Active rules

An active rule represents a rule revision added to a particular firewall version.

Data model

allowed_http_versionsstringAllowed HTTP versions. [Default HTTP/1.0 HTTP/1.1 HTTP/2]
allowed_methodsstringA space-separated list of HTTP method names. [Default GET HEAD POST OPTIONS PUT PATCH DELETE]
allowed_request_content_typestringAllowed request content types. [Default application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain]
allowed_request_content_type_charsetstringAllowed request content type charset. [Default utf-8|iso-8859-1|iso-8859-15|windows-1252]
arg_lengthintegerThe maximum number of arguments allowed. [Default 400]
arg_name_lengthintegerThe maximum allowed argument name length. [Default 100]
attributesobject
combined_file_sizesintegerThe maximum allowed size of all files (in bytes). [Default 10000000]
commentstringA freeform descriptive note.
critical_anomaly_scoreintegerScore value to add for critical anomalies. [Default 6]
crs_validate_utf8_encodingbooleanCRS validate UTF8 encoding.
error_anomaly_scoreintegerScore value to add for error anomalies. [Default 5]
high_risk_country_codesstringA space-separated list of country codes in ISO 3166-1 (two-letter) format.
http_violation_score_thresholdintegerHTTP violation threshold.
idstringAlphanumeric string identifying a WAF rule revision.
inbound_anomaly_score_thresholdintegerInbound anomaly threshold.
lfi_score_thresholdintegerLocal file inclusion attack threshold.
lockedbooleanWhether a specific firewall version is locked from being modified. [Default false]
max_file_sizeintegerThe maximum allowed file size, in bytes. [Default 10000000]
max_num_argsintegerThe maximum number of arguments allowed. [Default 255]
notice_anomaly_scoreintegerScore value to add for notice anomalies. [Default 4]
numberintegerInteger identifying a WAF firewall version.
paranoia_levelintegerThe configured paranoia level. [Default 1]
php_injection_score_thresholdintegerPHP injection threshold.
rce_score_thresholdintegerRemote code execution threshold.
restricted_extensionsstringA space-separated list of allowed file extensions. [Default .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx]
restricted_headersstringA space-separated list of allowed header names. [Default /proxy/ /lock-token/ /content-range/ /translate/ /if/]
rfi_score_thresholdintegerRemote file inclusion attack threshold.
session_fixation_score_thresholdintegerSession fixation attack threshold.
sql_injection_score_thresholdintegerSQL injection attack threshold.
total_arg_lengthintegerThe maximum size of argument names and values. [Default 6400]
typestringResource type. [Default waf_firewall_version]
warning_anomaly_scoreintegerScore value to add for warning anomalies.
xss_score_thresholdintegerXSS attack threshold.
waf_firewall_versionobject
waf_rule_revisionsobject
modsec_rule_idintegerThe ModSecurity rule ID of the associated rule revision.
relationships.waf_firewall_version.idstringAlphanumeric string identifying a Firewall version.
relationships.waf_rule_revisions.idstringAlphanumeric string identifying a WAF rule revision.
statusstringDescribes the behavior for the particular rule revision within this firewall version.
created_atstringDate and time in ISO 8601 format.
deleted_atstringDate and time in ISO 8601 format.
latest_revisionintegerThe latest rule revision number that is available for the associated rule revision.
outdatedbooleanIndicates if the associated rule revision is up to date or not.
updated_atstringDate and time in ISO 8601 format.

Endpoints

List active rules on a WAF

Deprecated

GET/waf/firewalls/firewall_id/versions/version_id/active-rules

Add a rule to a WAF as an active rule

Deprecated

POST/waf/firewalls/firewall_id/versions/version_id/active-rules

Delete multiple active rules from a WAF

Deprecated

DELETE/waf/firewalls/firewall_id/versions/version_id/active-rules

Get an active WAF rule object

Deprecated

GET/waf/firewalls/firewall_id/versions/version_id/active-rules/waf_rule_id

Delete an active rule

Deprecated

DELETE/waf/firewalls/firewall_id/versions/version_id/active-rules/waf_rule_id

Update an active rule

Deprecated

PATCH/waf/firewalls/firewall_id/versions/version_id/active-rules/waf_rule_id

Update multiple active rules

Deprecated

PATCH/waf/firewalls/firewall_id/versions/version_id/active-rules/bulk

Create active rules by tag

Deprecated

POST/waf/firewalls/firewall_id/versions/version_id/tags/waf_tag_name/active-rules