OWASP

OWASP settings object used when configuring WAF.

Data model

allowed_http_versionsstringAllowed HTTP versions.
allowed_methodsstringA space-separated list of HTTP method names.
allowed_request_content_typestringAllowed request content types.
arg_lengthintegerThe maximum number of arguments allowed.
arg_name_lengthintegerThe maximum allowed argument name length.
combined_file_sizesintegerThe maximum allowed size of all files (in bytes).
created_atstringDate and time that the settings object was created.
critical_anomaly_scoreintegerScore value to add for critical anomalies.
crs_validate_utf8_encodingbooleanCRS validate UTF8 encoding.
error_anomaly_scoreintegerScore value to add for error anomalies.
high_risk_country_codesstringA space-separated list of country codes in ISO 3166-1 (two-letter) format.
http_violation_score_thresholdintegerHTTP violation threshold.
inbound_anomaly_score_thresholdintegerInbound anomaly threshold.
lfi_score_thresholdintegerLocal file inclusion attack threshold.
max_file_sizeintegerThe maximum allowed file size (in bytes).
max_num_argsintegerThe maximum number of arguments allowed.
notice_anomaly_scoreintegerScore value to add for notice anomalies.
paranoia_levelintegerThe configured paranoia level.
php_injection_score_thresholdintegerPHP injection threshold.
rce_score_thresholdintegerRemote code execution threshold.
restricted_extensionsstringA space-separated list of allowed file extensions.
restricted_headersstringA space-separated list of allowed header names.
rfi_score_thresholdintegerRemote file inclusion attack threshold.
session_fixation_score_thresholdintegerSession fixation attack threshold.
sql_injection_score_thresholdintegerSQL injection attack threshold.
total_arg_lengthintegerThe maximum size of argument names and values.
updated_atstringDate and time that the settings object was last updated.
warning_anomaly_scoreintegerScore value to add for warning anomalies.
xss_score_thresholdintegerXSS attack threshold.

Endpoints

Get the OWASP settings object

Deprecated

GET/service/service_id/wafs/firewall_id/owasp

Create an OWASP settings object

Deprecated

POST/service/service_id/wafs/firewall_id/owasp

Update the OWASP settings object

Deprecated

PATCH/service/service_id/wafs/firewall_id/owasp