SmartWebSecurity WAF API, REST: WafProfile.Get
Returns the specified WafProfile resource.
HTTP request
GET https://smartwebsecurity.api.cloud.yandex.net/smartwebsecurity/v1/wafProfiles/{wafProfileId}
Path parameters
|
Field |
Description |
|
wafProfileId |
string Required field. ID of the WafProfile resource to return. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"folderId": "string",
"cloudId": "string",
"name": "string",
"description": "string",
"labels": "object",
"createdAt": "string",
"rules": [
{
"ruleId": "string",
"isEnabled": "boolean",
"isBlocking": "boolean"
}
],
"exclusionRules": [
{
"name": "string",
"description": "string",
"condition": {
"authority": {
"authorities": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"httpMethod": {
"httpMethods": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"requestUri": {
"path": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
},
"queries": [
{
"key": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
]
},
"headers": [
{
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
],
"sourceIp": {
"ipRangesMatch": {
"ipRanges": [
"string"
]
},
"ipRangesNotMatch": {
"ipRanges": [
"string"
]
},
"geoIpMatch": {
"locations": [
"string"
]
},
"geoIpNotMatch": {
"locations": [
"string"
]
}
}
},
"excludeRules": {
"excludeAll": "boolean",
"ruleIds": [
"string"
]
},
"logExcluded": "boolean"
}
],
// Includes only one of the fields `coreRuleSet`
"coreRuleSet": {
"inboundAnomalyScore": "string",
"paranoiaLevel": "string",
"ruleSet": {
"name": "string",
"version": "string"
}
},
// end of the list of possible fields
"analyzeRequestBody": {
"isEnabled": "boolean",
"sizeLimit": "string",
"sizeLimitAction": "string"
}
}
|
Field |
Description |
|
id |
string Required field. ID of the WAF profile. |
|
folderId |
string Required field. ID of the folder that the WAF profile belongs to. |
|
cloudId |
string Required field. ID of the cloud that the WAF profile belongs to. |
|
name |
string Required field. Name of the WAF profile. The name is unique within the folder. 1-50 characters long. |
|
description |
string Optional description of the WAF profile. |
|
labels |
object (map<string, string>) Labels as |
|
createdAt |
string (date-time) Creation timestamp in RFC3339 text format. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
rules[] |
Settings for each rule in rule set. |
|
exclusionRules[] |
List of exclusion rules. See Rules. |
|
coreRuleSet |
Core rule set settings. See Basic rule set for details. Includes only one of the fields |
|
analyzeRequestBody |
The parameter is deprecated. Parameters for request body analyzer. |
WafProfileRule
WafProfileRule object. Determines settings for each rule_id in rule set.
|
Field |
Description |
|
ruleId |
string Required field. Rule ID. |
|
isEnabled |
boolean Determines is it rule enabled or not. |
|
isBlocking |
boolean Determines is it rule blocking or not. |
WafProfileExclusionRule
A WafProfileExclusionRule object. See Exclusion rules.
|
Field |
Description |
|
name |
string Required field. Name of exclusion rule. |
|
description |
string Optional description of the rule. 0-512 characters long. |
|
condition |
The condition for matching traffic. |
|
excludeRules |
Required field. Exclude rules. |
|
logExcluded |
boolean Records the fact that an exception rule is triggered. |
Condition
Condition object. AND semantics implied.
See documentation for matchers description.
|
Field |
Description |
|
authority |
Match authority (Host header). |
|
httpMethod |
Match HTTP method. |
|
requestUri |
Match Request URI. |
|
headers[] |
Match HTTP headers. |
|
sourceIp |
Match IP. |
AuthorityMatcher
AuthorityMatcher object.
|
Field |
Description |
|
authorities[] |
List of authorities. OR semantics implied. |
StringMatcher
StringMatcher object.
|
Field |
Description |
|
exactMatch |
string Includes only one of the fields |
|
exactNotMatch |
string Includes only one of the fields |
|
prefixMatch |
string Includes only one of the fields |
|
prefixNotMatch |
string Includes only one of the fields |
|
pireRegexMatch |
string Includes only one of the fields |
|
pireRegexNotMatch |
string Includes only one of the fields |
HttpMethodMatcher
HttpMethodMatcher object.
|
Field |
Description |
|
httpMethods[] |
List of HTTP methods. OR semantics implied. |
RequestUriMatcher
RequestUriMatcher object. AND semantics implied.
|
Field |
Description |
|
path |
Path of the URI RFC3986. |
|
queries[] |
List of query matchers. AND semantics implied. |
QueryMatcher
QueryMatcher object.
|
Field |
Description |
|
key |
string Required field. Key of the query parameter. |
|
value |
Required field. Value of the query parameter. |
HeaderMatcher
HeaderMatcher object.
|
Field |
Description |
|
name |
string Required field. Name of header (case insensitive). |
|
value |
Required field. Value of the header. |
IpMatcher
IpMatcher object. AND semantics implied.
|
Field |
Description |
|
ipRangesMatch |
|
|
ipRangesNotMatch |
|
|
geoIpMatch |
|
|
geoIpNotMatch |
IpRangesMatcher
IpRangesMatcher object.
|
Field |
Description |
|
ipRanges[] |
string List of IP ranges. OR semantics implied. |
GeoIpMatcher
GeoIpMatcher object.
|
Field |
Description |
|
locations[] |
string ISO 3166-1 alpha 2. OR semantics implied. |
ExcludeRules
Determines list of excluded rules.
|
Field |
Description |
|
excludeAll |
boolean Set this option true to exclude all rules. |
|
ruleIds[] |
string List of rules to exclude. |
CoreRuleSet
|
Field |
Description |
|
inboundAnomalyScore |
string (int64) Anomaly score. |
|
paranoiaLevel |
string (int64) Paranoia level. |
|
ruleSet |
Required field. Rule set. |
RuleSet
A RuleSet object. Determines name and version of rule set.
|
Field |
Description |
|
name |
string Required field. Name of rule set. |
|
version |
string Required field. Version of rule set. |
AnalyzeRequestBody
|
Field |
Description |
|
isEnabled |
boolean Possible to turn analyzer on and turn if off. |
|
sizeLimit |
string (int64) Maximum size of body to pass to analyzer. In kilobytes. |
|
sizeLimitAction |
enum (Action) Action to perform if maximum size of body exceeded.
|