Suggest WAF Exclusion Rule.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/cdn_loadbalancers/example/waf_exclusion/suggestion';const options = { method: 'POST', headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'}, body: '{"api_endpoint":{"collapsed_url":"example","method":"example"},"domain":"example","exclude_bot_names":[{"bot_name":"example"}],"exclude_signature_contexts":[{"context":"CONTEXT_ANY","context_name":"example","signature_id":1}],"exclude_violation_contexts":[{"context":"CONTEXT_ANY","context_name":"example","exclude_violation":"VIOL_NONE"}],"name":"example","namespace":"example","req_path":"example","route_uuid":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/cdn_loadbalancers/example/waf_exclusion/suggestion \ --header 'Authorization: <Authorization>' \ --header 'Content-Type: application/json' \ --data '{ "api_endpoint": { "collapsed_url": "example", "method": "example" }, "domain": "example", "exclude_bot_names": [ { "bot_name": "example" } ], "exclude_signature_contexts": [ { "context": "CONTEXT_ANY", "context_name": "example", "signature_id": 1 } ], "exclude_violation_contexts": [ { "context": "CONTEXT_ANY", "context_name": "example", "exclude_violation": "VIOL_NONE" } ], "name": "example", "namespace": "example", "req_path": "example", "route_uuid": "example" }'Suggest service policy rule to set up WAF exclusion for a given WAF security event.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace Namespace of the App type for current request.
Name HTTP load balancer for which this WAF exclusion will be applied.
Request Bodyrequired
Section titled “Request Bodyrequired”GET suggested service policy rule to set up WAF rule exclusion for a given WAF security event.
object
object
Collapsed URL is the path with identified DYN components.
HTTP method.
Domain
Bot name contexts to be excluded for this request.
Specifies bot to be excluded by its name.
object
Required: YES.
App Firewall signature contexts to be excluded for this request.
App Firewall signature context changes to be applied for this request.
object
Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).
The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context. Required: YES.
App Firewall violation contexts to be excluded for this request.
App Firewall violation context changes to be applied for this request.
object
Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).
HTTP load balancer for which this WAF exclusion will be applied.
Namespace of the App type for current request.
Request URL path.
Unique identifier for the request route.
Responses
Section titled “Responses”A successful response.
GET suggested service policy rule to set up WAF rule exclusion for a given WAF security event.
object
object
HTTP load balancer for which this WAF exclusion will be applied.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
object
Attack Types to be excluded for the defined match criteria.
App Firewall Attack Type context changes to be applied for this request.
object
Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).
Bot Names to be excluded for the defined match criteria.
Specifies bot to be excluded by its name.
object
Required: YES.
Signature IDs to be excluded for the defined match criteria.
App Firewall signature context changes to be applied for this request.
object
Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).
The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context. Required: YES.
Violations to be excluded for the defined match criteria.
App Firewall violation context changes to be applied for this request.
object
Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).
Exclusive with [any_domain suffix_value] Exact domain name.
The expiration_timestamp is the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.
object
Human readable description.
This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.
Methods to be matched.
Exclusive with [any_path path_regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [any_path path_prefix] Define the regex for the path. For example, the regex ^/.*$ will match on all paths.
Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”
object
Example
{ "waf_exclusion_rule": { "app_firewall_detection_control": { "exclude_attack_type_contexts": [ { "context": "CONTEXT_ANY", "exclude_attack_type": "ATTACK_TYPE_NONE" } ], "exclude_signature_contexts": [ { "context": "CONTEXT_ANY" } ], "exclude_violation_contexts": [ { "context": "CONTEXT_ANY", "exclude_violation": "VIOL_NONE" } ] }, "methods": [ "ANY" ] }}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example