

addr
String IP address.
type
String Enum options - V4, DNS, V6.

IpAddrMatch Up

addrs (optional)
array[IpAddr] IP address(es).
group_refs (optional)
array[String] UUID of IP address group(s). It is a reference to an object of type IpAddrGroup.
match_criteria
String Criterion to use for IP address matching the HTTP request. Enum options - IS_IN, IS_NOT_IN.
prefixes (optional)
array[IpAddrPrefix] IP address prefix(es).
ranges (optional)
array[IpAddrRange] IP address range(s).

IpAddrPrefix Up

ip_addr
IpAddr Placeholder for description of property ip_addr of obj type IpAddrPrefix field type str type object
mask
Integer Number of mask. format: int32

IpAddrRange Up

begin
IpAddr Starting IP address of the range.
end
IpAddr Ending IP address of the range.

MatchTarget Up

client_ip (optional)
IpAddrMatch Configure client ip addresses.
cookie (optional)
CookieMatch Configure HTTP cookie(s).
hdrs (optional)
array[HdrMatch] Configure HTTP header(s).
host_hdr (optional)
HostHdrMatch Configure the host header.
method (optional)
MethodMatch Configure HTTP methods.
path (optional)
PathMatch Configure request paths.
protocol (optional)
ProtocolMatch Configure the type of HTTP protocol.
query (optional)
QueryMatch Configure request query.
version (optional)
HTTPVersionMatch Configure versions of the HTTP protocol.
vs_port (optional)
PortMatch Configure virtual service ports.

MethodMatch Up

match_criteria
String Criterion to use for HTTP method matching the method in the HTTP request. Enum options - IS_IN, IS_NOT_IN.
methods (optional)
array[String] Configure HTTP method(s). Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK.

PathMatch Up

match_case (optional)
String Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching the path in the HTTP request URI. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH.
match_str (optional)
array[String] String values.
string_group_refs (optional)
array[String] UUID of the string group(s). It is a reference to an object of type StringGroup.

PortMatch Up

match_criteria
String Criterion to use for port matching the HTTP request. Enum options - IS_IN, IS_NOT_IN.
ports (optional)
array[Integer] Listening TCP port(s). Allowed values are 1-65535.

ProtocolMatch Up

match_criteria
String Criterion to use for protocol matching the HTTP request. Enum options - IS_IN, IS_NOT_IN.
protocols
String HTTP or HTTPS protocol. Enum options - HTTP, HTTPS.

QueryMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching the query in HTTP request URI. Enum options - QUERY_MATCH_CONTAINS.
match_str (optional)
array[String] String value(s).
string_group_refs (optional)
array[String] UUID of the string group(s). It is a reference to an object of type StringGroup.

WafExcludeListEntry Up

client_subnet (optional)
IpAddrPrefix Client IP Subnet to exclude for WAF rules. Field introduced in 17.2.1.
description (optional)
String Free-text comment about this exclusion. Field introduced in 18.2.6.
match_element (optional)
String The match_element can be 'ARGS xxx', 'ARGS_GET xxx', 'ARGS_POST xxx', 'ARGS_NAMES xxx', 'FILES xxx', 'QUERY_STRING', 'REQUEST_BASENAME', 'REQUEST_BODY', 'REQUEST_URI', 'REQUEST_URI_RAW', 'REQUEST_COOKIES xxx', 'REQUEST_HEADERS xxx' or 'RESPONSE_HEADERS xxx'. These match_elements in the HTTP Transaction (if present) will be excluded when executing WAF Rules. Field introduced in 17.2.1.
match_element_criteria (optional)
WafExclusionType Criteria for match_element matching. Field introduced in 18.2.2.
uri_match_criteria (optional)
WafExclusionType Criteria for URI matching. Field introduced in 17.2.8.
uri_path (optional)
String URI Path to exclude for WAF rules. Field introduced in 17.2.1.

WafExclusionType Up

match_case
String Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE. Field introduced in 17.2.8.
match_op
String String Operation to use for matching the Exclusion. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Field introduced in 17.2.8.

WafLearning Up

arg_summarization_threshold (optional)
Integer Suffix Summarization threshold used to compress args. Allowed values are 3-255. Field deprecated in 18.2.3. Field introduced in 18.1.2. format: int32
confidence (optional)
Integer Confidence level used to derive rules from the WAF learning. Allowed values are 60-100. Field deprecated in 18.2.3. Field introduced in 18.1.2. format: int32
enable (optional)
Boolean Enable Learning for WAF policy. Field deprecated in 18.2.3. Field introduced in 18.1.2.
path_summarization_threshold (optional)
Integer Suffix Summarization threshold used to compress paths. Allowed values are 3-255. Field deprecated in 18.2.3. Field introduced in 18.1.2. format: int32
sampling_percent (optional)
Integer Sampling percent of the requests subjected to WAF learning. Allowed values are 1-100. Field deprecated in 18.2.3. Field introduced in 18.1.2. format: int32

WafPolicy Up

_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
allow_mode_delegation (optional)
Boolean Allow Rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1.
created_by (optional)
String Creator name. Field introduced in 17.2.4.
crs_groups (optional)
array[WafRuleGroup] WAF Rules are categorized in to groups based on their characterization. These groups are system created with CRS groups. Field introduced in 17.2.1.
description (optional)
String Field introduced in 17.2.1.
enable_app_learning (optional)
Boolean Enable Application Learning for this WAF policy. Field introduced in 18.2.3.
failure_mode (optional)
String WAF Policy failure mode. This can be 'Open' or 'Closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2.
learning (optional)
WafLearning Configure parameters for WAF learning. Field deprecated in 18.2.3. Field introduced in 18.1.2.
mode
String WAF Policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1.
name
String Field introduced in 17.2.1.
paranoia_level (optional)
String WAF Ruleset paranoia mode. This is used to select Rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1.
positive_security_model (optional)
WafPositiveSecurityModel The Positive Security Model. This is used to describe how the request or parts of the request should look like. It is executed in the Request Body Phase of Avi WAF. Field introduced in 18.2.3.
post_crs_groups (optional)
array[WafRuleGroup] WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the CRS groups. Field introduced in 17.2.1.
pre_crs_groups (optional)
array[WafRuleGroup] WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the CRS groups. Field introduced in 17.2.1.
tenant_ref (optional)
String It is a reference to an object of type Tenant. Field introduced in 17.2.1.
url (optional)
String url
uuid (optional)
String Field introduced in 17.2.1.
waf_crs_ref (optional)
String WAF core ruleset used for the CRS part of this Policy. It is a reference to an object of type WafCRS. Field introduced in 18.1.1.
waf_profile_ref
String WAF Profile for WAF policy. It is a reference to an object of type WafProfile. Field introduced in 17.2.1.
whitelist (optional)
WafPolicyWhitelist A set of rules which describe conditions under which the request will bypass the WAF. This will be executed in the request header phase before any other WAF related code. Field introduced in 18.2.3.

WafPolicyApiResponse Up

count
Integer format: int32
results

WafPolicyWhitelist Up

rules (optional)
array[WafPolicyWhitelistRule] Rules to bypass WAF. Field introduced in 18.2.3.

WafPolicyWhitelistRule Up

actions (optional)
array[String] Actions to be performed upon successful matching. Enum options - WAF_POLICY_WHITELIST_ACTION_ALLOW, WAF_POLICY_WHITELIST_ACTION_DETECTION_MODE, WAF_POLICY_WHITELIST_ACTION_CONTINUE. Field introduced in 18.2.3.
description (optional)
String Description of this rule. Field introduced in 18.2.3.
enable (optional)
Boolean Enable or disable the rule. Field introduced in 18.2.3.
index
Integer Rules are executed in order of this index field. Field introduced in 18.2.3. format: int32
match
MatchTarget Match criteria describing requests to which this rule should be applied. Field introduced in 18.2.3.
name
String A name describing the rule in a short form. Field introduced in 18.2.3.

WafPositiveSecurityModel Up

group_refs (optional)
array[String] These groups should be used to separate different levels of concern. The order of the groups matters, one group may mark parts of the request as valid, so that subsequent groups will not check these parts. It is a reference to an object of type WafPolicyPSMGroup. Field introduced in 18.2.3.

WafRule Up

enable
Boolean Enable or disable WAF Rule Group. Field introduced in 17.2.1.
exclude_list (optional)
array[WafExcludeListEntry] Exclude list for the WAF rule. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Field introduced in 17.2.3.
force_detection (optional)
Boolean When set to 'true', this rule will not cause 'deny' or 'redirect' actions to run, even if WAF Policy is set to enforcement mode. The behavior would be as if this rule operated in detection mode regardless of WAF Policy setting. Field deprecated in 18.1.5. Field introduced in 18.1.4.
index
Integer Field introduced in 17.2.1. format: int32
mode (optional)
String WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 18.1.5, 18.2.1.
name (optional)
String User-friendly optional name for a rule. Field introduced in 17.2.1.
rule
String Rule as per Modsec language. Field introduced in 17.2.1.
rule_id (optional)
String Identifier (id) for a rule per Modsec language. All SecRule and SecAction directives require an id. It is extracted from the id action in a ModSec rule. Rules within a single WAF Policy are required to have unique rule_ids. Field introduced in 17.2.2.
tags (optional)
array[String] Tags for WAF rule as per Modsec language. They are extracted from the tag action in a ModSec rule. Field introduced in 18.1.3.

WafRuleGroup Up

enable
Boolean Enable or disable WAF Rule Group. Field introduced in 17.2.1.
exclude_list (optional)
array[WafExcludeListEntry] Exclude list for the WAF rule group. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Field introduced in 17.2.1.
force_detection (optional)
Boolean When set to 'true', any rule in this group will not cause 'deny' or 'redirect' actions to run, even if WAF Policy is set to enforcement mode. The behavior would be as if this rule operated in detection mode regardless of WAF Policy setting. Field deprecated in 18.1.5. Field introduced in 18.1.4.
index
Integer Field introduced in 17.2.1. format: int32
name
String Field introduced in 17.2.1.
rules (optional)
array[WafRule] Rules as per Modsec language. Field introduced in 17.2.1.