OWASP
OWASP settings object used when configuring WAF.
Data model
allowed_http_versions | string | Allowed HTTP versions (default HTTP/1.0 HTTP/1.1 HTTP/2). |
allowed_methods | string | A space-separated list of HTTP method names (default GET HEAD POST OPTIONS PUT PATCH DELETE). |
allowed_request_content_type | string | Allowed request content types (default application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain). |
arg_length | integer | The maximum number of arguments allowed (default 400). |
arg_name_length | integer | The maximum allowed argument name length (default 100). |
combined_file_sizes | integer | The maximum allowed size of all files (in bytes, default 10000000). |
created_at | string | Date and time that the settings object was created. |
critical_anomaly_score | integer | Score value to add for critical anomalies (default 6). |
crs_validate_utf8_encoding | boolean | CRS validate UTF8 encoding. |
error_anomaly_score | integer | Score value to add for error anomalies (default 5). |
high_risk_country_codes | string | A space-separated list of country codes in ISO 3166-1 (two-letter) format. |
http_violation_score_threshold | integer | HTTP violation threshold. |
inbound_anomaly_score_threshold | integer | Inbound anomaly threshold. |
lfi_score_threshold | integer | Local file inclusion attack threshold. |
max_file_size | integer | The maximum allowed file size (in bytes, default 10000000). |
max_num_args | integer | The maximum number of arguments allowed (default 255). |
notice_anomaly_score | integer | Score value to add for notice anomalies (default 4). |
paranoia_level | integer | The configured paranoia level (default 1). |
php_injection_score_threshold | integer | PHP injection threshold. |
rce_score_threshold | integer | Remote code execution threshold. |
restricted_extensions | string | A space-separated list of allowed file extensions (default .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx). |
restricted_headers | string | A space-separated list of allowed header names (default /proxy/ /lock-token/ /content-range/ /translate/ /if/). |
rfi_score_threshold | integer | Remote file inclusion attack threshold. |
session_fixation_score_threshold | integer | Session fixation attack threshold. |
sql_injection_score_threshold | integer | SQL injection attack threshold. |
total_arg_length | integer | The maximum size of argument names and values (default 6400). |
updated_at | string | Date and time that the settings object was last updated. |
warning_anomaly_score | integer | Score value to add for warning anomalies. |
xss_score_threshold | integer | XSS attack threshold. |