SmartWebSecurity WAF API, gRPC: WafProfileService.List
Retrieves the list of WafProfile resources in the specified folder.
gRPC request
rpc List (ListWafProfilesRequest) returns (ListWafProfilesResponse)
ListWafProfilesRequest
{
"folder_id": "string"
}
Field |
Description |
folder_id |
string Required field. ID of the folder that the WAF profile belongs to. |
ListWafProfilesResponse
{
"waf_profiles": [
{
"id": "string",
"folder_id": "string",
"cloud_id": "string",
"name": "string",
"description": "string",
"labels": "map<string, string>",
"created_at": "google.protobuf.Timestamp",
"rules": [
{
"rule_id": "string",
"is_enabled": "bool",
"is_blocking": "bool"
}
],
"exclusion_rules": [
{
"name": "string",
"description": "string",
"condition": {
"authority": {
"authorities": [
{
// Includes only one of the fields `exact_match`, `exact_not_match`, `prefix_match`, `prefix_not_match`, `pire_regex_match`, `pire_regex_not_match`
"exact_match": "string",
"exact_not_match": "string",
"prefix_match": "string",
"prefix_not_match": "string",
"pire_regex_match": "string",
"pire_regex_not_match": "string"
// end of the list of possible fields
}
]
},
"http_method": {
"http_methods": [
{
// Includes only one of the fields `exact_match`, `exact_not_match`, `prefix_match`, `prefix_not_match`, `pire_regex_match`, `pire_regex_not_match`
"exact_match": "string",
"exact_not_match": "string",
"prefix_match": "string",
"prefix_not_match": "string",
"pire_regex_match": "string",
"pire_regex_not_match": "string"
// end of the list of possible fields
}
]
},
"request_uri": {
"path": {
// Includes only one of the fields `exact_match`, `exact_not_match`, `prefix_match`, `prefix_not_match`, `pire_regex_match`, `pire_regex_not_match`
"exact_match": "string",
"exact_not_match": "string",
"prefix_match": "string",
"prefix_not_match": "string",
"pire_regex_match": "string",
"pire_regex_not_match": "string"
// end of the list of possible fields
},
"queries": [
{
"key": "string",
"value": {
// Includes only one of the fields `exact_match`, `exact_not_match`, `prefix_match`, `prefix_not_match`, `pire_regex_match`, `pire_regex_not_match`
"exact_match": "string",
"exact_not_match": "string",
"prefix_match": "string",
"prefix_not_match": "string",
"pire_regex_match": "string",
"pire_regex_not_match": "string"
// end of the list of possible fields
}
}
]
},
"headers": [
{
"name": "string",
"value": {
// Includes only one of the fields `exact_match`, `exact_not_match`, `prefix_match`, `prefix_not_match`, `pire_regex_match`, `pire_regex_not_match`
"exact_match": "string",
"exact_not_match": "string",
"prefix_match": "string",
"prefix_not_match": "string",
"pire_regex_match": "string",
"pire_regex_not_match": "string"
// end of the list of possible fields
}
}
],
"source_ip": {
"ip_ranges_match": {
"ip_ranges": [
"string"
]
},
"ip_ranges_not_match": {
"ip_ranges": [
"string"
]
},
"geo_ip_match": {
"locations": [
"string"
]
},
"geo_ip_not_match": {
"locations": [
"string"
]
}
}
},
"exclude_rules": {
"exclude_all": "bool",
"rule_ids": [
"string"
]
},
"log_excluded": "bool"
}
],
// Includes only one of the fields `core_rule_set`
"core_rule_set": {
"inbound_anomaly_score": "int64",
"paranoia_level": "int64",
"rule_set": {
"name": "string",
"version": "string"
}
},
// end of the list of possible fields
"analyze_request_body": {
"is_enabled": "bool",
"size_limit": "int64",
"size_limit_action": "Action"
}
}
]
}
Field |
Description |
waf_profiles[] |
List of WafProfile resources. |
WafProfile
Field |
Description |
id |
string Required field. ID of the WAF profile. |
folder_id |
string Required field. ID of the folder that the WAF profile belongs to. |
cloud_id |
string Required field. ID of the cloud that the WAF profile belongs to. |
name |
string Required field. Name of the WAF profile. The name is unique within the folder. 1-50 characters long. |
description |
string Optional description of the WAF profile. |
labels |
object (map<string, string>) Labels as |
created_at |
Creation timestamp in RFC3339 |
rules[] |
Settings for each rule in rule set. |
exclusion_rules[] |
List of exclusion rules. See Rules. |
core_rule_set |
Core rule set settings. See Basic rule set for details. Includes only one of the fields |
analyze_request_body |
Parameters for request body analyzer. |
WafProfileRule
WafProfileRule object. Determines settings for each rule_id in rule set.
Field |
Description |
rule_id |
string Required field. Rule ID. |
is_enabled |
bool Determines is it rule enabled or not. |
is_blocking |
bool Determines is it rule blocking or not. |
WafProfileExclusionRule
A WafProfileExclusionRule object. See Exclusion rules.
Field |
Description |
name |
string Required field. Name of exclusion rule. |
description |
string Optional description of the rule. 0-512 characters long. |
condition |
The condition for matching traffic. |
exclude_rules |
Required field. Exclude rules. |
log_excluded |
bool Records the fact that an exception rule is triggered. |
Condition
Condition object. AND semantics implied.
See documentation for matchers description.
Field |
Description |
authority |
Match authority (Host header). |
http_method |
Match HTTP method. |
request_uri |
Match Request URI. |
headers[] |
Match HTTP headers. |
source_ip |
Match IP. |
AuthorityMatcher
AuthorityMatcher object.
Field |
Description |
authorities[] |
List of authorities. OR semantics implied. |
StringMatcher
StringMatcher object.
Field |
Description |
exact_match |
string Includes only one of the fields |
exact_not_match |
string Includes only one of the fields |
prefix_match |
string Includes only one of the fields |
prefix_not_match |
string Includes only one of the fields |
pire_regex_match |
string Includes only one of the fields |
pire_regex_not_match |
string Includes only one of the fields |
HttpMethodMatcher
HttpMethodMatcher object.
Field |
Description |
http_methods[] |
List of HTTP methods. OR semantics implied. |
RequestUriMatcher
RequestUriMatcher object. AND semantics implied.
Field |
Description |
path |
Path of the URI RFC3986 |
queries[] |
List of query matchers. AND semantics implied. |
QueryMatcher
QueryMatcher object.
Field |
Description |
key |
string Required field. Key of the query parameter. |
value |
Required field. Value of the query parameter. |
HeaderMatcher
HeaderMatcher object.
Field |
Description |
name |
string Required field. Name of header (case insensitive). |
value |
Required field. Value of the header. |
IpMatcher
IpMatcher object. AND semantics implied.
Field |
Description |
ip_ranges_match |
|
ip_ranges_not_match |
|
geo_ip_match |
|
geo_ip_not_match |
IpRangesMatcher
IpRangesMatcher object.
Field |
Description |
ip_ranges[] |
string List of IP ranges. OR semantics implied. |
GeoIpMatcher
GeoIpMatcher object.
Field |
Description |
locations[] |
string ISO 3166-1 alpha 2. OR semantics implied. |
ExcludeRules
Determines list of excluded rules.
Field |
Description |
exclude_all |
bool Set this option true to exclude all rules. |
rule_ids[] |
string List of rules to exclude. |
CoreRuleSet
Field |
Description |
inbound_anomaly_score |
int64 Anomaly score. |
paranoia_level |
int64 Paranoia level. |
rule_set |
Required field. Rule set. |
RuleSet
A RuleSet object. Determines name and version of rule set.
Field |
Description |
name |
string Required field. Name of rule set. |
version |
string Required field. Version of rule set. |
AnalyzeRequestBody
Field |
Description |
is_enabled |
bool Possible to turn analyzer on and turn if off. |
size_limit |
int64 Maximum size of body to pass to analyzer. In kilobytes. |
size_limit_action |
enum Action Action to perform if maximum size of body exceeded.
|