OWASP settings object used when configuring WAF.

Data model

allowed_http_versionsstringAllowed HTTP versions (default HTTP/1.0 HTTP/1.1 HTTP/2).
allowed_methodsstringA space-separated list of HTTP method names (default GET HEAD POST OPTIONS PUT PATCH DELETE).
allowed_request_content_typestringAllowed request content types (default application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain).
arg_lengthintegerThe maximum number of arguments allowed (default 400).
arg_name_lengthintegerThe maximum allowed argument name length (default 100).
combined_file_sizesintegerThe maximum allowed size of all files (in bytes, default 10000000).
created_atstringDate and time that the settings object was created.
critical_anomaly_scoreintegerScore value to add for critical anomalies (default 6).
crs_validate_utf8_encodingbooleanCRS validate UTF8 encoding.
error_anomaly_scoreintegerScore value to add for error anomalies (default 5).
high_risk_country_codesstringA space-separated list of country codes in ISO 3166-1 (two-letter) format.
http_violation_score_thresholdintegerHTTP violation threshold.
inbound_anomaly_score_thresholdintegerInbound anomaly threshold.
lfi_score_thresholdintegerLocal file inclusion attack threshold.
max_file_sizeintegerThe maximum allowed file size (in bytes, default 10000000).
max_num_argsintegerThe maximum number of arguments allowed (default 255).
notice_anomaly_scoreintegerScore value to add for notice anomalies (default 4).
paranoia_levelintegerThe configured paranoia level (default 1).
php_injection_score_thresholdintegerPHP injection threshold.
rce_score_thresholdintegerRemote code execution threshold.
restricted_extensionsstringA space-separated list of allowed file extensions (default .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx).
restricted_headersstringA space-separated list of allowed header names (default /proxy/ /lock-token/ /content-range/ /translate/ /if/).
rfi_score_thresholdintegerRemote file inclusion attack threshold.
session_fixation_score_thresholdintegerSession fixation attack threshold.
sql_injection_score_thresholdintegerSQL injection attack threshold.
total_arg_lengthintegerThe maximum size of argument names and values (default 6400).
updated_atstringDate and time that the settings object was last updated.
warning_anomaly_scoreintegerScore value to add for warning anomalies.
xss_score_thresholdintegerXSS attack threshold.


Get the OWASP settings object


Create an OWASP settings object


Update the OWASP settings object