Связаться с намиПодключиться

SmartWebSecurity WAF API, REST: WafProfile.List

Статья создана
Улучшена
Обновлена 18 ноября 2025 г.

Retrieves the list of WafProfile resources in the specified folder.

HTTP request

GET https://smartwebsecurity.api.cloud.yandex.net/smartwebsecurity/v1/wafProfiles

Query parameters

Field

Description

folderId

string

Required field. ID of the folder that the WAF profile belongs to.
Currently page_size, page_token, filter and order_by are not supported and List method will return all WAF profiles in the folder.

Response

HTTP Code: 200 - OK

{
  "wafProfiles": [
    {
      "id": "string",
      "folderId": "string",
      "cloudId": "string",
      "name": "string",
      "description": "string",
      "labels": "object",
      "createdAt": "string",
      "rules": [
        {
          "ruleId": "string",
          "isEnabled": "boolean",
          "isBlocking": "boolean"
        }
      ],
      "exclusionRules": [
        {
          "name": "string",
          "description": "string",
          "condition": {
            "authority": {
              "authorities": [
                {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              ]
            },
            "httpMethod": {
              "httpMethods": [
                {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              ]
            },
            "requestUri": {
              "path": {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              },
              "queries": [
                {
                  "key": "string",
                  "value": {
                    // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                    "exactMatch": "string",
                    "exactNotMatch": "string",
                    "prefixMatch": "string",
                    "prefixNotMatch": "string",
                    "pireRegexMatch": "string",
                    "pireRegexNotMatch": "string"
                    // end of the list of possible fields
                  }
                }
              ]
            },
            "headers": [
              {
                "name": "string",
                "value": {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              }
            ],
            "sourceIp": {
              "ipRangesMatch": {
                "ipRanges": [
                  "string"
                ]
              },
              "ipRangesNotMatch": {
                "ipRanges": [
                  "string"
                ]
              },
              "geoIpMatch": {
                "locations": [
                  "string"
                ]
              },
              "geoIpNotMatch": {
                "locations": [
                  "string"
                ]
              }
            }
          },
          "excludeRules": {
            "excludeAll": "boolean",
            "ruleIds": [
              "string"
            ]
          },
          "logExcluded": "boolean"
        }
      ],
      // Includes only one of the fields `coreRuleSet`
      "coreRuleSet": {
        "inboundAnomalyScore": "string",
        "paranoiaLevel": "string",
        "ruleSet": {
          "name": "string",
          "version": "string",
          "type": "string",
          "id": "string"
        }
      },
      // end of the list of possible fields
      "analyzeRequestBody": {
        "isEnabled": "boolean",
        "sizeLimit": "string",
        "sizeLimitAction": "string"
      },
      "ruleSets": [
        {
          // Includes only one of the fields `coreRuleSet`, `yaRuleSet`, `mlRuleSet`
          "coreRuleSet": {
            "ruleSet": {
              "name": "string",
              "version": "string",
              "type": "string",
              "id": "string"
            },
            "inboundAnomalyScore": "string",
            "paranoiaLevel": "string"
          },
          "yaRuleSet": {
            "ruleSet": {
              "name": "string",
              "version": "string",
              "type": "string",
              "id": "string"
            },
            "ruleGroups": [
              {
                "id": "string",
                "action": "string",
                "inboundAnomalyScore": "string",
                "isEnabled": "boolean"
              }
            ]
          },
          "mlRuleSet": {
            "ruleSet": {
              "name": "string",
              "version": "string",
              "type": "string",
              "id": "string"
            },
            "ruleGroups": [
              {
                "id": "string",
                "action": "string",
                "inboundAnomalyScore": "string",
                "isEnabled": "boolean"
              }
            ]
          },
          // end of the list of possible fields
          "priority": "string",
          "isEnabled": "boolean",
          "action": "string"
        }
      ],
      "matchAllRuleSets": "boolean"
    }
  ]
}

Field

Description

wafProfiles[]

WafProfile

List of WafProfile resources.
Currently next_page_token is not supported and List method will return all WAF profiles in the folder.

WafProfile

Field

Description

id

string

Required field. ID of the WAF profile.

folderId

string

Required field. ID of the folder that the WAF profile belongs to.

cloudId

string

Required field. ID of the cloud that the WAF profile belongs to.

name

string

Required field. Name of the WAF profile. The name is unique within the folder. 1-50 characters long.

description

string

Optional description of the WAF profile.

labels

object (map<string, string>)

Labels as key:value pairs. Maximum of 64 per resource.

createdAt

string (date-time)

Creation timestamp in RFC3339 text format.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

rules[]

WafProfileRule

Settings for each rule in rule set.

exclusionRules[]

WafProfileExclusionRule

List of exclusion rules. See Rules.

coreRuleSet

CoreRuleSet

The parameter is deprecated. Core rule set settings.

Includes only one of the fields coreRuleSet.

analyzeRequestBody

AnalyzeRequestBody

The parameter is deprecated. Parameters for request body analyzer.

ruleSets[]

WafProfileRuleSet

List of rule sets.

matchAllRuleSets

boolean

Determines

WafProfileRule

WafProfileRule object. Determines settings for each rule_id in rule set.

Field

Description

ruleId

string

Required field. Rule ID.

isEnabled

boolean

Determines is it rule enabled or not.

isBlocking

boolean

Determines is it rule blocking or not.

WafProfileExclusionRule

A WafProfileExclusionRule object. See Exclusion rules.

Field

Description

name

string

Required field. Name of exclusion rule.

description

string

Optional description of the rule. 0-512 characters long.

condition

Condition

The condition for matching traffic.

excludeRules

ExcludeRules

Required field. Exclude rules.

logExcluded

boolean

Records the fact that an exception rule is triggered.

Condition

Condition object. AND semantics implied.
See documentation for matchers description.

Field

Description

authority

AuthorityMatcher

Match authority (Host header).

httpMethod

HttpMethodMatcher

Match HTTP method.

requestUri

RequestUriMatcher

Match Request URI.

headers[]

HeaderMatcher

Match HTTP headers.

sourceIp

IpMatcher

Match IP.

AuthorityMatcher

AuthorityMatcher object.

Field

Description

authorities[]

StringMatcher

List of authorities. OR semantics implied.

StringMatcher

StringMatcher object.

Field

Description

exactMatch

string

Includes only one of the fields exactMatch, exactNotMatch, prefixMatch, prefixNotMatch, pireRegexMatch, pireRegexNotMatch.

exactNotMatch

string

Includes only one of the fields exactMatch, exactNotMatch, prefixMatch, prefixNotMatch, pireRegexMatch, pireRegexNotMatch.

prefixMatch

string

Includes only one of the fields exactMatch, exactNotMatch, prefixMatch, prefixNotMatch, pireRegexMatch, pireRegexNotMatch.

prefixNotMatch

string

Includes only one of the fields exactMatch, exactNotMatch, prefixMatch, prefixNotMatch, pireRegexMatch, pireRegexNotMatch.

pireRegexMatch

string

Includes only one of the fields exactMatch, exactNotMatch, prefixMatch, prefixNotMatch, pireRegexMatch, pireRegexNotMatch.

pireRegexNotMatch

string

Includes only one of the fields exactMatch, exactNotMatch, prefixMatch, prefixNotMatch, pireRegexMatch, pireRegexNotMatch.

HttpMethodMatcher

HttpMethodMatcher object.

Field

Description

httpMethods[]

StringMatcher

List of HTTP methods. OR semantics implied.

RequestUriMatcher

RequestUriMatcher object. AND semantics implied.

Field

Description

path

StringMatcher

Path of the URI RFC3986.

queries[]

QueryMatcher

List of query matchers. AND semantics implied.

QueryMatcher

QueryMatcher object.

Field

Description

key

string

Required field. Key of the query parameter.

value

StringMatcher

Required field. Value of the query parameter.

HeaderMatcher

HeaderMatcher object.

Field

Description

name

string

Required field. Name of header (case insensitive).

value

StringMatcher

Required field. Value of the header.

IpMatcher

IpMatcher object. AND semantics implied.

Field

Description

ipRangesMatch

IpRangesMatcher

ipRangesNotMatch

IpRangesMatcher

geoIpMatch

GeoIpMatcher

geoIpNotMatch

GeoIpMatcher

IpRangesMatcher

IpRangesMatcher object.

Field

Description

ipRanges[]

string

List of IP ranges. OR semantics implied.

GeoIpMatcher

GeoIpMatcher object.

Field

Description

locations[]

string

ISO 3166-1 alpha 2. OR semantics implied.

ExcludeRules

Determines list of excluded rules.

Field

Description

excludeAll

boolean

Set this option true to exclude all rules.

ruleIds[]

string

List of rules to exclude.

CoreRuleSet

Field

Description

inboundAnomalyScore

string (int64)

Anomaly score.
Enter an integer within the range of 2 and 10000.
The higher this value, the more likely it is that the request that satisfies the rule is an attack.
See Rules for more details.

paranoiaLevel

string (int64)

Paranoia level.
Enter an integer within the range of 1 and 4.
Paranoia level classifies rules according to their aggression. The higher the paranoia level, the better your protection,
but also the higher the probability of WAF false positives.
See Rules for more details.
NOTE: this option has no effect on enabling or disabling rules.
it is used only as recommendation for user to enable all rules with paranoia_level <= this value.

ruleSet

RuleSet

Required field. Rule set.

RuleSet

A RuleSet object. Determines name and version of rule set.

Field

Description

name

string

Required field. Name of rule set.

version

string

Required field. Version of rule set.

type

enum (RuleSetType)

Type of rule set.

  • RULE_SET_TYPE_UNSPECIFIED
  • CORE: Core rule set.
  • YA: Yandex rule set.
  • ML: Yandex machine learning rule set.

id

string

ID of rule set.

AnalyzeRequestBody

Field

Description

isEnabled

boolean

Possible to turn analyzer on and turn if off.

sizeLimit

string (int64)

Maximum size of body to pass to analyzer. In kilobytes.

sizeLimitAction

enum (Action)

Action to perform if maximum size of body exceeded.

  • ACTION_UNSPECIFIED
  • IGNORE: Ignore request.
  • DENY: Deny request.

WafProfileRuleSet

Field

Description

coreRuleSet

WafProfileCoreRuleSet

Core rule set settings. See Basic rule set for details.

Includes only one of the fields coreRuleSet, yaRuleSet, mlRuleSet.

yaRuleSet

WafProfileYaRuleSet

Yandex rule set settings.

Includes only one of the fields coreRuleSet, yaRuleSet, mlRuleSet.

mlRuleSet

WafProfileMlRuleSet

Yandex Machine learning rule set settings.

Includes only one of the fields coreRuleSet, yaRuleSet, mlRuleSet.

priority

string (int64)

Priority of rule set.

isEnabled

boolean

Determines is it rule set enabled or not.

action

enum (RuleSetAction)

Action to perfome on rule set match.

  • RULE_SET_ACTION_UNSPECIFIED
  • DENY: Deny request.
  • CAPTCHA: Show captcha.

WafProfileCoreRuleSet

Field

Description

ruleSet

RuleSet

Required field. Rule set.

inboundAnomalyScore

string (int64)

Anomaly score.
Enter an integer within the range of 2 and 10000.
The higher this value, the more likely it is that the request that satisfies the rule is an attack.
See Rules for more details.

paranoiaLevel

string (int64)

Paranoia level.
Enter an integer within the range of 1 and 4.
Paranoia level classifies rules according to their aggression. The higher the paranoia level, the better your protection,
but also the higher the probability of WAF false positives.
See Rules for more details.
NOTE: this option has no effect on enabling or disabling rules.
it is used only as recommendation for user to enable all rules with paranoia_level <= this value.

WafProfileYaRuleSet

Field

Description

ruleSet

RuleSet

Required field. Rule set.

ruleGroups[]

RuleGroup

List of rule groups.

RuleGroup

Field

Description

id

string

ID of the rule group.

action

enum (Action)

Action to perfome on rule group match.

  • ACTION_UNSPECIFIED
  • DENY: Deny request.
  • LOG: Log request.
  • IGNORE: Ignore request.

inboundAnomalyScore

string (int64)

Anomaly score.

isEnabled

boolean

Determines is it rule group enabled or not.

WafProfileMlRuleSet

Field

Description

ruleSet

RuleSet

Required field. Rule set.

ruleGroups[]

RuleGroup

List of rule groups.
Предыдущая
Get
Следующая
Create