Avi WafPolicy Object API

CLI ``` - configure wafpolicy - show wafpolicy ```
More information: https://avinetworks.com/contact-us
Contact Info: support@avinetworks.com
Version: 20.1.2
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html

Access

  1. HTTP Basic Authentication

Methods

[ Jump to Models ]

Table of Contents

  1. get /wafpolicy
  2. post /wafpolicy
  3. delete /wafpolicy/{uuid}
  4. get /wafpolicy/{uuid}
  5. patch /wafpolicy/{uuid}
  6. put /wafpolicy/{uuid}
Up
get /wafpolicy
(wafpolicyGet)

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

WafPolicyApiResponse

Example data

Content-Type: application/json
{
  "next" : "aeiou",
  "count" : 123,
  "results" : [ {
    "description" : "aeiou",
    "learning" : {
      "arg_summarization_threshold" : 123,
      "enable" : true,
      "confidence" : 123,
      "sampling_percent" : 123,
      "path_summarization_threshold" : 123
    },
    "allow_mode_delegation" : true,
    "uuid" : "aeiou",
    "_last_modified" : "aeiou",
    "mode" : "aeiou",
    "learning_params" : {
      "enable_per_uri_learning" : true,
      "min_hits_to_learn" : 123456789,
      "max_uris" : 123,
      "update_interval" : 123,
      "sampling_percent" : 123,
      "max_params" : 123
    },
    "post_crs_groups" : [ "" ],
    "min_confidence" : "aeiou",
    "waf_crs_ref" : "aeiou",
    "failure_mode" : "aeiou",
    "waf_profile_ref" : "aeiou",
    "positive_security_model" : {
      "group_refs" : [ "aeiou" ]
    },
    "pre_crs_groups" : [ "" ],
    "enable_auto_rule_updates" : true,
    "application_signatures" : {
      "ruleset_version" : "aeiou",
      "rules" : [ {
        "mode" : "aeiou",
        "phase" : "aeiou",
        "rule_id" : "aeiou",
        "force_detection" : true,
        "enable" : true,
        "is_sensitive" : true,
        "name" : "aeiou",
        "index" : 123,
        "rule" : "aeiou",
        "exclude_list" : [ {
          "client_subnet" : {
            "ip_addr" : {
              "addr" : "aeiou",
              "type" : "aeiou"
            },
            "mask" : 123
          },
          "match_element" : "aeiou",
          "uri_path" : "aeiou",
          "uri_match_criteria" : "",
          "match_element_criteria" : {
            "match_op" : "aeiou",
            "match_case" : "aeiou"
          },
          "description" : "aeiou"
        } ],
        "tags" : [ "aeiou" ]
      } ],
      "provider_ref" : "aeiou",
      "selected_applications" : [ "aeiou" ]
    },
    "whitelist" : {
      "rules" : [ {
        "enable" : true,
        "sampling_percent" : 123,
        "match" : {
          "path" : {
            "match_criteria" : "aeiou",
            "string_group_refs" : [ "aeiou" ],
            "match_str" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "protocol" : {
            "match_criteria" : "aeiou",
            "protocols" : "aeiou"
          },
          "cookie" : {
            "match_criteria" : "aeiou",
            "name" : "aeiou",
            "value" : "aeiou",
            "match_case" : "aeiou"
          },
          "method" : {
            "match_criteria" : "aeiou",
            "methods" : [ "aeiou" ]
          },
          "host_hdr" : {
            "match_criteria" : "aeiou",
            "value" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "query" : {
            "match_criteria" : "aeiou",
            "string_group_refs" : [ "aeiou" ],
            "match_str" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "vs_port" : {
            "match_criteria" : "aeiou",
            "ports" : [ "" ]
          },
          "client_ip" : {
            "group_refs" : [ "aeiou" ],
            "match_criteria" : "aeiou",
            "prefixes" : [ "" ],
            "ranges" : [ {
              "end" : "",
              "begin" : ""
            } ],
            "addrs" : [ "" ]
          },
          "hdrs" : [ {
            "match_criteria" : "aeiou",
            "hdr" : "aeiou",
            "value" : [ "aeiou" ],
            "match_case" : "aeiou"
          } ],
          "version" : {
            "match_criteria" : "aeiou",
            "versions" : [ "aeiou" ]
          }
        },
        "name" : "aeiou",
        "description" : "aeiou",
        "index" : 123,
        "actions" : [ "aeiou" ]
      } ]
    },
    "created_by" : "aeiou",
    "confidence_override" : {
      "confid_probable_value" : 123,
      "confid_low_value" : 123,
      "confid_very_high_value" : 123,
      "confid_high_value" : 123
    },
    "url" : "aeiou",
    "enable_regex_learning" : true,
    "labels" : [ {
      "value" : "aeiou",
      "key" : "aeiou"
    } ],
    "tenant_ref" : "aeiou",
    "name" : "aeiou",
    "crs_groups" : [ {
      "force_detection" : true,
      "enable" : true,
      "name" : "aeiou",
      "index" : 123,
      "rules" : [ "" ],
      "exclude_list" : [ "" ]
    } ],
    "enable_app_learning" : true,
    "paranoia_level" : "aeiou"
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicyApiResponse

401

log in failed

Up
post /wafpolicy
(wafpolicyPost)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — WafPolicy object creation

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "allow_mode_delegation" : true,
  "uuid" : "aeiou",
  "_last_modified" : "aeiou",
  "mode" : "aeiou",
  "learning_params" : {
    "enable_per_uri_learning" : true,
    "min_hits_to_learn" : 123456789,
    "max_uris" : 123,
    "update_interval" : 123,
    "sampling_percent" : 123,
    "max_params" : 123
  },
  "post_crs_groups" : [ "" ],
  "min_confidence" : "aeiou",
  "waf_crs_ref" : "aeiou",
  "failure_mode" : "aeiou",
  "waf_profile_ref" : "aeiou",
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "enable_auto_rule_updates" : true,
  "application_signatures" : {
    "ruleset_version" : "aeiou",
    "rules" : [ {
      "mode" : "aeiou",
      "phase" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "is_sensitive" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ {
        "client_subnet" : {
          "ip_addr" : {
            "addr" : "aeiou",
            "type" : "aeiou"
          },
          "mask" : 123
        },
        "match_element" : "aeiou",
        "uri_path" : "aeiou",
        "uri_match_criteria" : "",
        "match_element_criteria" : {
          "match_op" : "aeiou",
          "match_case" : "aeiou"
        },
        "description" : "aeiou"
      } ],
      "tags" : [ "aeiou" ]
    } ],
    "provider_ref" : "aeiou",
    "selected_applications" : [ "aeiou" ]
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ "" ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ "" ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "created_by" : "aeiou",
  "confidence_override" : {
    "confid_probable_value" : 123,
    "confid_low_value" : 123,
    "confid_very_high_value" : 123,
    "confid_high_value" : 123
  },
  "url" : "aeiou",
  "enable_regex_learning" : true,
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "enable_app_learning" : true,
  "paranoia_level" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up
delete /wafpolicy/{uuid}
(wafpolicyUuidDelete)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name

Return type

String

Example data

Content-Type: application/json
"aeiou"

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

204

object deleted String

404

not found

Up
get /wafpolicy/{uuid}
(wafpolicyUuidGet)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "allow_mode_delegation" : true,
  "uuid" : "aeiou",
  "_last_modified" : "aeiou",
  "mode" : "aeiou",
  "learning_params" : {
    "enable_per_uri_learning" : true,
    "min_hits_to_learn" : 123456789,
    "max_uris" : 123,
    "update_interval" : 123,
    "sampling_percent" : 123,
    "max_params" : 123
  },
  "post_crs_groups" : [ "" ],
  "min_confidence" : "aeiou",
  "waf_crs_ref" : "aeiou",
  "failure_mode" : "aeiou",
  "waf_profile_ref" : "aeiou",
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "enable_auto_rule_updates" : true,
  "application_signatures" : {
    "ruleset_version" : "aeiou",
    "rules" : [ {
      "mode" : "aeiou",
      "phase" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "is_sensitive" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ {
        "client_subnet" : {
          "ip_addr" : {
            "addr" : "aeiou",
            "type" : "aeiou"
          },
          "mask" : 123
        },
        "match_element" : "aeiou",
        "uri_path" : "aeiou",
        "uri_match_criteria" : "",
        "match_element_criteria" : {
          "match_op" : "aeiou",
          "match_case" : "aeiou"
        },
        "description" : "aeiou"
      } ],
      "tags" : [ "aeiou" ]
    } ],
    "provider_ref" : "aeiou",
    "selected_applications" : [ "aeiou" ]
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ "" ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ "" ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "created_by" : "aeiou",
  "confidence_override" : {
    "confid_probable_value" : 123,
    "confid_low_value" : 123,
    "confid_very_high_value" : 123,
    "confid_high_value" : 123
  },
  "url" : "aeiou",
  "enable_regex_learning" : true,
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "enable_app_learning" : true,
  "paranoia_level" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up
patch /wafpolicy/{uuid}
(wafpolicyUuidPatch)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — WafPolicy object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "allow_mode_delegation" : true,
  "uuid" : "aeiou",
  "_last_modified" : "aeiou",
  "mode" : "aeiou",
  "learning_params" : {
    "enable_per_uri_learning" : true,
    "min_hits_to_learn" : 123456789,
    "max_uris" : 123,
    "update_interval" : 123,
    "sampling_percent" : 123,
    "max_params" : 123
  },
  "post_crs_groups" : [ "" ],
  "min_confidence" : "aeiou",
  "waf_crs_ref" : "aeiou",
  "failure_mode" : "aeiou",
  "waf_profile_ref" : "aeiou",
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "enable_auto_rule_updates" : true,
  "application_signatures" : {
    "ruleset_version" : "aeiou",
    "rules" : [ {
      "mode" : "aeiou",
      "phase" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "is_sensitive" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ {
        "client_subnet" : {
          "ip_addr" : {
            "addr" : "aeiou",
            "type" : "aeiou"
          },
          "mask" : 123
        },
        "match_element" : "aeiou",
        "uri_path" : "aeiou",
        "uri_match_criteria" : "",
        "match_element_criteria" : {
          "match_op" : "aeiou",
          "match_case" : "aeiou"
        },
        "description" : "aeiou"
      } ],
      "tags" : [ "aeiou" ]
    } ],
    "provider_ref" : "aeiou",
    "selected_applications" : [ "aeiou" ]
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ "" ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ "" ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "created_by" : "aeiou",
  "confidence_override" : {
    "confid_probable_value" : 123,
    "confid_low_value" : 123,
    "confid_very_high_value" : 123,
    "confid_high_value" : 123
  },
  "url" : "aeiou",
  "enable_regex_learning" : true,
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "enable_app_learning" : true,
  "paranoia_level" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up
put /wafpolicy/{uuid}
(wafpolicyUuidPut)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — WafPolicy object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

WafPolicy

Example data

Content-Type: application/json
{
  "description" : "aeiou",
  "learning" : {
    "arg_summarization_threshold" : 123,
    "enable" : true,
    "confidence" : 123,
    "sampling_percent" : 123,
    "path_summarization_threshold" : 123
  },
  "allow_mode_delegation" : true,
  "uuid" : "aeiou",
  "_last_modified" : "aeiou",
  "mode" : "aeiou",
  "learning_params" : {
    "enable_per_uri_learning" : true,
    "min_hits_to_learn" : 123456789,
    "max_uris" : 123,
    "update_interval" : 123,
    "sampling_percent" : 123,
    "max_params" : 123
  },
  "post_crs_groups" : [ "" ],
  "min_confidence" : "aeiou",
  "waf_crs_ref" : "aeiou",
  "failure_mode" : "aeiou",
  "waf_profile_ref" : "aeiou",
  "positive_security_model" : {
    "group_refs" : [ "aeiou" ]
  },
  "pre_crs_groups" : [ "" ],
  "enable_auto_rule_updates" : true,
  "application_signatures" : {
    "ruleset_version" : "aeiou",
    "rules" : [ {
      "mode" : "aeiou",
      "phase" : "aeiou",
      "rule_id" : "aeiou",
      "force_detection" : true,
      "enable" : true,
      "is_sensitive" : true,
      "name" : "aeiou",
      "index" : 123,
      "rule" : "aeiou",
      "exclude_list" : [ {
        "client_subnet" : {
          "ip_addr" : {
            "addr" : "aeiou",
            "type" : "aeiou"
          },
          "mask" : 123
        },
        "match_element" : "aeiou",
        "uri_path" : "aeiou",
        "uri_match_criteria" : "",
        "match_element_criteria" : {
          "match_op" : "aeiou",
          "match_case" : "aeiou"
        },
        "description" : "aeiou"
      } ],
      "tags" : [ "aeiou" ]
    } ],
    "provider_ref" : "aeiou",
    "selected_applications" : [ "aeiou" ]
  },
  "whitelist" : {
    "rules" : [ {
      "enable" : true,
      "sampling_percent" : 123,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "protocol" : {
          "match_criteria" : "aeiou",
          "protocols" : "aeiou"
        },
        "cookie" : {
          "match_criteria" : "aeiou",
          "name" : "aeiou",
          "value" : "aeiou",
          "match_case" : "aeiou"
        },
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "query" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "vs_port" : {
          "match_criteria" : "aeiou",
          "ports" : [ "" ]
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ "" ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ "" ]
        },
        "hdrs" : [ {
          "match_criteria" : "aeiou",
          "hdr" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        } ],
        "version" : {
          "match_criteria" : "aeiou",
          "versions" : [ "aeiou" ]
        }
      },
      "name" : "aeiou",
      "description" : "aeiou",
      "index" : 123,
      "actions" : [ "aeiou" ]
    } ]
  },
  "created_by" : "aeiou",
  "confidence_override" : {
    "confid_probable_value" : 123,
    "confid_low_value" : 123,
    "confid_very_high_value" : 123,
    "confid_high_value" : 123
  },
  "url" : "aeiou",
  "enable_regex_learning" : true,
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "crs_groups" : [ {
    "force_detection" : true,
    "enable" : true,
    "name" : "aeiou",
    "index" : 123,
    "rules" : [ "" ],
    "exclude_list" : [ "" ]
  } ],
  "enable_app_learning" : true,
  "paranoia_level" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK WafPolicy

401

log in failed

Up

Models

[ Jump to Methods ]

Table of Contents

  1. AppLearningConfidenceOverride
  2. AppLearningParams
  3. CookieMatch
  4. HTTPVersionMatch
  5. HdrMatch
  6. HostHdrMatch
  7. IpAddr
  8. IpAddrMatch
  9. IpAddrPrefix
  10. IpAddrRange
  11. KeyValue
  12. MatchTarget
  13. MethodMatch
  14. PathMatch
  15. PortMatch
  16. ProtocolMatch
  17. QueryMatch
  18. WafApplicationSignatures
  19. WafExcludeListEntry
  20. WafExclusionType
  21. WafLearning
  22. WafPolicy
  23. WafPolicyApiResponse
  24. WafPolicyWhitelist
  25. WafPolicyWhitelistRule
  26. WafPositiveSecurityModel
  27. WafRule
  28. WafRuleGroup

AppLearningConfidenceOverride Up

confid_high_value (optional)
Integer Confidence threshold for label CONFIDENCE_HIGH. Field introduced in 18.2.3. format: int32
confid_low_value (optional)
Integer Confidence threshold for label CONFIDENCE_LOW. Field introduced in 18.2.3. format: int32
confid_probable_value (optional)
Integer Confidence threshold for label CONFIDENCE_PROBABLE. Field introduced in 18.2.3. format: int32
confid_very_high_value (optional)
Integer Confidence threshold for label CONFIDENCE_VERY_HIGH. Field introduced in 18.2.3. format: int32

AppLearningParams Up

enable_per_uri_learning (optional)
Boolean Learn the params per URI path. Field introduced in 18.2.3.
max_params (optional)
Integer Maximum number of params to learn for an application. Allowed values are 10-1000. Field introduced in 18.2.3. format: int32
max_uris (optional)
Integer Maximum number of URI paths to learn for an application. Allowed values are 10-10000. Field introduced in 18.2.3. format: int32
min_hits_to_learn (optional)
Long Minimum number of occurances required for a Param to qualify for learning. Field introduced in 18.2.5. format: int64
sampling_percent (optional)
Integer Percent of the requests subjected to Application learning. Allowed values are 1-100. Field introduced in 18.2.3. Unit is PERCENT. format: int32
update_interval (optional)
Integer Frequency with which SE publishes Application learning data to controller. Allowed values are 1-10080. Field introduced in 18.2.3. Unit is MIN. format: int32

CookieMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching the cookie in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL.
name
String Name of the cookie.
value (optional)
String String value in the cookie.

HTTPVersionMatch Up

match_criteria
String Criterion to use for HTTP version matching the version used in the HTTP request. Enum options - IS_IN, IS_NOT_IN.
versions (optional)
array[String] HTTP protocol version. Enum options - ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO.

HdrMatch Up

hdr
String Name of the HTTP header whose value is to be matched.
match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching headers in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL.
value (optional)
array[String] String values to match in the HTTP header.

HostHdrMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for the host header value match. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL.
value (optional)
array[String] String value(s) in the host header.

IpAddr Up

addr
String IP address.
type
String Enum options - V4, DNS, V6.

IpAddrMatch Up

addrs (optional)
array[IpAddr] IP address(es).
group_refs (optional)
array[String] UUID of IP address group(s). It is a reference to an object of type IpAddrGroup.
match_criteria
String Criterion to use for IP address matching the HTTP request. Enum options - IS_IN, IS_NOT_IN.
prefixes (optional)
array[IpAddrPrefix] IP address prefix(es).
ranges (optional)
array[IpAddrRange] IP address range(s).

IpAddrPrefix Up

ip_addr
IpAddr Placeholder for description of property ip_addr of obj type IpAddrPrefix field type str type object
mask
Integer Number of mask. format: int32

IpAddrRange Up

begin
IpAddr Starting IP address of the range.
end
IpAddr Ending IP address of the range.

KeyValue Up

key
String Key.
value (optional)
String Value.

MatchTarget Up

client_ip (optional)
IpAddrMatch Configure client ip addresses.
cookie (optional)
CookieMatch Configure HTTP cookie(s).
hdrs (optional)
array[HdrMatch] Configure HTTP header(s).
host_hdr (optional)
HostHdrMatch Configure the host header.
method (optional)
MethodMatch Configure HTTP methods.
path (optional)
PathMatch Configure request paths.
protocol (optional)
ProtocolMatch Configure the type of HTTP protocol.
query (optional)
QueryMatch Configure request query.
version (optional)
HTTPVersionMatch Configure versions of the HTTP protocol.
vs_port (optional)
PortMatch Configure virtual service ports.

MethodMatch Up

match_criteria
String Criterion to use for HTTP method matching the method in the HTTP request. Enum options - IS_IN, IS_NOT_IN.
methods (optional)
array[String] Configure HTTP method(s). Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK.

PathMatch Up

match_case (optional)
String Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching the path in the HTTP request URI. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH.
match_str (optional)
array[String] String values.
string_group_refs (optional)
array[String] UUID of the string group(s). It is a reference to an object of type StringGroup.

PortMatch Up

match_criteria
String Criterion to use for port matching the HTTP request. Enum options - IS_IN, IS_NOT_IN.
ports (optional)
array[Integer] Listening TCP port(s). Allowed values are 1-65535.

ProtocolMatch Up

match_criteria
String Criterion to use for protocol matching the HTTP request. Enum options - IS_IN, IS_NOT_IN.
protocols
String HTTP or HTTPS protocol. Enum options - HTTP, HTTPS.

QueryMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE.
match_criteria
String Criterion to use for matching the query in HTTP request URI. Enum options - QUERY_MATCH_CONTAINS.
match_str (optional)
array[String] String value(s).
string_group_refs (optional)
array[String] UUID of the string group(s). It is a reference to an object of type StringGroup.

WafApplicationSignatures Up

provider_ref
String The external provide for the rules. It is a reference to an object of type WafApplicationSignatureProvider. Field introduced in 20.1.1.
rules (optional)
array[WafRule] The active application specific rules. You can change attributes like enabled, waf mode and exclusions, but not the rules itself. To change the rules, you can change the tags or the rule provider. Field introduced in 20.1.1.
ruleset_version (optional)
String The version in use of the provided ruleset. Field introduced in 20.1.1.
selected_applications (optional)
array[String] List of applications for which we use the rules from the WafApplicationSignatureProvider. Field introduced in 20.1.1.

WafExcludeListEntry Up

client_subnet (optional)
IpAddrPrefix Client IP Subnet to exclude for WAF rules. Field introduced in 17.2.1.
description (optional)
String Free-text comment about this exclusion. Field introduced in 18.2.6.
match_element (optional)
String The match_element can be 'ARGS xxx', 'ARGS_GET xxx', 'ARGS_POST xxx', 'ARGS_NAMES xxx', 'FILES xxx', 'QUERY_STRING', 'REQUEST_BASENAME', 'REQUEST_BODY', 'REQUEST_URI', 'REQUEST_URI_RAW', 'REQUEST_COOKIES xxx', 'REQUEST_HEADERS xxx' or 'RESPONSE_HEADERS xxx'. These match_elements in the HTTP Transaction (if present) will be excluded when executing WAF Rules. Field introduced in 17.2.1.
match_element_criteria (optional)
WafExclusionType Criteria for match_element matching. Field introduced in 18.2.2.
uri_match_criteria (optional)
WafExclusionType Criteria for URI matching. Field introduced in 17.2.8.
uri_path (optional)
String URI Path to exclude for WAF rules. Field introduced in 17.2.1.

WafExclusionType Up

match_case
String Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE. Field introduced in 17.2.8.
match_op
String String Operation to use for matching the Exclusion. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Field introduced in 17.2.8.

WafLearning Up

arg_summarization_threshold (optional)
Integer Suffix Summarization threshold used to compress args. Allowed values are 3-255. Field deprecated in 18.2.3. Field introduced in 18.1.2. format: int32
confidence (optional)
Integer Confidence level used to derive rules from the WAF learning. Allowed values are 60-100. Field deprecated in 18.2.3. Field introduced in 18.1.2. Unit is PERCENT. format: int32
enable (optional)
Boolean Enable Learning for WAF policy. Field deprecated in 18.2.3. Field introduced in 18.1.2.
path_summarization_threshold (optional)
Integer Suffix Summarization threshold used to compress paths. Allowed values are 3-255. Field deprecated in 18.2.3. Field introduced in 18.1.2. format: int32
sampling_percent (optional)
Integer Sampling percent of the requests subjected to WAF learning. Allowed values are 1-100. Field deprecated in 18.2.3. Field introduced in 18.1.2. Unit is PERCENT. format: int32

WafPolicy Up

_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
allow_mode_delegation (optional)
Boolean Allow Rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1.
application_signatures (optional)
WafApplicationSignatures Application Specific Signatures. Field introduced in 20.1.1.
confidence_override (optional)
AppLearningConfidenceOverride Configure thresholds for confidence labels. Field introduced in 20.1.1.
created_by (optional)
String Creator name. Field introduced in 17.2.4.
crs_groups (optional)
array[WafRuleGroup] WAF Rules are categorized in to groups based on their characterization. These groups are system created with CRS groups. Field introduced in 17.2.1.
description (optional)
String Field introduced in 17.2.1.
enable_app_learning (optional)
Boolean Enable Application Learning for this WAF policy. Field introduced in 18.2.3.
enable_auto_rule_updates (optional)
Boolean Enable Application Learning based rule updates on the WAF Profile. Rules will be programmed in dedicated WAF learning group. Field introduced in 20.1.1.
enable_regex_learning (optional)
Boolean Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1.
failure_mode (optional)
String WAF Policy failure mode. This can be 'Open' or 'Closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2.
labels (optional)
array[KeyValue] Key value pairs for granular object access control. Also allows for classification and tagging of similar objects. Field introduced in 20.1.2.
learning (optional)
WafLearning Configure parameters for WAF learning. Field deprecated in 18.2.3. Field introduced in 18.1.2.
learning_params (optional)
AppLearningParams Parameters for tuning Application learning. Field introduced in 20.1.1.
min_confidence (optional)
String Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1.
mode
String WAF Policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1.
name
String Field introduced in 17.2.1.
paranoia_level (optional)
String WAF Ruleset paranoia mode. This is used to select Rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1.
positive_security_model (optional)
WafPositiveSecurityModel The Positive Security Model. This is used to describe how the request or parts of the request should look like. It is executed in the Request Body Phase of Avi WAF. Field introduced in 18.2.3.
post_crs_groups (optional)
array[WafRuleGroup] WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the CRS groups. Field introduced in 17.2.1.
pre_crs_groups (optional)
array[WafRuleGroup] WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the CRS groups. Field introduced in 17.2.1.
tenant_ref (optional)
String It is a reference to an object of type Tenant. Field introduced in 17.2.1.
url (optional)
String url
uuid (optional)
String Field introduced in 17.2.1.
waf_crs_ref (optional)
String WAF core ruleset used for the CRS part of this Policy. It is a reference to an object of type WafCRS. Field introduced in 18.1.1.
waf_profile_ref
String WAF Profile for WAF policy. It is a reference to an object of type WafProfile. Field introduced in 17.2.1.
whitelist (optional)
WafPolicyWhitelist A set of rules which describe conditions under which the request will bypass the WAF. This will be executed in the request header phase before any other WAF related code. Field introduced in 18.2.3.

WafPolicyApiResponse Up

count
Integer format: int32
results
next (optional)

WafPolicyWhitelist Up

rules (optional)
array[WafPolicyWhitelistRule] Rules to bypass WAF. Field introduced in 18.2.3.

WafPolicyWhitelistRule Up

actions (optional)
array[String] Actions to be performed upon successful matching. Enum options - WAF_POLICY_WHITELIST_ACTION_ALLOW, WAF_POLICY_WHITELIST_ACTION_DETECTION_MODE, WAF_POLICY_WHITELIST_ACTION_CONTINUE. Field introduced in 18.2.3.
description (optional)
String Description of this rule. Field introduced in 18.2.3.
enable (optional)
Boolean Enable or disable the rule. Field introduced in 18.2.3.
index
Integer Rules are executed in order of this index field. Field introduced in 18.2.3. format: int32
match
MatchTarget Match criteria describing requests to which this rule should be applied. Field introduced in 18.2.3.
name
String A name describing the rule in a short form. Field introduced in 18.2.3.
sampling_percent (optional)
Integer Percentage of traffic that is sampled. Allowed values are 0-100. Field introduced in 20.1.1. Unit is PERCENT. format: int32

WafPositiveSecurityModel Up

group_refs (optional)
array[String] These groups should be used to separate different levels of concern. The order of the groups matters, one group may mark parts of the request as valid, so that subsequent groups will not check these parts. It is a reference to an object of type WafPolicyPSMGroup. Field introduced in 18.2.3.

WafRule Up

enable
Boolean Enable or disable WAF Rule Group. Field introduced in 17.2.1.
exclude_list (optional)
array[WafExcludeListEntry] Exclude list for the WAF rule. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Field introduced in 17.2.3.
force_detection (optional)
Boolean When set to 'true', this rule will not cause 'deny' or 'redirect' actions to run, even if WAF Policy is set to enforcement mode. The behavior would be as if this rule operated in detection mode regardless of WAF Policy setting. Field deprecated in 18.1.5. Field introduced in 18.1.4.
index
Integer Field introduced in 17.2.1. format: int32
is_sensitive (optional)
Boolean The rule field is sensitive and will not be displayed. Field introduced in 20.1.1.
mode (optional)
String WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 18.1.5, 18.2.1.
name (optional)
String User-friendly optional name for a rule. Field introduced in 17.2.1.
phase (optional)
String The execution phase where this rule will be executed. Enum options - WAF_PHASE_CONNECTION, WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY, WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY, WAF_PHASE_LOGGING. Field introduced in 20.1.1.
rule
String Rule as per Modsec language. Field introduced in 17.2.1.
rule_id (optional)
String Identifier (id) for a rule per Modsec language. All SecRule and SecAction directives require an id. It is extracted from the id action in a ModSec rule. Rules within a single WAF Policy are required to have unique rule_ids. Field introduced in 17.2.2.
tags (optional)
array[String] Tags for WAF rule as per Modsec language. They are extracted from the tag action in a ModSec rule. Field introduced in 18.1.3.

WafRuleGroup Up

enable
Boolean Enable or disable WAF Rule Group. Field introduced in 17.2.1.
exclude_list (optional)
array[WafExcludeListEntry] Exclude list for the WAF rule group. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Field introduced in 17.2.1.
force_detection (optional)
Boolean When set to 'true', any rule in this group will not cause 'deny' or 'redirect' actions to run, even if WAF Policy is set to enforcement mode. The behavior would be as if this rule operated in detection mode regardless of WAF Policy setting. Field deprecated in 18.1.5. Field introduced in 18.1.4.
index
Integer Field introduced in 17.2.1. format: int32
name
String Field introduced in 17.2.1.
rules (optional)
array[WafRule] Rules as per Modsec language. Field introduced in 17.2.1.