Firewall versions

Firewall version objects contain all of the rules and settings for your WAF and remain empty until properly configured. To understand the behavior of thresholds and scores, see Managing rules. Newly created firewall versions are initiated without any associated rules. See Active Rules for details. Changes to your WAF's rules and settings can be made by cloning an existing firewall version, making the changes, and then activating the new firewall version.

Data model

activeBooleanWhether a specific firewall version is currently deployed. Read only.
active_rules_fastly_block_countIntegerThe number of active Fastly rules set to block. Read only.
active_rules_fastly_log_countIntegerThe number of active Fastly rules set to log. Read only.
active_rules_fastly_score_countIntegerThe number of active Fastly rules set to score. Read only.
active_rules_owasp_block_countIntegerThe number of active OWASP rules set to block. Read only.
active_rules_owasp_log_countIntegerThe number of active OWASP rules set to log. Read only.
active_rules_owasp_score_countIntegerThe number of active OWASP rules set to score. Read only.
active_rules_trustwave_block_countIntegerThe number of active Trustwave rules set to block. Read only.
active_rules_trustwave_log_countIntegerThe number of active Trustwave rules set to log. Read only.
allowed_http_versionsStringAllowed HTTP versions (default HTTP/1.0 HTTP/1.1 HTTP/2).
allowed_methodsStringA space-separated list of HTTP method names (default GET HEAD POST OPTIONS PUT PATCH DELETE).
allowed_request_content_typeStringAllowed request content types (default application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain).
allowed_request_content_type_charsetStringAllowed request content type charset (default utf-8|iso-8859-1|iso-8859-15|windows-1252).
arg_name_lengthIntegerThe maximum allowed argument name length (default 100).
arg_lengthIntegerThe maximum number of arguments allowed (default 400).
combined_file_sizesIntegerThe maximum allowed size of all files (in bytes, default 10000000).
commentStringA short version comment summarizing changes included in a specific firewall version.
created_atStringTime-stamp (GMT) when the firewall version was created. Read only.
critical_anomaly_scoreIntegerScore value to add for critical anomalies (default 6).
crs_validate_utf8_encodingBooleanCRS validate UTF8 encoding.
deployed_atStringTime-stamp (GMT) indicating when the firewall version was last deployed. Read only.
errorStringContains error message if the firewall version fails to deploy. Read only.
error_anomaly_scoreIntegerScore value to add for error anomalies (default 5).
high_risk_country_codesStringA space-separated list of country codes in ISO 3166-1 (two-letter) format.
http_violation_score_thresholdIntegerHTTP violation threshold.
inbound_anomaly_score_thresholdIntegerInbound anomaly threshold.
last_deployment_statusStringThe status of the last deployment of this firewall version. Read only.
nullThe firewall version has never been deployed.
pendingThe firewall version deployment is queued.
in progressThe firewall version is being deployed.
completedThe firewall version has successfully been deployed.
failedAn error happened processing your request. Check the errors field in the event of a failed status.
lfi_score_thresholdIntegerLocal file inclusion attack threshold.
lockedBooleanWhether a specific firewall version is locked from being modified (default false; updatable to true).
max_file_sizeIntegerThe maximum allowed file size, in bytes (default 10000000).
max_num_argsIntegerThe maximum number of arguments allowed (default 255).
notice_anomaly_scoreIntegerScore value to add for notice anomalies (default 4).
numberIntegerVersion number of firewall version object. Read only.
paranoia_levelIntegerThe configured paranoia level (default 1).
php_injection_score_thresholdIntegerPHP injection threshold.
rce_score_thresholdIntegerRemote code execution threshold.
restricted_extensionsStringA space-separated list of allowed file extensions (default .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx).
restricted_headersStringA space-separated list of allowed header names (default /proxy/ /lock-token/ /content-range/ /translate/ /if/).
rfi_score_thresholdIntegerRemote file inclusion attack threshold.
session_fixation_score_thresholdIntegerSession fixation attack threshold.
sql_injection_score_thresholdIntegerSQL injection attack threshold.
total_arg_lengthIntegerThe maximum size of argument names and values (default 6400).
warning_anomaly_scoreIntegerScore value to add for warning anomalies.
xss_score_thresholdIntegerXSS attack threshold.
updated_atStringTime-stamp (GMT) when the firewall version was last updated. Read only.

Endpoints

List firewall versions

GET/waf/firewalls/firewall_id/versions

Get a firewall version

GET/waf/firewalls/firewall_id/versions/number

Create a firewall version with default attributes

POST/waf/firewalls/firewall_id/versions

Create a firewall version with custom attributes

POST/waf/firewalls/firewall_id/versions

Update a firewall version

PATCH/waf/firewalls/firewall_id/versions/number

Lock a firewall version

PATCH/waf/firewalls/firewall_id/versions/number

Clone a firewall version

PUT/waf/firewalls/firewall_id/versions/number/clone

Deploy or activate a firewall version

PUT/waf/firewalls/firewall_id/versions/number/activate

User contributed notes

We welcome comments that add use cases, ideas, tips, and caveats. All comments will be moderated before publication. To post support questions, visit our support center and we'll find you the help you need.