SmartWebSecurity API, REST: SecurityProfile.Update
- HTTP request
- Path parameters
- Body parameters
- SecurityRule
- RuleCondition
- Condition
- AuthorityMatcher
- StringMatcher
- HttpMethodMatcher
- RequestUriMatcher
- QueryMatcher
- HeaderMatcher
- IpMatcher
- IpRangesMatcher
- GeoIpMatcher
- SmartProtection
- Waf
- AnalyzeRequestBody
- Response
- UpdateSecurityProfileMetadata
- Status
- SecurityProfile
- SecurityRule
- RuleCondition
- Condition
- AuthorityMatcher
- StringMatcher
- HttpMethodMatcher
- RequestUriMatcher
- QueryMatcher
- HeaderMatcher
- IpMatcher
- IpRangesMatcher
- GeoIpMatcher
- SmartProtection
- Waf
- AnalyzeRequestBody
Updates the specified security profile.
HTTP request
PATCH https://smartwebsecurity.api.cloud.yandex.net/smartwebsecurity/v1/securityProfiles/{securityProfileId}
Path parameters
|
Field |
Description |
|
securityProfileId |
string Required field. ID of the security profile to update. |
Body parameters
{
"updateMask": "string",
"labels": "object",
"name": "string",
"description": "string",
"defaultAction": "string",
"securityRules": [
{
"name": "string",
"priority": "string",
"dryRun": "boolean",
// Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`
"ruleCondition": {
"action": "string",
"condition": {
"authority": {
"authorities": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"httpMethod": {
"httpMethods": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"requestUri": {
"path": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
},
"queries": [
{
"key": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
]
},
"headers": [
{
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
],
"sourceIp": {
"ipRangesMatch": {
"ipRanges": [
"string"
]
},
"ipRangesNotMatch": {
"ipRanges": [
"string"
]
},
"geoIpMatch": {
"locations": [
"string"
]
},
"geoIpNotMatch": {
"locations": [
"string"
]
}
}
}
},
"smartProtection": {
"mode": "string",
"condition": {
"authority": {
"authorities": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"httpMethod": {
"httpMethods": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"requestUri": {
"path": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
},
"queries": [
{
"key": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
]
},
"headers": [
{
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
],
"sourceIp": {
"ipRangesMatch": {
"ipRanges": [
"string"
]
},
"ipRangesNotMatch": {
"ipRanges": [
"string"
]
},
"geoIpMatch": {
"locations": [
"string"
]
},
"geoIpNotMatch": {
"locations": [
"string"
]
}
}
}
},
"waf": {
"mode": "string",
"condition": {
"authority": {
"authorities": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"httpMethod": {
"httpMethods": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"requestUri": {
"path": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
},
"queries": [
{
"key": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
]
},
"headers": [
{
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
],
"sourceIp": {
"ipRangesMatch": {
"ipRanges": [
"string"
]
},
"ipRangesNotMatch": {
"ipRanges": [
"string"
]
},
"geoIpMatch": {
"locations": [
"string"
]
},
"geoIpNotMatch": {
"locations": [
"string"
]
}
}
},
"wafProfileId": "string"
},
// end of the list of possible fields
"description": "string"
}
],
"captchaId": "string",
"advancedRateLimiterProfileId": "string",
"analyzeRequestBody": {
"sizeLimit": "string",
"sizeLimitAction": "string"
}
}
|
Field |
Description |
|
updateMask |
string (field-mask) A comma-separated names off ALL fields to be updated. If |
|
labels |
object (map<string, string>) Labels as |
|
name |
string Name of the security profile. The name is unique within the folder. 1-50 characters long. |
|
description |
string Optional description of the security profile. |
|
defaultAction |
enum (DefaultAction) Action to perform if none of rules matched.
|
|
securityRules[] |
List of security rules. |
|
captchaId |
string Captcha ID to use with this security profile. Set empty to use default. |
|
advancedRateLimiterProfileId |
string Advanced rate limiter profile ID to use with this security profile. Set empty to use default. |
|
analyzeRequestBody |
Parameters for request body analyzer. |
SecurityRule
A SecurityRule object, see Rules.
|
Field |
Description |
|
name |
string Required field. Name of the rule. The name is unique within the security profile. 1-50 characters long. |
|
priority |
string (int64) Determines the priority for checking the incoming traffic. |
|
dryRun |
boolean This mode allows you to test your security profile or a single rule. |
|
ruleCondition |
Rule actions, see Rule actions. Includes only one of the fields |
|
smartProtection |
Smart Protection rule, see Smart Protection rules. Includes only one of the fields |
|
waf |
Web Application Firewall (WAF) rule, see WAF rules. Includes only one of the fields |
|
description |
string Optional description of the rule. 0-512 characters long. |
RuleCondition
RuleCondition object.
|
Field |
Description |
|
action |
enum (Action) Action to perform if this rule matched.
|
|
condition |
The condition for matching the rule. |
Condition
Condition object. AND semantics implied.
See documentation for matchers description.
|
Field |
Description |
|
authority |
Match authority (Host header). |
|
httpMethod |
Match HTTP method. |
|
requestUri |
Match Request URI. |
|
headers[] |
Match HTTP headers. |
|
sourceIp |
Match IP. |
AuthorityMatcher
AuthorityMatcher object.
|
Field |
Description |
|
authorities[] |
List of authorities. OR semantics implied. |
StringMatcher
StringMatcher object.
|
Field |
Description |
|
exactMatch |
string Includes only one of the fields |
|
exactNotMatch |
string Includes only one of the fields |
|
prefixMatch |
string Includes only one of the fields |
|
prefixNotMatch |
string Includes only one of the fields |
|
pireRegexMatch |
string Includes only one of the fields |
|
pireRegexNotMatch |
string Includes only one of the fields |
HttpMethodMatcher
HttpMethodMatcher object.
|
Field |
Description |
|
httpMethods[] |
List of HTTP methods. OR semantics implied. |
RequestUriMatcher
RequestUriMatcher object. AND semantics implied.
|
Field |
Description |
|
path |
Path of the URI RFC3986. |
|
queries[] |
List of query matchers. AND semantics implied. |
QueryMatcher
QueryMatcher object.
|
Field |
Description |
|
key |
string Required field. Key of the query parameter. |
|
value |
Required field. Value of the query parameter. |
HeaderMatcher
HeaderMatcher object.
|
Field |
Description |
|
name |
string Required field. Name of header (case insensitive). |
|
value |
Required field. Value of the header. |
IpMatcher
IpMatcher object. AND semantics implied.
|
Field |
Description |
|
ipRangesMatch |
|
|
ipRangesNotMatch |
|
|
geoIpMatch |
|
|
geoIpNotMatch |
IpRangesMatcher
IpRangesMatcher object.
|
Field |
Description |
|
ipRanges[] |
string List of IP ranges. OR semantics implied. |
GeoIpMatcher
GeoIpMatcher object.
|
Field |
Description |
|
locations[] |
string ISO 3166-1 alpha 2. OR semantics implied. |
SmartProtection
SmartProtection object.
|
Field |
Description |
|
mode |
enum (Mode) Mode of protection.
|
|
condition |
The condition for matching the rule. |
Waf
Waf object.
|
Field |
Description |
|
mode |
enum (Mode) Mode of protection.
|
|
condition |
The condition for matching the rule. |
|
wafProfileId |
string Required field. ID of WAF profile to use in this rule. |
AnalyzeRequestBody
|
Field |
Description |
|
sizeLimit |
string (int64) Maximum size of body to pass to analyzer. In kilobytes. |
|
sizeLimitAction |
enum (Action) Action to perform if maximum size of body exceeded.
|
Response
HTTP Code: 200 - OK
{
"id": "string",
"description": "string",
"createdAt": "string",
"createdBy": "string",
"modifiedAt": "string",
"done": "boolean",
"metadata": {
"securityProfileId": "string"
},
// Includes only one of the fields `error`, `response`
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"response": {
"id": "string",
"folderId": "string",
"labels": "object",
"name": "string",
"description": "string",
"defaultAction": "string",
"securityRules": [
{
"name": "string",
"priority": "string",
"dryRun": "boolean",
// Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`
"ruleCondition": {
"action": "string",
"condition": {
"authority": {
"authorities": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"httpMethod": {
"httpMethods": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"requestUri": {
"path": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
},
"queries": [
{
"key": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
]
},
"headers": [
{
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
],
"sourceIp": {
"ipRangesMatch": {
"ipRanges": [
"string"
]
},
"ipRangesNotMatch": {
"ipRanges": [
"string"
]
},
"geoIpMatch": {
"locations": [
"string"
]
},
"geoIpNotMatch": {
"locations": [
"string"
]
}
}
}
},
"smartProtection": {
"mode": "string",
"condition": {
"authority": {
"authorities": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"httpMethod": {
"httpMethods": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"requestUri": {
"path": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
},
"queries": [
{
"key": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
]
},
"headers": [
{
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
],
"sourceIp": {
"ipRangesMatch": {
"ipRanges": [
"string"
]
},
"ipRangesNotMatch": {
"ipRanges": [
"string"
]
},
"geoIpMatch": {
"locations": [
"string"
]
},
"geoIpNotMatch": {
"locations": [
"string"
]
}
}
}
},
"waf": {
"mode": "string",
"condition": {
"authority": {
"authorities": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"httpMethod": {
"httpMethods": [
{
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
]
},
"requestUri": {
"path": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
},
"queries": [
{
"key": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
]
},
"headers": [
{
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
"exactMatch": "string",
"exactNotMatch": "string",
"prefixMatch": "string",
"prefixNotMatch": "string",
"pireRegexMatch": "string",
"pireRegexNotMatch": "string"
// end of the list of possible fields
}
}
],
"sourceIp": {
"ipRangesMatch": {
"ipRanges": [
"string"
]
},
"ipRangesNotMatch": {
"ipRanges": [
"string"
]
},
"geoIpMatch": {
"locations": [
"string"
]
},
"geoIpNotMatch": {
"locations": [
"string"
]
}
}
},
"wafProfileId": "string"
},
// end of the list of possible fields
"description": "string"
}
],
"createdAt": "string",
"cloudId": "string",
"captchaId": "string",
"advancedRateLimiterProfileId": "string",
"analyzeRequestBody": {
"sizeLimit": "string",
"sizeLimitAction": "string"
}
}
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
|
Field |
Description |
|
id |
string ID of the operation. |
|
description |
string Description of the operation. 0-256 characters long. |
|
createdAt |
string (date-time) Creation timestamp. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
createdBy |
string ID of the user or service account who initiated the operation. |
|
modifiedAt |
string (date-time) The time when the Operation resource was last modified. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
done |
boolean If the value is |
|
metadata |
Service-specific metadata associated with the operation. |
|
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
|
response |
The normal response of the operation in case of success. Includes only one of the fields The operation result. |
UpdateSecurityProfileMetadata
|
Field |
Description |
|
securityProfileId |
string ID of the SecurityProfile resource that is being updated. |
Status
The error result of the operation in case of failure or cancellation.
|
Field |
Description |
|
code |
integer (int32) Error code. An enum value of google.rpc.Code. |
|
message |
string An error message. |
|
details[] |
object A list of messages that carry the error details. |
SecurityProfile
A SecurityProfile resource.
|
Field |
Description |
|
id |
string ID of the security profile. |
|
folderId |
string ID of the folder that the security profile belongs to. |
|
labels |
object (map<string, string>) Labels as |
|
name |
string Required field. Name of the security profile. The name is unique within the folder. 1-50 characters long. |
|
description |
string Optional description of the security profile. |
|
defaultAction |
enum (DefaultAction) Required field. Action to perform if none of rules matched.
|
|
securityRules[] |
List of security rules. |
|
createdAt |
string (date-time) Creation timestamp in RFC3339 text format. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
cloudId |
string ID of the cloud that the security profile belongs to. |
|
captchaId |
string Captcha ID to use with this security profile. Set empty to use default. |
|
advancedRateLimiterProfileId |
string Advanced rate limiter profile ID to use with this security profile. Set empty to use default. |
|
analyzeRequestBody |
Parameters for request body analyzer. |
SecurityRule
A SecurityRule object, see Rules.
|
Field |
Description |
|
name |
string Required field. Name of the rule. The name is unique within the security profile. 1-50 characters long. |
|
priority |
string (int64) Determines the priority for checking the incoming traffic. |
|
dryRun |
boolean This mode allows you to test your security profile or a single rule. |
|
ruleCondition |
Rule actions, see Rule actions. Includes only one of the fields |
|
smartProtection |
Smart Protection rule, see Smart Protection rules. Includes only one of the fields |
|
waf |
Web Application Firewall (WAF) rule, see WAF rules. Includes only one of the fields |
|
description |
string Optional description of the rule. 0-512 characters long. |
RuleCondition
RuleCondition object.
|
Field |
Description |
|
action |
enum (Action) Action to perform if this rule matched.
|
|
condition |
The condition for matching the rule. |
Condition
Condition object. AND semantics implied.
See documentation for matchers description.
|
Field |
Description |
|
authority |
Match authority (Host header). |
|
httpMethod |
Match HTTP method. |
|
requestUri |
Match Request URI. |
|
headers[] |
Match HTTP headers. |
|
sourceIp |
Match IP. |
AuthorityMatcher
AuthorityMatcher object.
|
Field |
Description |
|
authorities[] |
List of authorities. OR semantics implied. |
StringMatcher
StringMatcher object.
|
Field |
Description |
|
exactMatch |
string Includes only one of the fields |
|
exactNotMatch |
string Includes only one of the fields |
|
prefixMatch |
string Includes only one of the fields |
|
prefixNotMatch |
string Includes only one of the fields |
|
pireRegexMatch |
string Includes only one of the fields |
|
pireRegexNotMatch |
string Includes only one of the fields |
HttpMethodMatcher
HttpMethodMatcher object.
|
Field |
Description |
|
httpMethods[] |
List of HTTP methods. OR semantics implied. |
RequestUriMatcher
RequestUriMatcher object. AND semantics implied.
|
Field |
Description |
|
path |
Path of the URI RFC3986. |
|
queries[] |
List of query matchers. AND semantics implied. |
QueryMatcher
QueryMatcher object.
|
Field |
Description |
|
key |
string Required field. Key of the query parameter. |
|
value |
Required field. Value of the query parameter. |
HeaderMatcher
HeaderMatcher object.
|
Field |
Description |
|
name |
string Required field. Name of header (case insensitive). |
|
value |
Required field. Value of the header. |
IpMatcher
IpMatcher object. AND semantics implied.
|
Field |
Description |
|
ipRangesMatch |
|
|
ipRangesNotMatch |
|
|
geoIpMatch |
|
|
geoIpNotMatch |
IpRangesMatcher
IpRangesMatcher object.
|
Field |
Description |
|
ipRanges[] |
string List of IP ranges. OR semantics implied. |
GeoIpMatcher
GeoIpMatcher object.
|
Field |
Description |
|
locations[] |
string ISO 3166-1 alpha 2. OR semantics implied. |
SmartProtection
SmartProtection object.
|
Field |
Description |
|
mode |
enum (Mode) Mode of protection.
|
|
condition |
The condition for matching the rule. |
Waf
Waf object.
|
Field |
Description |
|
mode |
enum (Mode) Mode of protection.
|
|
condition |
The condition for matching the rule. |
|
wafProfileId |
string Required field. ID of WAF profile to use in this rule. |
AnalyzeRequestBody
|
Field |
Description |
|
sizeLimit |
string (int64) Maximum size of body to pass to analyzer. In kilobytes. |
|
sizeLimitAction |
enum (Action) Action to perform if maximum size of body exceeded.
|