GET CDN Loadbalancer.

GET

/api/config/namespaces/{namespace}/cdn_loadbalancers/{name}

const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/cdn_loadbalancers/example?response_format=GET_RSP_FORMAT_DEFAULT';
const options = {method: 'GET', headers: {Authorization: '<Authorization>'}};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request GET \
  --url 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/cdn_loadbalancers/example?response_format=GET_RSP_FORMAT_DEFAULT' \
  --header 'Authorization: <Authorization>'

Shape of the CDN loadbalancer specification.

Examples of this operation.

Authorizations

ApiToken

Parameters

Path Parameters

namespace

required

string

Namespace The namespace in which the configuration object is present.

name

required

string

Name The name of the configuration object to be fetched.

Query Parameters

response_format

string

default: GET_RSP_FORMAT_DEFAULT

Allowed values: GET_RSP_FORMAT_DEFAULT GET_RSP_FORMAT_FOR_CREATE GET_RSP_FORMAT_FOR_REPLACE GET_RSP_FORMAT_STATUS GET_RSP_FORMAT_READ GET_RSP_FORMAT_REFERRING_OBJECTS GET_RSP_FORMAT_BROKEN_REFERENCES

The format in which the configuration object is to be fetched. This could be for example

in GetSpec form for the contents of object
in CreateRequest form to create a new similar object
to ReplaceRequest form to replace changeable values

Default format of returned resource Response should be in CreateRequest format Response should be in ReplaceRequest format Response should be in StatusObject(s) format Response should be in format of GetSpecType Response should have other objects referring to this object Response should have deleted and disabled objects referrred by this object.

Responses

200

A successful response.

application/json

GetResponse is the shape of a read cdn_loadbalancer

This is the output message of the ‘GET’ RPC.

object

create_form

object

metadata

object

annotations

annotations

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.

object

description

description

Human readable description for the object.

string

>= 21 characters <= 1200 characters

disable

disable

A value of true will administratively disable the object.

boolean format: boolean

labels

labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

object

name

name

This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 6 characters <= 1024 characters

namespace

namespace

This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

string

>= 6 characters <= 1024 characters

spec

object

active_service_policies

object

policies

policies

Service Policies is a sequential engine where policies (and rules within the policy) are evaluated one after the other. It’s important to define the correct order (policies evaluated from top to bottom in the list) for service policies, to GET the intended result. For each request, its characteristics are evaluated based on the match criteria in each service policy starting at the top. If there is a match in the current policy, then the policy takes effect, and no more policies are evaluated. Otherwise, the next policy is evaluated. If all policies are evaluated and none match, then the request will be denied by default.

Required: YES.

Array<object>

>= 1 items <= 16 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

api_rate_limit

object

api_endpoint_rules

api_endpoint_policy

Sets of rules for a specific endpoints. Order is matter as it uses first match policy. For creating rule that contain a whole domain or group of endpoints, please use the server URL rules above.

Array<object>

<= 20 items

ApiEndpointRule

object

any_domain

object

api_endpoint_method

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

methods

methods

List of methods values to match against.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

api_endpoint_path

api endpoint path

The endpoint (path) of the request. Required: YES.

string

<= 1024 characters

client_matcher

object

any_client

object

any_ip

object

asn_list

object

as_numbers

as numbers

An unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer. Required: YES.

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

ip_threat_category_list

object

ip_threat_categories

IP Threat Categories

The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

A list of TLS JA3 fingerprints to be excluded when matching the input TLS JA3 fingerprint. This can be used to skip known false positives when using one or more known TLS fingerprint classes in the enclosing matcher.

Array<string>

<= 32 items

inline_rate_limiter

object

ref_user_id

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

threshold

threshold

The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period. Required: YES.

integer format: int64

unit

string

default: SECOND

Allowed values: SECOND MINUTE HOUR

use_http_lb_user_id

object

ref_rate_limiter

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

request_matcher

object

cookie_matchers

cookie matchers

A list of predicates for all cookies that need to be matched. The criteria for matching each cookie is described in individual instances of CookieMatcherType. The actual cookie values are extracted from the request API as a list of strings for each cookie name. Note that all specified cookie matcher predicates must evaluate to true.

Array<object>

<= 16 items

CookieMatcherType

A cookie matcher specifies the name of a single cookie and the criteria to match it. The input has a list of values for each cookie in the request. A cookie matcher can check for one of the following:

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

headers

headers

A list of predicates for various HTTP headers that need to match. The criteria for matching each HTTP header are described in individual HeaderMatcherType instances. The actual HTTP header values are extracted from the request API as a list of strings for each HTTP header type. Note that all specified header predicates must evaluate to true.

Array<object>

<= 16 items

HeaderMatcherType

A header matcher specifies the name of a single HTTP header and the criteria for the input request to match it. The input has a list of actual values for each header name in the original HTTP request. A header matcher can check for one of the following:

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

jwt_claims

JWT claims

A list of predicates for various JWT claims that need to match. The criteria for matching each JWT claim are described in individual JWTClaimMatcherType instances. The actual JWT claims values are extracted from the JWT payload as a list of strings. Note that all specified JWT claim predicates must evaluate to true. Note that this feature only works on LBs with JWT Validation feature enabled.

Array<object>

<= 16 items

JWTClaimMatcherType

A JWT claim matcher specifies the name of a single JWT claim and the criteria for the input request to match it. The input has a list of actual values for each JWT claim name in the JWT payload. A JWT claim matcher can check for one of the following:

Presence or absence of the JWT Claim in the input
At least one of the values for the JWT Claim in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

JWT claim name. Required: YES.

string

>= 6 characters <= 256 characters

query_params

query params

A list of predicates for all query parameters that need to be matched. The criteria for matching each query parameter are described in individual instances of QueryParameterMatcherType. The actual query parameter values are extracted from the request API as a list of strings for each query parameter name. Note that all specified query parameter predicates must evaluate to true.

Array<object>

<= 16 items

QueryParameterMatcherType

A query parameter matcher specifies the name of a single query parameter and the criteria for the input request to match it. The input has a list of actual values for each query parameter name in the original HTTP request. A query parameter matcher can check for one of the following:

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain.

string

<= 128 characters

bypass_rate_limiting_rules

object

bypass_rate_limiting_rules

bypass_rate_limiting_policy

This category defines rules per URL or API group. If request matches any of these rules, skip Rate Limiting.

Array<object>

<= 20 items

BypassRateLimitingRule

object

any_domain

object

any_url

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_groups

object

api_groups

api group

Required: YES.

Array<string>

<= 32 items

base_path

base path

Exclusive with [any_url api_endpoint api_groups] The base path which this validation applies to.

string

<= 128 characters

client_matcher

object

any_client

object

any_ip

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

ip_threat_category_list

object

ip_threat_categories

IP Threat Categories

The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

request_matcher

object

cookie_matchers

cookie matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

jwt_claims

JWT claims

Array<object>

<= 16 items

JWTClaimMatcherType

Presence or absence of the JWT Claim in the input
At least one of the values for the JWT Claim in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

JWT claim name. Required: YES.

string

>= 6 characters <= 256 characters

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain. For example: api.example.com.

string

<= 128 characters

custom_ip_allowed_list

object

rate_limiter_allowed_prefixes

rate_limiter_allowed_prefixes

References to ip_prefix_set objects. Requests from source IP addresses that are covered by one of the allowed IP Prefixes are not subjected to rate limiting.

Required: YES.

Array<object>

>= 1 items <= 4 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ip_allowed_list

object

prefixes

ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>

<= 128 items

no_ip_allowed_list

object

server_url_rules

server_url_policy

Set of rules for entire domain or base path that contain multiple endpoints. Order is matter as it uses first match policy. For matching also specific endpoints you can use the API endpoint rules set bellow.

Array<object>

<= 20 items

ServerUrlRule

object

any_domain

object

api_group

api_group

API groups derived from API Definition swaggers. For example oas-all-operations including all paths and methods from the swaggers, oas-base-URLs covering all requests under base-paths from the swaggers. Custom groups can be created if user tags paths or operations with “x-F5 Distributed Cloud-API-group” extensions inside swaggers.

string

<= 128 characters

base_path

base path

Prefix of the request path. Required: YES.

string

<= 128 characters

client_matcher

object

any_client

object

any_ip

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

ip_threat_category_list

object

ip_threat_categories

IP Threat Categories

The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

inline_rate_limiter

object

ref_user_id

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

threshold

threshold

The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period. Required: YES.

integer format: int64

unit

string

default: SECOND

Allowed values: SECOND MINUTE HOUR

use_http_lb_user_id

object

ref_rate_limiter

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

request_matcher

object

cookie_matchers

cookie matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

jwt_claims

JWT claims

Array<object>

<= 16 items

JWTClaimMatcherType

Presence or absence of the JWT Claim in the input
At least one of the values for the JWT Claim in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

JWT claim name. Required: YES.

string

>= 6 characters <= 256 characters

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain.

string

<= 128 characters

api_specification

object

api_definition

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

validation_all_spec_endpoints

object

fall_through_mode

object

fall_through_mode_allow

object

fall_through_mode_custom

object

open_api_validation_rules

Custom Fall Through Rule List

Required: YES.

Array<object>

<= 15 items

Fall Through Rule

Fall Through Rule for a specific endpoint, base-path, or API group.

object

action_block

object

action_report

object

action_skip

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_group

api_group

Exclusive with [api_endpoint base_path] The API group which this validation applies to.

string

<= 128 characters

base_path

base path

Exclusive with [api_endpoint api_group] The base path which this validation applies to.

string

<= 128 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

settings

object

oversized_body_fail_validation

object

oversized_body_skip_validation

object

property_validation_settings_custom

object

queryParameters

object

allow_additional_parameters

object

disallow_additional_parameters

object

property_validation_settings_default

object

validation_mode

object

response_validation_mode_active

object

enforcement_block

object

enforcement_report

object

response_validation_properties

Response Validation Properties

List of properties of the response to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

Allowed values: PROPERTY_QUERY_PARAMETERS PROPERTY_PATH_PARAMETERS PROPERTY_CONTENT_TYPE PROPERTY_COOKIE_PARAMETERS PROPERTY_HTTP_HEADERS PROPERTY_HTTP_BODY PROPERTY_SECURITY_SCHEMA PROPERTY_RESPONSE_CODE

skip_response_validation

object

skip_validation

object

validation_mode_active

object

enforcement_block

object

enforcement_report

object

request_validation_properties

Request Validation Properties

List of properties of the request to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

validation_custom_list

object

fall_through_mode

object

fall_through_mode_allow

object

fall_through_mode_custom

object

open_api_validation_rules

Custom Fall Through Rule List

Required: YES.

Array<object>

<= 15 items

Fall Through Rule

Fall Through Rule for a specific endpoint, base-path, or API group.

object

action_block

object

action_report

object

action_skip

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_group

api_group

Exclusive with [api_endpoint base_path] The API group which this validation applies to.

string

<= 128 characters

base_path

base path

Exclusive with [api_endpoint api_group] The base path which this validation applies to.

string

<= 128 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

open_api_validation_rules

Validation List

Required: YES.

Array<object>

<= 15 items

OpenAPI Validation Rule

OpenAPI Validation Rule for a specific endpoint, base-path, or API group.

object

any_domain

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_group

api_group

Exclusive with [api_endpoint base_path] The API group which this validation applies to.

string

<= 128 characters

base_path

base path

Exclusive with [api_endpoint api_group] The base path which this validation applies to.

string

<= 128 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain.

string

<= 128 characters

validation_mode

object

response_validation_mode_active

object

enforcement_block

object

enforcement_report

object

response_validation_properties

Response Validation Properties

List of properties of the response to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

skip_response_validation

object

skip_validation

object

validation_mode_active

object

enforcement_block

object

enforcement_report

object

request_validation_properties

Request Validation Properties

List of properties of the request to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

settings

object

oversized_body_fail_validation

object

oversized_body_skip_validation

object

property_validation_settings_custom

object

queryParameters

object

allow_additional_parameters

object

disallow_additional_parameters

object

property_validation_settings_default

object

validation_disabled

object

app_firewall

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

blocked_clients

Define rules to block IP Prefixes or AS numbers.

Array<object>

<= 256 items

SimpleClientSrcRule

Simple client source rule specifies the sources to be blocked or trusted (skip WAF)

object

actions

actions

Actions that should be taken when client identifier matches the rule.

Array<string>

<= 10 items

Allowed values: SKIP_PROCESSING_WAF SKIP_PROCESSING_BOT SKIP_PROCESSING_MUM SKIP_PROCESSING_IP_REPUTATION SKIP_PROCESSING_API_PROTECTION SKIP_PROCESSING_OAS_VALIDATION SKIP_PROCESSING_DDOS_PROTECTION SKIP_PROCESSING_THREAT_MESH SKIP_PROCESSING_MALWARE_PROTECTION

as_number

as number

Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.

integer format: int64

bot_skip_processing

object

expiration_timestamp

expiration timestamp

The expiration_timestamp is the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.

string format: date-time

<= 1024 characters

http_header

object

headers

headers

List of HTTP header name and value pairs

Required: YES.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

ip_prefix

ip prefix

Exclusive with [as_number http_header ipv6_prefix user_identifier] IPv4 prefix string.

string

<= 1024 characters

ipv6_prefix

ipv6 prefix

Exclusive with [as_number http_header ip_prefix user_identifier] IPv6 prefix string.

string

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

skip_processing

object

user_identifier

user identifier

Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier. User identifier value needs to be copied from security event.

string

<= 256 characters

waf_skip_processing

object

bot_defense

object

disable_cors_support

object

enable_cors_support

object

policy

object

disable_js_insert

object

disable_mobile_sdk

object

javascript_mode

string

default: ASYNC_JS_NO_CACHING

Allowed values: ASYNC_JS_NO_CACHING ASYNC_JS_CACHING SYNC_JS_NO_CACHING SYNC_JS_CACHING

js_download_path

js_download_path

Customize Bot Defense Client JavaScript path. If not specified, default /common.js

string

<= 1024 characters

js_insert_all_pages

object

javascript_location

string

default: AFTER_HEAD

Allowed values: AFTER_HEAD AFTER_TITLE_END BEFORE_SCRIPT

js_insert_all_pages_except

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

javascript_location

string

default: AFTER_HEAD

Allowed values: AFTER_HEAD AFTER_TITLE_END BEFORE_SCRIPT

js_insertion_rules

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

rules

rules

Required list of pages to insert Bot Defense client JavaScript.

Required: YES.

Array<object>

>= 1 items <= 128 items

ShapeJavaScriptInsertionRule

This defines a rule for Bot Defense JavaScript insertion.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

javascript_location

string

default: AFTER_HEAD

Allowed values: AFTER_HEAD AFTER_TITLE_END BEFORE_SCRIPT

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

mobile_sdk_config

object

mobile_identifier

object

headers

Mobile headers

Headers that can be used to identify mobile traffic.

Array<object>

<= 32 items

HeaderMatcherTypeBasic

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

protected_app_endpoints

AppEndpointType

List of protected endpoints. Limit: Approx ‘128 endpoints per Load Balancer (LB)’ upto 4 LBs, ‘32 endpoints per LB’ after 4 LBs.

Required: YES.

Array<object>

>= 1 items <= 128 items

AppEndpointType

Application Endpoint.

object

allow_good_bots

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

flow_label

object

account_management

object

create

object

password_reset

object

authentication

object

login

object

disable_transaction_result

object

transaction_result

object

failure_conditions

Failure Conditions

Failure Conditions.

Array<object>

<= 3 items

BotDefenseTransactionResultCondition

Bot Defense Transaction Result Condition.

object

name

name

A case-insensitive HTTP header name.

string

>= 6 characters <= 256 characters

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

status

string

default: EmptyStatusCode

Allowed values: EmptyStatusCode Continue OK Created Accepted NonAuthoritativeInformation NoContent ResetContent PartialContent MultiStatus AlreadyReported IMUsed MultipleChoices MovedPermanently Found SeeOther NotModified UseProxy TemporaryRedirect PermanentRedirect BadRequest Unauthorized PaymentRequired Forbidden NotFound MethodNotAllowed NotAcceptable ProxyAuthenticationRequired RequestTimeout Conflict Gone LengthRequired PreconditionFailed PayloadTooLarge URITooLong UnsupportedMediaType RangeNotSatisfiable ExpectationFailed MisdirectedRequest UnprocessableEntity Locked FailedDependency UpgradeRequired PreconditionRequired TooManyRequests RequestHeaderFieldsTooLarge InternalServerError NotImplemented BadGateway ServiceUnavailable GatewayTimeout HTTPVersionNotSupported VariantAlsoNegotiates InsufficientStorage LoopDetected NotExtended NetworkAuthenticationRequired

success_conditions

Success Conditions

Success Conditions.

Array<object>

<= 3 items

BotDefenseTransactionResultCondition

Bot Defense Transaction Result Condition.

object

name

name

A case-insensitive HTTP header name.

string

>= 6 characters <= 256 characters

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

status

string

default: EmptyStatusCode

login_mfa

object

login_partner

object

logout

object

token_refresh

object

financial_services

object

apply

object

money_transfer

object

flight

object

checkin

object

profile_management

object

create

object

update

object

view

object

search

object

flight_search

object

product_search

object

reservation_search

object

room_search

object

shopping_gift_cards

object

gift_card_make_purchase_with_gift_card

object

gift_card_validation

object

shop_add_to_cart

object

shop_checkout

object

shop_choose_seat

object

shop_enter_drawing_submission

object

shop_make_payment

object

shop_order

object

shop_price_inquiry

object

shop_promo_code_validation

object

shop_purchase_gift_card

object

shop_update_quantity

object

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

http_methods

HTTP Methods

List of HTTP methods.

Required: YES.

Array<string>

>= 1 items <= 5 items

Allowed values: METHOD_ANY METHOD_GET METHOD_POST METHOD_PUT METHOD_PATCH METHOD_DELETE METHOD_GET_DOCUMENT

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

mitigate_good_bots

object

mitigation

object

block

object

body

body

Custom body message is of type uri_ref. Currently supported URL schemes is string:///. For string:/// scheme, message needs to be encoded in Base64 format. You can specify this message as base64 encoded plain text message e.g. “Your request was blocked” or it can be HTML paragraph or a body string encoded as base64 string E.g. ”

Your request was blocked

”. Base64 encoded string for this HTML is “LzxwPiBZb3VyIHJlcXVlc3Qgd2FzIGJsb2NrZWQgPC9wPg==”

string

<= 4096 characters

status

string

default: EmptyStatusCode

flag

object

append_headers

object

auto_type_header_name

auto_type_header_name

A case-insensitive HTTP header name. Required: YES.

string

<= 256 characters

inference_header_name

inference_header_name

A case-insensitive HTTP header name. Required: YES.

string

<= 256 characters

no_headers

object

redirect

object

uri

URI

URI location for redirect may be relative or absolute. Required: YES.

string

<= 1024 characters

mobile

object

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

protocol

string

default: BOTH

Allowed values: BOTH HTTP HTTPS

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

undefined_flow_label

object

web

object

web_mobile

object

mobile_identifier

string

default: HEADERS

Allowed values: HEADERS

regional_endpoint

string

default: AUTO

Allowed values: AUTO US EU ASIA

timeout

timeout

The timeout for the inference check, in milliseconds.

integer format: int64

captcha_challenge

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Custom message is of type uri_ref. Currently supported URL schemes is string:///. For string:/// scheme, message needs to be encoded in Base64 format. You can specify this message as base64 encoded plain text message e.g. “Please Wait..” or it can be HTML paragraph or a body string encoded as base64 string E.g. ”

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

client_side_defense

object

policy

object

disable_js_insert

object

js_insert_all_pages

object

js_insert_all_pages_except

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

js_insertion_rules

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

rules

rules

Required list of pages to insert Client-Side Defense client JavaScript.

Required: YES.

Array<object>

>= 1 items <= 128 items

CSDJavaScriptInsertionRule

This defines a rule for Client-Side Defense JavaScript insertion.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

cors_policy

object

allow_credentials

allow_credentials

Specifies whether the resource allows credentials.

boolean format: boolean

allow_headers

allow_headers

Specifies the content for the access-control-allow-headers header.

string

<= 1024 characters

allow_methods

allow_methods

Specifies the content for the access-control-allow-methods header.

string

<= 1024 characters

allow_origin

allow_origin

Specifies the origins that will be allowed to do CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match.

Array<string>

<= 128 items

allow_origin_regex

allow_origin_regex

Specifies regex patterns that match allowed origins. An origin is allowed if either allow_origin or allow_origin_regex match.

Array<string>

<= 16 items

disabled

disabled

Disable the CorsPolicy for a particular route. This is useful when virtual-host has CorsPolicy, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.

boolean format: boolean

expose_headers

expose_headers

Specifies the content for the access-control-expose-headers header.

string

<= 1024 characters

maximum_age

maximum_age

Specifies the content for the access-control-max-age header in seconds. This indicates the maximum number of seconds the results can be cached A value of -1 will disable caching. Maximum permitted value is 86400 seconds (24 hours)

integer format: int32

csrf_policy

object

all_load_balancer_domains

object

custom_domain_list

object

domains

Domains

A list of domain names that will be matched to loadbalancer. These domains are not used for SNI match. Wildcard names are supported in the suffix or prefix form. Required: YES.

Array<string>

>= 1 items <= 32 items

disabled

object

custom_cache_rule

object

cdn_cache_rules

cdn_cache_rule

Reference to CDN Cache Rule configuration object.

Array<object>

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

data_guard_rules

Data Guard prevents responses from exposing sensitive information by masking the data. The system masks credit card numbers and social security numbers leaked from the application from within the HTTP response with a string of asterisks (*). Note: App Firewall should be enabled, to use Data Guard feature.

Array<object>

<= 64 items

SimpleDataGuardRule

Simple Data Guard rule specifies a simple set of match conditions to enable data guard protection.

object

any_domain

object

apply_data_guard

object

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

skip_data_guard

object

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

ddos_mitigation_rules

Define manual mitigation rules to block L7 DDoS attacks.

Array<object>

<= 256 items

DDoSMitigationRule

DDoS Mitigation Rule specifies the sources to be blocked.

object

block

object

ddos_client_source

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

country_list

country_list

Sources that are located in one of the countries in the given list.

Array<string>

<= 64 items

Allowed values: COUNTRY_NONE COUNTRY_AD COUNTRY_AE COUNTRY_AF COUNTRY_AG COUNTRY_AI COUNTRY_AL COUNTRY_AM COUNTRY_AN COUNTRY_AO COUNTRY_AQ COUNTRY_AR COUNTRY_AS COUNTRY_AT COUNTRY_AU COUNTRY_AW COUNTRY_AX COUNTRY_AZ COUNTRY_BA COUNTRY_BB COUNTRY_BD COUNTRY_BE COUNTRY_BF COUNTRY_BG COUNTRY_BH COUNTRY_BI COUNTRY_BJ COUNTRY_BL COUNTRY_BM COUNTRY_BN COUNTRY_BO COUNTRY_BQ COUNTRY_BR COUNTRY_BS COUNTRY_BT COUNTRY_BV COUNTRY_BW COUNTRY_BY COUNTRY_BZ COUNTRY_CA COUNTRY_CC COUNTRY_CD COUNTRY_CF COUNTRY_CG COUNTRY_CH COUNTRY_CI COUNTRY_CK COUNTRY_CL COUNTRY_CM COUNTRY_CN COUNTRY_CO COUNTRY_CR COUNTRY_CS COUNTRY_CU COUNTRY_CV COUNTRY_CW COUNTRY_CX COUNTRY_CY COUNTRY_CZ COUNTRY_DE COUNTRY_DJ COUNTRY_DK COUNTRY_DM COUNTRY_DO COUNTRY_DZ COUNTRY_EC COUNTRY_EE COUNTRY_EG COUNTRY_EH COUNTRY_ER COUNTRY_ES COUNTRY_ET COUNTRY_FI COUNTRY_FJ COUNTRY_FK COUNTRY_FM COUNTRY_FO COUNTRY_FR COUNTRY_GA COUNTRY_GB COUNTRY_GD COUNTRY_GE COUNTRY_GF COUNTRY_GG COUNTRY_GH COUNTRY_GI COUNTRY_GL COUNTRY_GM COUNTRY_GN COUNTRY_GP COUNTRY_GQ COUNTRY_GR COUNTRY_GS COUNTRY_GT COUNTRY_GU COUNTRY_GW COUNTRY_GY COUNTRY_HK COUNTRY_HM COUNTRY_HN COUNTRY_HR COUNTRY_HT COUNTRY_HU COUNTRY_ID COUNTRY_IE COUNTRY_IL COUNTRY_IM COUNTRY_IN COUNTRY_IO COUNTRY_IQ COUNTRY_IR COUNTRY_IS COUNTRY_IT COUNTRY_JE COUNTRY_JM COUNTRY_JO COUNTRY_JP COUNTRY_KE COUNTRY_KG COUNTRY_KH COUNTRY_KI COUNTRY_KM COUNTRY_KN COUNTRY_KP COUNTRY_KR COUNTRY_KW COUNTRY_KY COUNTRY_KZ COUNTRY_LA COUNTRY_LB COUNTRY_LC COUNTRY_LI COUNTRY_LK COUNTRY_LR COUNTRY_LS COUNTRY_LT COUNTRY_LU COUNTRY_LV COUNTRY_LY COUNTRY_MA COUNTRY_MC COUNTRY_MD COUNTRY_ME COUNTRY_MF COUNTRY_MG COUNTRY_MH COUNTRY_MK COUNTRY_ML COUNTRY_MM COUNTRY_MN COUNTRY_MO COUNTRY_MP COUNTRY_MQ COUNTRY_MR COUNTRY_MS COUNTRY_MT COUNTRY_MU COUNTRY_MV COUNTRY_MW COUNTRY_MX COUNTRY_MY COUNTRY_MZ COUNTRY_NA COUNTRY_NC COUNTRY_NE COUNTRY_NF COUNTRY_NG COUNTRY_NI COUNTRY_NL COUNTRY_NO COUNTRY_NP COUNTRY_NR COUNTRY_NU COUNTRY_NZ COUNTRY_OM COUNTRY_PA COUNTRY_PE COUNTRY_PF COUNTRY_PG COUNTRY_PH COUNTRY_PK COUNTRY_PL COUNTRY_PM COUNTRY_PN COUNTRY_PR COUNTRY_PS COUNTRY_PT COUNTRY_PW COUNTRY_PY COUNTRY_QA COUNTRY_RE COUNTRY_RO COUNTRY_RS COUNTRY_RU COUNTRY_RW COUNTRY_SA COUNTRY_SB COUNTRY_SC COUNTRY_SD COUNTRY_SE COUNTRY_SG COUNTRY_SH COUNTRY_SI COUNTRY_SJ COUNTRY_SK COUNTRY_SL COUNTRY_SM COUNTRY_SN COUNTRY_SO COUNTRY_SR COUNTRY_SS COUNTRY_ST COUNTRY_SV COUNTRY_SX COUNTRY_SY COUNTRY_SZ COUNTRY_TC COUNTRY_TD COUNTRY_TF COUNTRY_TG COUNTRY_TH COUNTRY_TJ COUNTRY_TK COUNTRY_TL COUNTRY_TM COUNTRY_TN COUNTRY_TO COUNTRY_TR COUNTRY_TT COUNTRY_TV COUNTRY_TW COUNTRY_TZ COUNTRY_UA COUNTRY_UG COUNTRY_UM COUNTRY_US COUNTRY_UY COUNTRY_UZ COUNTRY_VA COUNTRY_VC COUNTRY_VE COUNTRY_VG COUNTRY_VI COUNTRY_VN COUNTRY_VU COUNTRY_WF COUNTRY_WS COUNTRY_XK COUNTRY_XT COUNTRY_YE COUNTRY_YT COUNTRY_ZA COUNTRY_ZM COUNTRY_ZW

ja4_tls_fingerprint_matcher

object

exact_values

exact values

A list of exact JA4 TLS fingerprint to match the input JA4 TLS fingerprint against.

Array<string>

<= 16 items

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

default_cache_action

object

cache_disabled

object

cache_ttl_default

Use Cache TTL Provided by Origin

Exclusive with [cache_disabled cache_ttl_override] Use Cache TTL Provided by Origin, and set a contigency TTL value in case one is not provided.

string

<= 1024 characters

cache_ttl_override

Override Cache TTL Provided by Origin

Exclusive with [cache_disabled cache_ttl_default] Always override the Cahce TTL provided by Origin.

string

<= 1024 characters

default_sensitive_data_policy

object

disable_api_definition

object

disable_api_discovery

object

disable_client_side_defense

object

disable_ip_reputation

object

disable_malicious_user_detection

object

disable_rate_limit

object

disable_threat_mesh

object

disable_waf

object

domains

A list of fully qualified domain names. The CDN Distribution will be setup for these FQDN name(s). [This can be a domain or a sub-domain] Required: YES.

Array<string>

>= 1 items <= 32 items

enable_api_discovery

object

api_crawler

object

api_crawler_config

object

domains

Configured API Domains

Enter domains and their credentials to allow authenticated API crawling. You can only include domains you own that are associated with this Load Balancer.

Required: YES.

Array<object>

<= 32 items

Configured API Domains

The DomainConfiguration message.

object

domain

Custom domain to crawl

Select the domain to execute API Crawling with given credentials.

Required: YES.

string format: hostname

>= 26 characters <= 256 characters

simple_login

object

password

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

user

The custom domain user authentication

Enter the username to assign credentials for the selected domain to crawl.

string

<= 64 characters

disable_api_crawler

object

api_discovery_from_code_scan

object

code_base_integrations

Code Base Integrations

Required: YES.

Array<object>

<= 5 items

Code Base Integration

object

all_repos

object

code_base_integration

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

selected_repos

object

api_code_repo

API Code Repository

Code repository which contain API endpoints

Required: YES.

Array<string>

custom_api_auth_discovery

object

api_discovery_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_api_auth_discovery

object

disable_learn_from_redirect_traffic

object

discovered_api_settings

object

purge_duration_for_inactive_discovered_apis

purge_duration_for_inactive_discovered_apis

Inactive discovered API will be deleted after configured duration.

integer format: int64

enable_learn_from_redirect_traffic

object

enable_challenge

object

captcha_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

default_captcha_challenge_parameters

object

default_js_challenge_parameters

object

default_mitigation_settings

object

js_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

malicious_user_mitigation

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

enable_ip_reputation

object

ip_threat_categories

IP Threat Categories

If the source IP matches on atleast one of the enabled IP threat categories, the request will be denied.

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

enable_malicious_user_detection

object

enable_threat_mesh

object

graphql_rules

GraphQL is a query language and server-side runtime for APIs which provides a complete and understandable description of the data in API. GraphQL gives clients the power to ask for exactly what they need, makes it easier to evolve APIs over time, and enables powerful developer tools. Policy configuration to analyze GraphQL queries and prevent GraphQL tailored attacks.

Array<object>

<= 64 items

GraphQL Rule

This section defines various configuration OPTIONS for GraphQL inspection.

object

any_domain

object

exact_path

Path

Specifies the exact path to GraphQL endpoint. Default value is /graphql. Required: YES.

string

<= 256 characters

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

graphql_settings

object

disable_introspection

object

enable_introspection

object

max_batched_queries

Max Batched Queries

Specify maximum number of queries in a single batched request. Required: YES.

integer format: int64

max_depth

Max Depth

Specify maximum depth for the GraphQL query. Required: YES.

integer format: int64

max_total_length

Max Total Length

Specify maximum length in bytes for the GraphQL query. Required: YES.

integer format: int64

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

method_get

object

method_post

object

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

tls_cert_options

object

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_inline_params

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

tls_config

object

tls_11_plus

object

tls_12_plus

object

js_challenge

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

jwt_validation

object

action

object

block

object

report

object

jwks_config

object

cleartext

cleartext

The JSON Web Key Set (JWKS) is a set of keys used to verify JSON Web Token (JWT) issued by the Authorization Server. See RFC 7517 for more details.

string

<= 1024 characters

mandatory_claims

object

claim_names

Claim names

Human-readable name for the resource

Array<string>

<= 16 items

reserved_claims

object

audience

object

audiences

audiences

Required: YES.

Array<string>

>= 1 items <= 16 items

audience_disable

object

issuer

issuer

Exclusive with [issuer_disable]

string

<= 1024 characters

issuer_disable

object

validate_period_disable

object

validate_period_enable

object

target

object

all_endpoint

object

api_groups

object

api_groups

api group

Required: YES.

Array<string>

<= 32 items

base_paths

object

base_paths

base_paths

Required: YES.

Array<string>

<= 16 items

token_location

object

bearer_token

object

authorization_server

object

authorization_servers

authorization_server_name

Authorization Servers are configured separately in the ‘Shared Objects’ section of the Web App & API Protection workspace and used to fetch JWKS for JWT validation.

Required: YES.

Array<object>

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

l7_ddos_action_block

object

l7_ddos_action_default

object

l7_ddos_action_js_challenge

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

no_challenge

object

no_service_policies

object

origin_pool

object

more_origin_options

object

enable_byte_range_request

Enable Origin Byte Range Requests

Choice to enable/disable byte range requests towards origin.

boolean format: boolean

websocket_proxy

Enable websocket proxy to the origin

Option to enable proxying of websocket connections to the origin server.

boolean format: boolean

no_tls

object

origin_request_timeout

Origin Request Timeout

Configures the time after which a request to the origin will time out waiting for a response.

string

<= 1024 characters

origin_servers

List of Origin Servers

List of original servers

Required: YES.

Array<object>

>= 1 items <= 32 items

CDNOriginServerType

Various OPTIONS to specify origin server.

object

port

Port

Port the workload can be reached on.

integer format: int64

>= 1 <= 65535

public_ip

object

Exclusive with [] Public IPv4 address.

string

<= 1024 characters

public_name

object

dns_name

DNS name

DNS Name Required: YES.

string

>= 1 characters <= 256 characters

refresh_interval

refresh_interval

Interval for DNS refresh in seconds. Max value is 7 days as per https://datatracker.ietf.org/doc/HTML/rfc8767.

integer format: int64

public_name

object

dns_name

DNS name

DNS Name Required: YES.

string

>= 1 characters <= 256 characters

refresh_interval

refresh_interval

Interval for DNS refresh in seconds. Max value is 7 days as per https://datatracker.ietf.org/doc/HTML/rfc8767.

integer format: int64

use_tls

object

default_session_key_caching

object

disable_session_key_caching

object

disable_sni

object

max_session_keys

Max Session Keys Cached

Exclusive with [default_session_key_caching disable_session_key_caching]

Number of session keys that are cached.

integer format: int64

no_mtls

object

skip_server_verification

object

sni

sni

Exclusive with [disable_sni use_host_header_as_sni] SNI value to be used.

string

<= 256 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_host_header_as_sni

object

use_mtls

object

tls_certificates

mTLS certificate

MTLS Client Certificate

Required: YES.

Array<object>

>= 1 items <= 1 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

use_system_defaults

object

use_mtls_obj

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

use_server_verification

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Origin Pool for verification of server’s certificate.

string

>= 1 characters <= 131072 characters

volterra_trusted_ca

object

other_settings

object

add_location

Add Site information

X-example: true Appends header x-F5 Distributed Cloud-location = in responses.

boolean format: boolean

header_options

object

request_headers_to_add

Headers to add in request

Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied.

Array<object>

<= 32 items

HeaderManipulationOptionType

HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.

object

append

append

Should the value be appended? If true, the value is appended to existing values. Default value is do not append.

boolean format: boolean

name

name

Name of the HTTP header. Required: YES.

string

>= 6 characters <= 256 characters

secret_value

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

value

value

Exclusive with [secret_value] Value of the HTTP header.

string

>= 3 characters <= 8096 characters

request_headers_to_remove

Header to be removed from request

List of keys of Headers to be removed from the HTTP request being sent towards upstream.

Array<string>

<= 32 items

response_headers_to_add

Headers to add in response

Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied.

Array<object>

<= 32 items

HeaderManipulationOptionType

object

append

append

Should the value be appended? If true, the value is appended to existing values. Default value is do not append.

boolean format: boolean

name

name

Name of the HTTP header. Required: YES.

string

>= 6 characters <= 256 characters

secret_value

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

value

value

Exclusive with [secret_value] Value of the HTTP header.

string

>= 3 characters <= 8096 characters

response_headers_to_remove

Header to be removed from response

List of keys of Headers to be removed from the HTTP response being sent towards downstream.

Array<string>

<= 32 items

logging_options

object

client_log_options

object

header_list

List of Headers

List of headers.

Array<string>

<= 64 items

origin_log_options

object

header_list

List of Headers

List of headers.

Array<string>

<= 64 items

policy_based_challenge

object

always_enable_captcha_challenge

object

always_enable_js_challenge

object

captcha_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

default_captcha_challenge_parameters

object

default_js_challenge_parameters

object

default_mitigation_settings

object

default_temporary_blocking_parameters

object

js_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

malicious_user_mitigation

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_challenge

object

rule_list

object

rules

Rules

Rules that specify the match conditions and challenge type to be launched. When a challenge type is selected to be always enabled, these rules can be used to disable challenge or launch a different challenge for requests that match the specified conditions.

Array<object>

<= 64 items

Challenge Rule

Challenge rule.

object

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

spec

object

any_asn

object

any_client

object

any_ip

object

arg_matchers

A list of predicates for all POST args that need to be matched. The criteria for matching each arg are described in individual instances of ArgMatcherType. The actual arg values are extracted from the request API as a list of strings for each arg selector name. Note that all specified arg matcher predicates must evaluate to true.

Array<object>

<= 16 items

ArgMatcherType

A argument matcher specifies the name of a single argument in the body and the criteria to match it. A argument matcher can check for one of the following:

Presence or absence of the argument
At least one of the values for the argument in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive JSON path in the HTTP request body. Required: YES.

string

>= 6 characters <= 256 characters

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

body_matcher

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

cookie_matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

disable_challenge

object

domain_matcher

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

enable_captcha_challenge

object

enable_javascript_challenge

object

expiration_timestamp

string format: date-time

<= 1024 characters

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

http_method

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

methods

methods

List of methods values to match against.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

path

object

exact_values

exact values

A list of exact path values to match the input HTTP path against.

Array<string>

<= 16 items

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_values

prefix values

A list of path prefix values to match the input HTTP path against.

Array<string>

<= 16 items

regex_values

regex values

A list of regular expressions to match the input HTTP path against.

Array<string>

<= 16 items

suffix_values

Suffix values

A list of path suffix values to match the input HTTP path against.

Array<string>

<= 64 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

query_params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

temporary_user_blocking

object

custom_page

custom_page

Custom message is of type uri_ref. Currently supported URL schemes is string:///. For string:/// scheme, message needs to be encoded in Base64 format. You can specify this message as base64 encoded plain text message e.g. “Blocked..” or it can be HTML paragraph or a body string encoded as base64 string E.g. ”

Blocked

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

protected_cookies

Allows setting attributes (SameSite, Secure, and HttpOnly) on cookies in responses. Cookie Tampering Protection prevents attackers from modifying the value of session cookies. For Cookie Tampering Protection, enabling a web app firewall (WAF) is a prerequisite. The configured mode of WAF (monitoring or blocking) will be enforced on the request when cookie tampering is identified. Note: We recommend enabling Secure and HttpOnly attributes along with cookie tampering protection.

Array<object>

<= 16 items

CookieManipulationOptionType

Set Cookie protection attributes.

object

add_httponly

object

add_secure

object

disable_tampering_protection

object

enable_tampering_protection

object

ignore_httponly

object

ignore_max_age

object

ignore_samesite

object

ignore_secure

object

max_age_value

add_max_age

Exclusive with [ignore_max_age] Add max age attribute.

integer format: int32

name

name

Name of the Cookie Required: YES.

string

>= 6 characters <= 256 characters

samesite_lax

object

samesite_none

object

samesite_strict

object

rate_limit

object

custom_ip_allowed_list

object

rate_limiter_allowed_prefixes

rate_limiter_allowed_prefixes

References to ip_prefix_set objects. Requests from source IP addresses that are covered by one of the allowed IP Prefixes are not subjected to rate limiting.

Required: YES.

Array<object>

>= 1 items <= 4 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ip_allowed_list

object

prefixes

ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>

<= 128 items

no_ip_allowed_list

object

no_policies

object

policies

object

policies

Rate Limiter Policies

Ordered list of rate limiter policies.

Required: YES.

Array<object>

<= 16 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

rate_limiter

object

action_block

object

hours

object

duration

Duration

Configuration parameter for duration

integer format: int64

minutes

object

duration

Duration

Configuration parameter for duration

integer format: int64

seconds

object

duration

Duration

Configuration parameter for duration

integer format: int64

burst_multiplier

burst_multiplier

The maximum burst of requests to accommodate, expressed as a multiple of the rate.

integer format: int64

disabled

object

leaky_bucket

object

period_multiplier

period_multiplier

This setting, combined with Per Period units, provides a duration.

integer format: int64

token_bucket

object

total_number

total_number

The total number of allowed requests per rate-limiting period. Required: YES.

integer format: int64

unit

string

default: SECOND

Allowed values: SECOND MINUTE HOUR

sensitive_data_policy

object

sensitive_data_policy_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

service_policies_from_namespace

object

slow_ddos_mitigation

object

disable_request_timeout

object

request_headers_timeout

Request Headers Timeout

The amount of time the client has to send only the headers on the request stream before the stream is cancelled. The default value is 10000 milliseconds. This setting provides protection against Slowloris attacks.

integer format: int64

request_timeout

Custom Timeout

Exclusive with [disable_request_timeout]

integer format: int64

system_default_timeouts

object

trusted_clients

Define rules to skip processing of one or more features such as WAF, Bot Defense etc. For clients.

Array<object>

<= 256 items

SimpleClientSrcRule

Simple client source rule specifies the sources to be blocked or trusted (skip WAF)

object

actions

actions

Actions that should be taken when client identifier matches the rule.

Array<string>

<= 10 items

as_number

as number

Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.

integer format: int64

bot_skip_processing

object

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

http_header

object

headers

headers

List of HTTP header name and value pairs

Required: YES.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

ip_prefix

ip prefix

Exclusive with [as_number http_header ipv6_prefix user_identifier] IPv4 prefix string.

string

<= 1024 characters

ipv6_prefix

ipv6 prefix

Exclusive with [as_number http_header ip_prefix user_identifier] IPv6 prefix string.

string

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

skip_processing

object

user_identifier

user identifier

Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier. User identifier value needs to be copied from security event.

string

<= 256 characters

waf_skip_processing

object

user_id_client_ip

object

user_identification

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

waf_exclusion

object

waf_exclusion_inline_rules

object

rules

List of WAF Exclusion Rules

An ordered list of WAF Exclusions specific to this Load Balancer.

Array<object>

<= 256 items

SimpleWafExclusionRule

Simple WAF exclusion rule specifies a simple set of match conditions to be matched to skip a list of WAF detections.

object

any_domain

object

any_path

object

app_firewall_detection_control

object

exclude_attack_type_contexts

Exclude Attack Types Contexts

Attack Types to be excluded for the defined match criteria.

Array<object>

<= 64 items

App Firewall Attack Type Context

App Firewall Attack Type context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).

string

<= 128 characters

exclude_attack_type

string

default: ATTACK_TYPE_NONE

Allowed values: ATTACK_TYPE_NONE ATTACK_TYPE_NON_BROWSER_CLIENT ATTACK_TYPE_OTHER_APPLICATION_ATTACKS ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE ATTACK_TYPE_DETECTION_EVASION ATTACK_TYPE_VULNERABILITY_SCAN ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS ATTACK_TYPE_BUFFER_OVERFLOW ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION ATTACK_TYPE_INFORMATION_LEAKAGE ATTACK_TYPE_DIRECTORY_INDEXING ATTACK_TYPE_PATH_TRAVERSAL ATTACK_TYPE_XPATH_INJECTION ATTACK_TYPE_LDAP_INJECTION ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION ATTACK_TYPE_COMMAND_EXECUTION ATTACK_TYPE_SQL_INJECTION ATTACK_TYPE_CROSS_SITE_SCRIPTING ATTACK_TYPE_DENIAL_OF_SERVICE ATTACK_TYPE_HTTP_PARSER_ATTACK ATTACK_TYPE_SESSION_HIJACKING ATTACK_TYPE_HTTP_RESPONSE_SPLITTING ATTACK_TYPE_FORCEFUL_BROWSING ATTACK_TYPE_REMOTE_FILE_INCLUDE ATTACK_TYPE_MALICIOUS_FILE_UPLOAD ATTACK_TYPE_GRAPHQL_PARSER_ATTACK

exclude_bot_name_contexts

Exclude Bot Names Contexts

Bot Names to be excluded for the defined match criteria.

Array<object>

<= 64 items

Bot Name Context

Specifies bot to be excluded by its name.

object

bot_name

BotName

Required: YES.

string

<= 1024 characters

exclude_signature_contexts

Exclude Signature Contexts

Signature IDs to be excluded for the defined match criteria.

Array<object>

<= 1024 items

App Firewall Signature Context

App Firewall signature context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

signature_id

SignatureID

The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context. Required: YES.

integer format: int64

exclude_violation_contexts

Exclude Violation Contexts

Violations to be excluded for the defined match criteria.

Array<object>

<= 64 items

App Firewall Violation Context

App Firewall violation context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

exclude_violation

string

default: VIOL_NONE

Allowed values: VIOL_NONE VIOL_FILETYPE VIOL_METHOD VIOL_MANDATORY_HEADER VIOL_HTTP_RESPONSE_STATUS VIOL_REQUEST_MAX_LENGTH VIOL_FILE_UPLOAD VIOL_FILE_UPLOAD_IN_BODY VIOL_XML_MALFORMED VIOL_JSON_MALFORMED VIOL_ASM_COOKIE_MODIFIED VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION VIOL_HTTP_PROTOCOL_CRLF_CHARACTERS_BEFORE_REQUEST_START VIOL_HTTP_PROTOCOL_NO_HOST_HEADER_IN_HTTP_1_1_REQUEST VIOL_HTTP_PROTOCOL_BAD_MULTIPART_PARAMETERS_PARSING VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS VIOL_HTTP_PROTOCOL_CONTENT_LENGTH_SHOULD_BE_A_POSITIVE_NUMBER VIOL_EVASION_DIRECTORY_TRAVERSALS VIOL_MALFORMED_REQUEST VIOL_EVASION_MULTIPLE_DECODING VIOL_DATA_GUARD VIOL_EVASION_APACHE_WHITESPACE VIOL_COOKIE_MODIFIED VIOL_EVASION_IIS_UNICODE_CODEPOINTS VIOL_EVASION_IIS_BACKSLASHES VIOL_EVASION_PERCENT_U_DECODING VIOL_EVASION_BARE_BYTE_DECODING VIOL_EVASION_BAD_UNESCAPE VIOL_HTTP_PROTOCOL_BAD_MULTIPART_FORMDATA_REQUEST_PARSING VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST VIOL_HTTP_PROTOCOL_HIGH_ASCII_CHARACTERS_IN_HEADERS VIOL_ENCODING VIOL_COOKIE_MALFORMED VIOL_GRAPHQL_FORMAT VIOL_GRAPHQL_MALFORMED VIOL_GRAPHQL_INTROSPECTION_QUERY

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path_prefix

prefix

Exclusive with [any_path path_regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

path_regex

Path Regex

Exclusive with [any_path path_prefix] Define the regex for the path. For example, the regex ^/.*$ will match on all paths.

string

<= 256 characters

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

waf_skip_processing

object

waf_exclusion_policy

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deleted_referred_objects

deleted_referred_objects

The set of deleted objects that are referred by this object.

Array<object>

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

disabled_referred_objects

disabled_referred_objects

The set of deleted objects that are referred by this object.

Array<object>

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

metadata

object

annotations

annotations

object

description

description

Human readable description for the object.

string

>= 21 characters <= 1200 characters

disable

disable

A value of true will administratively disable the object.

boolean format: boolean

labels

labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

object

name

name

string

>= 6 characters <= 1024 characters

namespace

namespace

This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

string

>= 6 characters <= 1024 characters

referring_objects

referring_objects

The set of objects that are referring to this object in their spec.

Array<object>

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

replace_form

object

metadata

object

annotations

annotations

object

description

description

Human readable description for the object.

string

>= 21 characters <= 1200 characters

disable

disable

A value of true will administratively disable the object.

boolean format: boolean

labels

labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

object

name

name

string

>= 6 characters <= 1024 characters

namespace

namespace

This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

string

>= 6 characters <= 1024 characters

spec

object

active_service_policies

object

policies

policies

Required: YES.

Array<object>

>= 1 items <= 16 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

api_rate_limit

object

api_endpoint_rules

api_endpoint_policy

Sets of rules for a specific endpoints. Order is matter as it uses first match policy. For creating rule that contain a whole domain or group of endpoints, please use the server URL rules above.

Array<object>

<= 20 items

ApiEndpointRule

object

any_domain

object

api_endpoint_method

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

methods

methods

List of methods values to match against.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

api_endpoint_path

api endpoint path

The endpoint (path) of the request. Required: YES.

string

<= 1024 characters

client_matcher

object

any_client

object

any_ip

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

ip_threat_category_list

object

ip_threat_categories

IP Threat Categories

The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

inline_rate_limiter

object

ref_user_id

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

threshold

threshold

The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period. Required: YES.

integer format: int64

unit

string

default: SECOND

Allowed values: SECOND MINUTE HOUR

use_http_lb_user_id

object

ref_rate_limiter

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

request_matcher

object

cookie_matchers

cookie matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

jwt_claims

JWT claims

Array<object>

<= 16 items

JWTClaimMatcherType

Presence or absence of the JWT Claim in the input
At least one of the values for the JWT Claim in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

JWT claim name. Required: YES.

string

>= 6 characters <= 256 characters

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain.

string

<= 128 characters

bypass_rate_limiting_rules

object

bypass_rate_limiting_rules

bypass_rate_limiting_policy

This category defines rules per URL or API group. If request matches any of these rules, skip Rate Limiting.

Array<object>

<= 20 items

BypassRateLimitingRule

object

any_domain

object

any_url

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_groups

object

api_groups

api group

Required: YES.

Array<string>

<= 32 items

base_path

base path

Exclusive with [any_url api_endpoint api_groups] The base path which this validation applies to.

string

<= 128 characters

client_matcher

object

any_client

object

any_ip

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

ip_threat_category_list

object

ip_threat_categories

IP Threat Categories

The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

request_matcher

object

cookie_matchers

cookie matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

jwt_claims

JWT claims

Array<object>

<= 16 items

JWTClaimMatcherType

Presence or absence of the JWT Claim in the input
At least one of the values for the JWT Claim in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

JWT claim name. Required: YES.

string

>= 6 characters <= 256 characters

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain. For example: api.example.com.

string

<= 128 characters

custom_ip_allowed_list

object

rate_limiter_allowed_prefixes

rate_limiter_allowed_prefixes

References to ip_prefix_set objects. Requests from source IP addresses that are covered by one of the allowed IP Prefixes are not subjected to rate limiting.

Required: YES.

Array<object>

>= 1 items <= 4 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ip_allowed_list

object

prefixes

ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>

<= 128 items

no_ip_allowed_list

object

server_url_rules

server_url_policy

Array<object>

<= 20 items

ServerUrlRule

object

any_domain

object

api_group

api_group

string

<= 128 characters

base_path

base path

Prefix of the request path. Required: YES.

string

<= 128 characters

client_matcher

object

any_client

object

any_ip

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

ip_threat_category_list

object

ip_threat_categories

IP Threat Categories

The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

inline_rate_limiter

object

ref_user_id

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

threshold

threshold

The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period. Required: YES.

integer format: int64

unit

string

default: SECOND

Allowed values: SECOND MINUTE HOUR

use_http_lb_user_id

object

ref_rate_limiter

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

request_matcher

object

cookie_matchers

cookie matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

jwt_claims

JWT claims

Array<object>

<= 16 items

JWTClaimMatcherType

Presence or absence of the JWT Claim in the input
At least one of the values for the JWT Claim in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

JWT claim name. Required: YES.

string

>= 6 characters <= 256 characters

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain.

string

<= 128 characters

api_specification

object

api_definition

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

validation_all_spec_endpoints

object

fall_through_mode

object

fall_through_mode_allow

object

fall_through_mode_custom

object

open_api_validation_rules

Custom Fall Through Rule List

Required: YES.

Array<object>

<= 15 items

Fall Through Rule

Fall Through Rule for a specific endpoint, base-path, or API group.

object

action_block

object

action_report

object

action_skip

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_group

api_group

Exclusive with [api_endpoint base_path] The API group which this validation applies to.

string

<= 128 characters

base_path

base path

Exclusive with [api_endpoint api_group] The base path which this validation applies to.

string

<= 128 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

settings

object

oversized_body_fail_validation

object

oversized_body_skip_validation

object

property_validation_settings_custom

object

queryParameters

object

allow_additional_parameters

object

disallow_additional_parameters

object

property_validation_settings_default

object

validation_mode

object

response_validation_mode_active

object

enforcement_block

object

enforcement_report

object

response_validation_properties

Response Validation Properties

List of properties of the response to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

skip_response_validation

object

skip_validation

object

validation_mode_active

object

enforcement_block

object

enforcement_report

object

request_validation_properties

Request Validation Properties

List of properties of the request to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

validation_custom_list

object

fall_through_mode

object

fall_through_mode_allow

object

fall_through_mode_custom

object

open_api_validation_rules

Custom Fall Through Rule List

Required: YES.

Array<object>

<= 15 items

Fall Through Rule

Fall Through Rule for a specific endpoint, base-path, or API group.

object

action_block

object

action_report

object

action_skip

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_group

api_group

Exclusive with [api_endpoint base_path] The API group which this validation applies to.

string

<= 128 characters

base_path

base path

Exclusive with [api_endpoint api_group] The base path which this validation applies to.

string

<= 128 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

open_api_validation_rules

Validation List

Required: YES.

Array<object>

<= 15 items

OpenAPI Validation Rule

OpenAPI Validation Rule for a specific endpoint, base-path, or API group.

object

any_domain

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_group

api_group

Exclusive with [api_endpoint base_path] The API group which this validation applies to.

string

<= 128 characters

base_path

base path

Exclusive with [api_endpoint api_group] The base path which this validation applies to.

string

<= 128 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain.

string

<= 128 characters

validation_mode

object

response_validation_mode_active

object

enforcement_block

object

enforcement_report

object

response_validation_properties

Response Validation Properties

List of properties of the response to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

skip_response_validation

object

skip_validation

object

validation_mode_active

object

enforcement_block

object

enforcement_report

object

request_validation_properties

Request Validation Properties

List of properties of the request to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

settings

object

oversized_body_fail_validation

object

oversized_body_skip_validation

object

property_validation_settings_custom

object

queryParameters

object

allow_additional_parameters

object

disallow_additional_parameters

object

property_validation_settings_default

object

validation_disabled

object

app_firewall

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

blocked_clients

Define rules to block IP Prefixes or AS numbers.

Array<object>

<= 256 items

SimpleClientSrcRule

Simple client source rule specifies the sources to be blocked or trusted (skip WAF)

object

actions

actions

Actions that should be taken when client identifier matches the rule.

Array<string>

<= 10 items

as_number

as number

Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.

integer format: int64

bot_skip_processing

object

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

http_header

object

headers

headers

List of HTTP header name and value pairs

Required: YES.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

ip_prefix

ip prefix

Exclusive with [as_number http_header ipv6_prefix user_identifier] IPv4 prefix string.

string

<= 1024 characters

ipv6_prefix

ipv6 prefix

Exclusive with [as_number http_header ip_prefix user_identifier] IPv6 prefix string.

string

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

skip_processing

object

user_identifier

user identifier

Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier. User identifier value needs to be copied from security event.

string

<= 256 characters

waf_skip_processing

object

bot_defense

object

disable_cors_support

object

enable_cors_support

object

policy

object

disable_js_insert

object

disable_mobile_sdk

object

javascript_mode

string

default: ASYNC_JS_NO_CACHING

Allowed values: ASYNC_JS_NO_CACHING ASYNC_JS_CACHING SYNC_JS_NO_CACHING SYNC_JS_CACHING

js_download_path

js_download_path

Customize Bot Defense Client JavaScript path. If not specified, default /common.js

string

<= 1024 characters

js_insert_all_pages

object

javascript_location

string

default: AFTER_HEAD

Allowed values: AFTER_HEAD AFTER_TITLE_END BEFORE_SCRIPT

js_insert_all_pages_except

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

javascript_location

string

default: AFTER_HEAD

Allowed values: AFTER_HEAD AFTER_TITLE_END BEFORE_SCRIPT

js_insertion_rules

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

rules

rules

Required list of pages to insert Bot Defense client JavaScript.

Required: YES.

Array<object>

>= 1 items <= 128 items

ShapeJavaScriptInsertionRule

This defines a rule for Bot Defense JavaScript insertion.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

javascript_location

string

default: AFTER_HEAD

Allowed values: AFTER_HEAD AFTER_TITLE_END BEFORE_SCRIPT

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

mobile_sdk_config

object

mobile_identifier

object

headers

Mobile headers

Headers that can be used to identify mobile traffic.

Array<object>

<= 32 items

HeaderMatcherTypeBasic

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

protected_app_endpoints

AppEndpointType

List of protected endpoints. Limit: Approx ‘128 endpoints per Load Balancer (LB)’ upto 4 LBs, ‘32 endpoints per LB’ after 4 LBs.

Required: YES.

Array<object>

>= 1 items <= 128 items

AppEndpointType

Application Endpoint.

object

allow_good_bots

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

flow_label

object

account_management

object

create

object

password_reset

object

authentication

object

login

object

disable_transaction_result

object

transaction_result

object

failure_conditions

Failure Conditions

Failure Conditions.

Array<object>

<= 3 items

BotDefenseTransactionResultCondition

Bot Defense Transaction Result Condition.

object

name

name

A case-insensitive HTTP header name.

string

>= 6 characters <= 256 characters

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

status

string

default: EmptyStatusCode

success_conditions

Success Conditions

Success Conditions.

Array<object>

<= 3 items

BotDefenseTransactionResultCondition

Bot Defense Transaction Result Condition.

object

name

name

A case-insensitive HTTP header name.

string

>= 6 characters <= 256 characters

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

status

string

default: EmptyStatusCode

login_mfa

object

login_partner

object

logout

object

token_refresh

object

financial_services

object

apply

object

money_transfer

object

flight

object

checkin

object

profile_management

object

create

object

update

object

view

object

search

object

flight_search

object

product_search

object

reservation_search

object

room_search

object

shopping_gift_cards

object

gift_card_make_purchase_with_gift_card

object

gift_card_validation

object

shop_add_to_cart

object

shop_checkout

object

shop_choose_seat

object

shop_enter_drawing_submission

object

shop_make_payment

object

shop_order

object

shop_price_inquiry

object

shop_promo_code_validation

object

shop_purchase_gift_card

object

shop_update_quantity

object

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

http_methods

HTTP Methods

List of HTTP methods.

Required: YES.

Array<string>

>= 1 items <= 5 items

Allowed values: METHOD_ANY METHOD_GET METHOD_POST METHOD_PUT METHOD_PATCH METHOD_DELETE METHOD_GET_DOCUMENT

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

mitigate_good_bots

object

mitigation

object

block

object

body

body

Your request was blocked

”. Base64 encoded string for this HTML is “LzxwPiBZb3VyIHJlcXVlc3Qgd2FzIGJsb2NrZWQgPC9wPg==”

string

<= 4096 characters

status

string

default: EmptyStatusCode

flag

object

append_headers

object

auto_type_header_name

auto_type_header_name

A case-insensitive HTTP header name. Required: YES.

string

<= 256 characters

inference_header_name

inference_header_name

A case-insensitive HTTP header name. Required: YES.

string

<= 256 characters

no_headers

object

redirect

object

uri

URI

URI location for redirect may be relative or absolute. Required: YES.

string

<= 1024 characters

mobile

object

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

protocol

string

default: BOTH

Allowed values: BOTH HTTP HTTPS

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

undefined_flow_label

object

web

object

web_mobile

object

mobile_identifier

string

default: HEADERS

Allowed values: HEADERS

regional_endpoint

string

default: AUTO

Allowed values: AUTO US EU ASIA

timeout

timeout

The timeout for the inference check, in milliseconds.

integer format: int64

captcha_challenge

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

client_side_defense

object

policy

object

disable_js_insert

object

js_insert_all_pages

object

js_insert_all_pages_except

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

js_insertion_rules

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

rules

rules

Required list of pages to insert Client-Side Defense client JavaScript.

Required: YES.

Array<object>

>= 1 items <= 128 items

CSDJavaScriptInsertionRule

This defines a rule for Client-Side Defense JavaScript insertion.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

cors_policy

object

allow_credentials

allow_credentials

Specifies whether the resource allows credentials.

boolean format: boolean

allow_headers

allow_headers

Specifies the content for the access-control-allow-headers header.

string

<= 1024 characters

allow_methods

allow_methods

Specifies the content for the access-control-allow-methods header.

string

<= 1024 characters

allow_origin

allow_origin

Specifies the origins that will be allowed to do CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match.

Array<string>

<= 128 items

allow_origin_regex

allow_origin_regex

Specifies regex patterns that match allowed origins. An origin is allowed if either allow_origin or allow_origin_regex match.

Array<string>

<= 16 items

disabled

disabled

Disable the CorsPolicy for a particular route. This is useful when virtual-host has CorsPolicy, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.

boolean format: boolean

expose_headers

expose_headers

Specifies the content for the access-control-expose-headers header.

string

<= 1024 characters

maximum_age

maximum_age

integer format: int32

csrf_policy

object

all_load_balancer_domains

object

custom_domain_list

object

domains

Domains

A list of domain names that will be matched to loadbalancer. These domains are not used for SNI match. Wildcard names are supported in the suffix or prefix form. Required: YES.

Array<string>

>= 1 items <= 32 items

disabled

object

custom_cache_rule

object

cdn_cache_rules

cdn_cache_rule

Reference to CDN Cache Rule configuration object.

Array<object>

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

data_guard_rules

Array<object>

<= 64 items

SimpleDataGuardRule

Simple Data Guard rule specifies a simple set of match conditions to enable data guard protection.

object

any_domain

object

apply_data_guard

object

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

skip_data_guard

object

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

ddos_mitigation_rules

Define manual mitigation rules to block L7 DDoS attacks.

Array<object>

<= 256 items

DDoSMitigationRule

DDoS Mitigation Rule specifies the sources to be blocked.

object

block

object

ddos_client_source

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

country_list

country_list

Sources that are located in one of the countries in the given list.

Array<string>

<= 64 items

ja4_tls_fingerprint_matcher

object

exact_values

exact values

A list of exact JA4 TLS fingerprint to match the input JA4 TLS fingerprint against.

Array<string>

<= 16 items

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

default_cache_action

object

cache_disabled

object

cache_ttl_default

Use Cache TTL Provided by Origin

Exclusive with [cache_disabled cache_ttl_override] Use Cache TTL Provided by Origin, and set a contigency TTL value in case one is not provided.

string

<= 1024 characters

cache_ttl_override

Override Cache TTL Provided by Origin

Exclusive with [cache_disabled cache_ttl_default] Always override the Cahce TTL provided by Origin.

string

<= 1024 characters

default_sensitive_data_policy

object

disable_api_definition

object

disable_api_discovery

object

disable_client_side_defense

object

disable_ip_reputation

object

disable_malicious_user_detection

object

disable_rate_limit

object

disable_threat_mesh

object

disable_waf

object

domains

A list of fully qualified domain names. The CDN Distribution will be setup for these FQDN name(s). [This can be a domain or a sub-domain] Required: YES.

Array<string>

>= 1 items <= 32 items

enable_api_discovery

object

api_crawler

object

api_crawler_config

object

domains

Configured API Domains

Enter domains and their credentials to allow authenticated API crawling. You can only include domains you own that are associated with this Load Balancer.

Required: YES.

Array<object>

<= 32 items

Configured API Domains

The DomainConfiguration message.

object

domain

Custom domain to crawl

Select the domain to execute API Crawling with given credentials.

Required: YES.

string format: hostname

>= 26 characters <= 256 characters

simple_login

object

password

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

user

The custom domain user authentication

Enter the username to assign credentials for the selected domain to crawl.

string

<= 64 characters

disable_api_crawler

object

api_discovery_from_code_scan

object

code_base_integrations

Code Base Integrations

Required: YES.

Array<object>

<= 5 items

Code Base Integration

object

all_repos

object

code_base_integration

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

selected_repos

object

api_code_repo

API Code Repository

Code repository which contain API endpoints

Required: YES.

Array<string>

custom_api_auth_discovery

object

api_discovery_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_api_auth_discovery

object

disable_learn_from_redirect_traffic

object

discovered_api_settings

object

purge_duration_for_inactive_discovered_apis

purge_duration_for_inactive_discovered_apis

Inactive discovered API will be deleted after configured duration.

integer format: int64

enable_learn_from_redirect_traffic

object

enable_challenge

object

captcha_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

default_captcha_challenge_parameters

object

default_js_challenge_parameters

object

default_mitigation_settings

object

js_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

malicious_user_mitigation

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

enable_ip_reputation

object

ip_threat_categories

IP Threat Categories

If the source IP matches on atleast one of the enabled IP threat categories, the request will be denied.

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

enable_malicious_user_detection

object

enable_threat_mesh

object

graphql_rules

Array<object>

<= 64 items

GraphQL Rule

This section defines various configuration OPTIONS for GraphQL inspection.

object

any_domain

object

exact_path

Path

Specifies the exact path to GraphQL endpoint. Default value is /graphql. Required: YES.

string

<= 256 characters

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

graphql_settings

object

disable_introspection

object

enable_introspection

object

max_batched_queries

Max Batched Queries

Specify maximum number of queries in a single batched request. Required: YES.

integer format: int64

max_depth

Max Depth

Specify maximum depth for the GraphQL query. Required: YES.

integer format: int64

max_total_length

Max Total Length

Specify maximum length in bytes for the GraphQL query. Required: YES.

integer format: int64

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

method_get

object

method_post

object

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

http

object

dns_volterra_managed

Manage DNS Domain

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

tls_cert_options

object

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_inline_params

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

tls_config

object

tls_11_plus

object

tls_12_plus

object

js_challenge

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

jwt_validation

object

action

object

block

object

report

object

jwks_config

object

cleartext

cleartext

The JSON Web Key Set (JWKS) is a set of keys used to verify JSON Web Token (JWT) issued by the Authorization Server. See RFC 7517 for more details.

string

<= 1024 characters

mandatory_claims

object

claim_names

Claim names

Human-readable name for the resource

Array<string>

<= 16 items

reserved_claims

object

audience

object

audiences

audiences

Required: YES.

Array<string>

>= 1 items <= 16 items

audience_disable

object

issuer

issuer

Exclusive with [issuer_disable]

string

<= 1024 characters

issuer_disable

object

validate_period_disable

object

validate_period_enable

object

target

object

all_endpoint

object

api_groups

object

api_groups

api group

Required: YES.

Array<string>

<= 32 items

base_paths

object

base_paths

base_paths

Required: YES.

Array<string>

<= 16 items

token_location

object

bearer_token

object

authorization_server

object

authorization_servers

authorization_server_name

Authorization Servers are configured separately in the ‘Shared Objects’ section of the Web App & API Protection workspace and used to fetch JWKS for JWT validation.

Required: YES.

Array<object>

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

l7_ddos_action_block

object

l7_ddos_action_default

object

l7_ddos_action_js_challenge

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

no_challenge

object

no_service_policies

object

origin_pool

object

more_origin_options

object

enable_byte_range_request

Enable Origin Byte Range Requests

Choice to enable/disable byte range requests towards origin.

boolean format: boolean

websocket_proxy

Enable websocket proxy to the origin

Option to enable proxying of websocket connections to the origin server.

boolean format: boolean

no_tls

object

origin_request_timeout

Origin Request Timeout

Configures the time after which a request to the origin will time out waiting for a response.

string

<= 1024 characters

origin_servers

List of Origin Servers

List of original servers

Required: YES.

Array<object>

>= 1 items <= 32 items

CDNOriginServerType

Various OPTIONS to specify origin server.

object

port

Port

Port the workload can be reached on.

integer format: int64

>= 1 <= 65535

public_ip

object

Exclusive with [] Public IPv4 address.

string

<= 1024 characters

public_name

object

dns_name

DNS name

DNS Name Required: YES.

string

>= 1 characters <= 256 characters

refresh_interval

refresh_interval

Interval for DNS refresh in seconds. Max value is 7 days as per https://datatracker.ietf.org/doc/HTML/rfc8767.

integer format: int64

public_name

object

dns_name

DNS name

DNS Name Required: YES.

string

>= 1 characters <= 256 characters

refresh_interval

refresh_interval

Interval for DNS refresh in seconds. Max value is 7 days as per https://datatracker.ietf.org/doc/HTML/rfc8767.

integer format: int64

use_tls

object

default_session_key_caching

object

disable_session_key_caching

object

disable_sni

object

max_session_keys

Max Session Keys Cached

Exclusive with [default_session_key_caching disable_session_key_caching]

Number of session keys that are cached.

integer format: int64

no_mtls

object

skip_server_verification

object

sni

sni

Exclusive with [disable_sni use_host_header_as_sni] SNI value to be used.

string

<= 256 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_host_header_as_sni

object

use_mtls

object

tls_certificates

mTLS certificate

MTLS Client Certificate

Required: YES.

Array<object>

>= 1 items <= 1 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

use_system_defaults

object

use_mtls_obj

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

use_server_verification

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Origin Pool for verification of server’s certificate.

string

>= 1 characters <= 131072 characters

volterra_trusted_ca

object

other_settings

object

add_location

Add Site information

X-example: true Appends header x-F5 Distributed Cloud-location = in responses.

boolean format: boolean

header_options

object

request_headers_to_add

Headers to add in request

Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied.

Array<object>

<= 32 items

HeaderManipulationOptionType

object

append

append

Should the value be appended? If true, the value is appended to existing values. Default value is do not append.

boolean format: boolean

name

name

Name of the HTTP header. Required: YES.

string

>= 6 characters <= 256 characters

secret_value

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

value

value

Exclusive with [secret_value] Value of the HTTP header.

string

>= 3 characters <= 8096 characters

request_headers_to_remove

Header to be removed from request

List of keys of Headers to be removed from the HTTP request being sent towards upstream.

Array<string>

<= 32 items

response_headers_to_add

Headers to add in response

Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied.

Array<object>

<= 32 items

HeaderManipulationOptionType

object

append

append

Should the value be appended? If true, the value is appended to existing values. Default value is do not append.

boolean format: boolean

name

name

Name of the HTTP header. Required: YES.

string

>= 6 characters <= 256 characters

secret_value

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

value

value

Exclusive with [secret_value] Value of the HTTP header.

string

>= 3 characters <= 8096 characters

response_headers_to_remove

Header to be removed from response

List of keys of Headers to be removed from the HTTP response being sent towards downstream.

Array<string>

<= 32 items

logging_options

object

client_log_options

object

header_list

List of Headers

List of headers.

Array<string>

<= 64 items

origin_log_options

object

header_list

List of Headers

List of headers.

Array<string>

<= 64 items

policy_based_challenge

object

always_enable_captcha_challenge

object

always_enable_js_challenge

object

captcha_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

default_captcha_challenge_parameters

object

default_js_challenge_parameters

object

default_mitigation_settings

object

default_temporary_blocking_parameters

object

js_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

malicious_user_mitigation

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_challenge

object

rule_list

object

rules

Rules

Array<object>

<= 64 items

Challenge Rule

Challenge rule.

object

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

spec

object

any_asn

object

any_client

object

any_ip

object

arg_matchers

Array<object>

<= 16 items

ArgMatcherType

A argument matcher specifies the name of a single argument in the body and the criteria to match it. A argument matcher can check for one of the following:

Presence or absence of the argument
At least one of the values for the argument in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive JSON path in the HTTP request body. Required: YES.

string

>= 6 characters <= 256 characters

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

body_matcher

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

cookie_matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

disable_challenge

object

domain_matcher

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

enable_captcha_challenge

object

enable_javascript_challenge

object

expiration_timestamp

string format: date-time

<= 1024 characters

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

http_method

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

methods

methods

List of methods values to match against.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

path

object

exact_values

exact values

A list of exact path values to match the input HTTP path against.

Array<string>

<= 16 items

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_values

prefix values

A list of path prefix values to match the input HTTP path against.

Array<string>

<= 16 items

regex_values

regex values

A list of regular expressions to match the input HTTP path against.

Array<string>

<= 16 items

suffix_values

Suffix values

A list of path suffix values to match the input HTTP path against.

Array<string>

<= 64 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

query_params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

temporary_user_blocking

object

custom_page

custom_page

Blocked

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

protected_cookies

Array<object>

<= 16 items

CookieManipulationOptionType

Set Cookie protection attributes.

object

add_httponly

object

add_secure

object

disable_tampering_protection

object

enable_tampering_protection

object

ignore_httponly

object

ignore_max_age

object

ignore_samesite

object

ignore_secure

object

max_age_value

add_max_age

Exclusive with [ignore_max_age] Add max age attribute.

integer format: int32

name

name

Name of the Cookie Required: YES.

string

>= 6 characters <= 256 characters

samesite_lax

object

samesite_none

object

samesite_strict

object

rate_limit

object

custom_ip_allowed_list

object

rate_limiter_allowed_prefixes

rate_limiter_allowed_prefixes

References to ip_prefix_set objects. Requests from source IP addresses that are covered by one of the allowed IP Prefixes are not subjected to rate limiting.

Required: YES.

Array<object>

>= 1 items <= 4 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ip_allowed_list

object

prefixes

ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>

<= 128 items

no_ip_allowed_list

object

no_policies

object

policies

object

policies

Rate Limiter Policies

Ordered list of rate limiter policies.

Required: YES.

Array<object>

<= 16 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

rate_limiter

object

action_block

object

hours

object

duration

Duration

Configuration parameter for duration

integer format: int64

minutes

object

duration

Duration

Configuration parameter for duration

integer format: int64

seconds

object

duration

Duration

Configuration parameter for duration

integer format: int64

burst_multiplier

burst_multiplier

The maximum burst of requests to accommodate, expressed as a multiple of the rate.

integer format: int64

disabled

object

leaky_bucket

object

period_multiplier

period_multiplier

This setting, combined with Per Period units, provides a duration.

integer format: int64

token_bucket

object

total_number

total_number

The total number of allowed requests per rate-limiting period. Required: YES.

integer format: int64

unit

string

default: SECOND

Allowed values: SECOND MINUTE HOUR

sensitive_data_policy

object

sensitive_data_policy_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

service_policies_from_namespace

object

slow_ddos_mitigation

object

disable_request_timeout

object

request_headers_timeout

Request Headers Timeout

integer format: int64

request_timeout

Custom Timeout

Exclusive with [disable_request_timeout]

integer format: int64

system_default_timeouts

object

trusted_clients

Define rules to skip processing of one or more features such as WAF, Bot Defense etc. For clients.

Array<object>

<= 256 items

SimpleClientSrcRule

Simple client source rule specifies the sources to be blocked or trusted (skip WAF)

object

actions

actions

Actions that should be taken when client identifier matches the rule.

Array<string>

<= 10 items

as_number

as number

Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.

integer format: int64

bot_skip_processing

object

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

http_header

object

headers

headers

List of HTTP header name and value pairs

Required: YES.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

ip_prefix

ip prefix

Exclusive with [as_number http_header ipv6_prefix user_identifier] IPv4 prefix string.

string

<= 1024 characters

ipv6_prefix

ipv6 prefix

Exclusive with [as_number http_header ip_prefix user_identifier] IPv6 prefix string.

string

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

skip_processing

object

user_identifier

user identifier

Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier. User identifier value needs to be copied from security event.

string

<= 256 characters

waf_skip_processing

object

user_id_client_ip

object

user_identification

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

waf_exclusion

object

waf_exclusion_inline_rules

object

rules

List of WAF Exclusion Rules

An ordered list of WAF Exclusions specific to this Load Balancer.

Array<object>

<= 256 items

SimpleWafExclusionRule

Simple WAF exclusion rule specifies a simple set of match conditions to be matched to skip a list of WAF detections.

object

any_domain

object

any_path

object

app_firewall_detection_control

object

exclude_attack_type_contexts

Exclude Attack Types Contexts

Attack Types to be excluded for the defined match criteria.

Array<object>

<= 64 items

App Firewall Attack Type Context

App Firewall Attack Type context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

exclude_attack_type

string

default: ATTACK_TYPE_NONE

exclude_bot_name_contexts

Exclude Bot Names Contexts

Bot Names to be excluded for the defined match criteria.

Array<object>

<= 64 items

Bot Name Context

Specifies bot to be excluded by its name.

object

bot_name

BotName

Required: YES.

string

<= 1024 characters

exclude_signature_contexts

Exclude Signature Contexts

Signature IDs to be excluded for the defined match criteria.

Array<object>

<= 1024 items

App Firewall Signature Context

App Firewall signature context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

signature_id

SignatureID

The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context. Required: YES.

integer format: int64

exclude_violation_contexts

Exclude Violation Contexts

Violations to be excluded for the defined match criteria.

Array<object>

<= 64 items

App Firewall Violation Context

App Firewall violation context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

exclude_violation

string

default: VIOL_NONE

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path_prefix

prefix

Exclusive with [any_path path_regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

path_regex

Path Regex

Exclusive with [any_path path_prefix] Define the regex for the path. For example, the regex ^/.*$ will match on all paths.

string

<= 256 characters

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

waf_skip_processing

object

waf_exclusion_policy

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

spec

object

active_service_policies

object

policies

policies

Required: YES.

Array<object>

>= 1 items <= 16 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

api_rate_limit

object

api_endpoint_rules

api_endpoint_policy

Sets of rules for a specific endpoints. Order is matter as it uses first match policy. For creating rule that contain a whole domain or group of endpoints, please use the server URL rules above.

Array<object>

<= 20 items

ApiEndpointRule

object

any_domain

object

api_endpoint_method

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

methods

methods

List of methods values to match against.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

api_endpoint_path

api endpoint path

The endpoint (path) of the request. Required: YES.

string

<= 1024 characters

client_matcher

object

any_client

object

any_ip

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

ip_threat_category_list

object

ip_threat_categories

IP Threat Categories

The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

inline_rate_limiter

object

ref_user_id

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

threshold

threshold

The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period. Required: YES.

integer format: int64

unit

string

default: SECOND

Allowed values: SECOND MINUTE HOUR

use_http_lb_user_id

object

ref_rate_limiter

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

request_matcher

object

cookie_matchers

cookie matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

jwt_claims

JWT claims

Array<object>

<= 16 items

JWTClaimMatcherType

Presence or absence of the JWT Claim in the input
At least one of the values for the JWT Claim in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

JWT claim name. Required: YES.

string

>= 6 characters <= 256 characters

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain.

string

<= 128 characters

bypass_rate_limiting_rules

object

bypass_rate_limiting_rules

bypass_rate_limiting_policy

This category defines rules per URL or API group. If request matches any of these rules, skip Rate Limiting.

Array<object>

<= 20 items

BypassRateLimitingRule

object

any_domain

object

any_url

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_groups

object

api_groups

api group

Required: YES.

Array<string>

<= 32 items

base_path

base path

Exclusive with [any_url api_endpoint api_groups] The base path which this validation applies to.

string

<= 128 characters

client_matcher

object

any_client

object

any_ip

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

ip_threat_category_list

object

ip_threat_categories

IP Threat Categories

The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

request_matcher

object

cookie_matchers

cookie matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

jwt_claims

JWT claims

Array<object>

<= 16 items

JWTClaimMatcherType

Presence or absence of the JWT Claim in the input
At least one of the values for the JWT Claim in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

JWT claim name. Required: YES.

string

>= 6 characters <= 256 characters

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain. For example: api.example.com.

string

<= 128 characters

custom_ip_allowed_list

object

rate_limiter_allowed_prefixes

rate_limiter_allowed_prefixes

References to ip_prefix_set objects. Requests from source IP addresses that are covered by one of the allowed IP Prefixes are not subjected to rate limiting.

Required: YES.

Array<object>

>= 1 items <= 4 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ip_allowed_list

object

prefixes

ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>

<= 128 items

no_ip_allowed_list

object

server_url_rules

server_url_policy

Array<object>

<= 20 items

ServerUrlRule

object

any_domain

object

api_group

api_group

string

<= 128 characters

base_path

base path

Prefix of the request path. Required: YES.

string

<= 128 characters

client_matcher

object

any_client

object

any_ip

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

ip_threat_category_list

object

ip_threat_categories

IP Threat Categories

The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

inline_rate_limiter

object

ref_user_id

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

threshold

threshold

The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period. Required: YES.

integer format: int64

unit

string

default: SECOND

Allowed values: SECOND MINUTE HOUR

use_http_lb_user_id

object

ref_rate_limiter

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

request_matcher

object

cookie_matchers

cookie matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

jwt_claims

JWT claims

Array<object>

<= 16 items

JWTClaimMatcherType

Presence or absence of the JWT Claim in the input
At least one of the values for the JWT Claim in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

JWT claim name. Required: YES.

string

>= 6 characters <= 256 characters

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain.

string

<= 128 characters

api_specification

object

api_definition

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

validation_all_spec_endpoints

object

fall_through_mode

object

fall_through_mode_allow

object

fall_through_mode_custom

object

open_api_validation_rules

Custom Fall Through Rule List

Required: YES.

Array<object>

<= 15 items

Fall Through Rule

Fall Through Rule for a specific endpoint, base-path, or API group.

object

action_block

object

action_report

object

action_skip

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_group

api_group

Exclusive with [api_endpoint base_path] The API group which this validation applies to.

string

<= 128 characters

base_path

base path

Exclusive with [api_endpoint api_group] The base path which this validation applies to.

string

<= 128 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

settings

object

oversized_body_fail_validation

object

oversized_body_skip_validation

object

property_validation_settings_custom

object

queryParameters

object

allow_additional_parameters

object

disallow_additional_parameters

object

property_validation_settings_default

object

validation_mode

object

response_validation_mode_active

object

enforcement_block

object

enforcement_report

object

response_validation_properties

Response Validation Properties

List of properties of the response to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

skip_response_validation

object

skip_validation

object

validation_mode_active

object

enforcement_block

object

enforcement_report

object

request_validation_properties

Request Validation Properties

List of properties of the request to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

validation_custom_list

object

fall_through_mode

object

fall_through_mode_allow

object

fall_through_mode_custom

object

open_api_validation_rules

Custom Fall Through Rule List

Required: YES.

Array<object>

<= 15 items

Fall Through Rule

Fall Through Rule for a specific endpoint, base-path, or API group.

object

action_block

object

action_report

object

action_skip

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_group

api_group

Exclusive with [api_endpoint base_path] The API group which this validation applies to.

string

<= 128 characters

base_path

base path

Exclusive with [api_endpoint api_group] The base path which this validation applies to.

string

<= 128 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

open_api_validation_rules

Validation List

Required: YES.

Array<object>

<= 15 items

OpenAPI Validation Rule

OpenAPI Validation Rule for a specific endpoint, base-path, or API group.

object

any_domain

object

api_endpoint

object

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

Path

Path to be matched Required: YES.

string

<= 1024 characters

api_group

api_group

Exclusive with [api_endpoint base_path] The API group which this validation applies to.

string

<= 128 characters

base_path

base path

Exclusive with [api_endpoint api_group] The base path which this validation applies to.

string

<= 128 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

specific_domain

domain

Exclusive with [any_domain] The rule will apply for a specific domain.

string

<= 128 characters

validation_mode

object

response_validation_mode_active

object

enforcement_block

object

enforcement_report

object

response_validation_properties

Response Validation Properties

List of properties of the response to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

skip_response_validation

object

skip_validation

object

validation_mode_active

object

enforcement_block

object

enforcement_report

object

request_validation_properties

Request Validation Properties

List of properties of the request to validate according to the OpenAPI specification file (a.k.a. Swagger)

Required: YES.

Array<string>

>= 1 items

settings

object

oversized_body_fail_validation

object

oversized_body_skip_validation

object

property_validation_settings_custom

object

queryParameters

object

allow_additional_parameters

object

disallow_additional_parameters

object

property_validation_settings_default

object

validation_disabled

object

app_firewall

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

auto_cert_info

object

auto_cert_expiry

Auto Cert Expiry Timestamp

Auto certificate expiry timestamp.

string format: date-time

<= 1024 characters

auto_cert_issuer

Auto Cert Issuer

Issuer of the auto certificate.

string

<= 1024 characters

auto_cert_state

string

default: AutoCertDisabled

Allowed values: AutoCertDisabled DnsDomainVerification AutoCertStarted DomainChallengePending DomainChallengeVerified AutoCertFinalize CertificateInvalid CertificateValid AutoCertNotApplicable AutoCertRateLimited AutoCertGenerationRetry AutoCertError PreDomainChallengePending DomainChallengeStarted AutoCertInitialize AutoCertAccountRateLimited AutoCertDomainRateLimited CertificateExpired

auto_cert_subject

Auto Cert Subject

Subject of the auto certificate.

string

<= 1024 characters

dns_records

DNS Records

DNS Records that are to be added by user in their DNS domain. Currently, this will be populated when auto certificates are desired but DNS delegation is not enabled.

Array<object>

DNSRecord

Defines a DNS record.

object

name

Name

Name of the DNS record.

string

>= 6 characters <= 1024 characters

type

Type

Type of the DNS record.

string

<= 1024 characters

value

Value

DNS record Value.

string

>= 3 characters <= 1024 characters

blocked_clients

Define rules to block IP Prefixes or AS numbers.

Array<object>

<= 256 items

SimpleClientSrcRule

Simple client source rule specifies the sources to be blocked or trusted (skip WAF)

object

actions

actions

Actions that should be taken when client identifier matches the rule.

Array<string>

<= 10 items

as_number

as number

Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.

integer format: int64

bot_skip_processing

object

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

http_header

object

headers

headers

List of HTTP header name and value pairs

Required: YES.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

ip_prefix

ip prefix

Exclusive with [as_number http_header ipv6_prefix user_identifier] IPv4 prefix string.

string

<= 1024 characters

ipv6_prefix

ipv6 prefix

Exclusive with [as_number http_header ip_prefix user_identifier] IPv6 prefix string.

string

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

skip_processing

object

user_identifier

user identifier

Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier. User identifier value needs to be copied from security event.

string

<= 256 characters

waf_skip_processing

object

bot_defense

object

disable_cors_support

object

enable_cors_support

object

policy

object

disable_js_insert

object

disable_mobile_sdk

object

javascript_mode

string

default: ASYNC_JS_NO_CACHING

Allowed values: ASYNC_JS_NO_CACHING ASYNC_JS_CACHING SYNC_JS_NO_CACHING SYNC_JS_CACHING

js_download_path

js_download_path

Customize Bot Defense Client JavaScript path. If not specified, default /common.js

string

<= 1024 characters

js_insert_all_pages

object

javascript_location

string

default: AFTER_HEAD

Allowed values: AFTER_HEAD AFTER_TITLE_END BEFORE_SCRIPT

js_insert_all_pages_except

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

javascript_location

string

default: AFTER_HEAD

Allowed values: AFTER_HEAD AFTER_TITLE_END BEFORE_SCRIPT

js_insertion_rules

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

rules

rules

Required list of pages to insert Bot Defense client JavaScript.

Required: YES.

Array<object>

>= 1 items <= 128 items

ShapeJavaScriptInsertionRule

This defines a rule for Bot Defense JavaScript insertion.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

javascript_location

string

default: AFTER_HEAD

Allowed values: AFTER_HEAD AFTER_TITLE_END BEFORE_SCRIPT

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

mobile_sdk_config

object

mobile_identifier

object

headers

Mobile headers

Headers that can be used to identify mobile traffic.

Array<object>

<= 32 items

HeaderMatcherTypeBasic

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

protected_app_endpoints

AppEndpointType

List of protected endpoints. Limit: Approx ‘128 endpoints per Load Balancer (LB)’ upto 4 LBs, ‘32 endpoints per LB’ after 4 LBs.

Required: YES.

Array<object>

>= 1 items <= 128 items

AppEndpointType

Application Endpoint.

object

allow_good_bots

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

flow_label

object

account_management

object

create

object

password_reset

object

authentication

object

login

object

disable_transaction_result

object

transaction_result

object

failure_conditions

Failure Conditions

Failure Conditions.

Array<object>

<= 3 items

BotDefenseTransactionResultCondition

Bot Defense Transaction Result Condition.

object

name

name

A case-insensitive HTTP header name.

string

>= 6 characters <= 256 characters

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

status

string

default: EmptyStatusCode

success_conditions

Success Conditions

Success Conditions.

Array<object>

<= 3 items

BotDefenseTransactionResultCondition

Bot Defense Transaction Result Condition.

object

name

name

A case-insensitive HTTP header name.

string

>= 6 characters <= 256 characters

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

status

string

default: EmptyStatusCode

login_mfa

object

login_partner

object

logout

object

token_refresh

object

financial_services

object

apply

object

money_transfer

object

flight

object

checkin

object

profile_management

object

create

object

update

object

view

object

search

object

flight_search

object

product_search

object

reservation_search

object

room_search

object

shopping_gift_cards

object

gift_card_make_purchase_with_gift_card

object

gift_card_validation

object

shop_add_to_cart

object

shop_checkout

object

shop_choose_seat

object

shop_enter_drawing_submission

object

shop_make_payment

object

shop_order

object

shop_price_inquiry

object

shop_promo_code_validation

object

shop_purchase_gift_card

object

shop_update_quantity

object

headers

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

http_methods

HTTP Methods

List of HTTP methods.

Required: YES.

Array<string>

>= 1 items <= 5 items

Allowed values: METHOD_ANY METHOD_GET METHOD_POST METHOD_PUT METHOD_PATCH METHOD_DELETE METHOD_GET_DOCUMENT

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

mitigate_good_bots

object

mitigation

object

block

object

body

body

Your request was blocked

”. Base64 encoded string for this HTML is “LzxwPiBZb3VyIHJlcXVlc3Qgd2FzIGJsb2NrZWQgPC9wPg==”

string

<= 4096 characters

status

string

default: EmptyStatusCode

flag

object

append_headers

object

auto_type_header_name

auto_type_header_name

A case-insensitive HTTP header name. Required: YES.

string

<= 256 characters

inference_header_name

inference_header_name

A case-insensitive HTTP header name. Required: YES.

string

<= 256 characters

no_headers

object

redirect

object

uri

URI

URI location for redirect may be relative or absolute. Required: YES.

string

<= 1024 characters

mobile

object

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

protocol

string

default: BOTH

Allowed values: BOTH HTTP HTTPS

query_params

query params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

undefined_flow_label

object

web

object

web_mobile

object

mobile_identifier

string

default: HEADERS

Allowed values: HEADERS

regional_endpoint

string

default: AUTO

Allowed values: AUTO US EU ASIA

timeout

timeout

The timeout for the inference check, in milliseconds.

integer format: int64

captcha_challenge

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

cert_state

string

default: AutoCertDisabled

client_side_defense

object

policy

object

disable_js_insert

object

js_insert_all_pages

object

js_insert_all_pages_except

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

js_insertion_rules

object

exclude_list

exclude_list

Optional JavaScript insertions exclude list of domain and path matchers.

Array<object>

<= 128 items

ShapeJavaScriptExclusionRule

Define JavaScript insertion exclusion rule.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

rules

rules

Required list of pages to insert Client-Side Defense client JavaScript.

Required: YES.

Array<object>

>= 1 items <= 128 items

CSDJavaScriptInsertionRule

This defines a rule for Client-Side Defense JavaScript insertion.

object

any_domain

object

domain

object

exact_value

exact value

Exclusive with [regex_value suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

regex_value

regex values of Domains

Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.

string

>= 1 characters <= 256 characters

suffix_value

suffix value

Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

cors_policy

object

allow_credentials

allow_credentials

Specifies whether the resource allows credentials.

boolean format: boolean

allow_headers

allow_headers

Specifies the content for the access-control-allow-headers header.

string

<= 1024 characters

allow_methods

allow_methods

Specifies the content for the access-control-allow-methods header.

string

<= 1024 characters

allow_origin

allow_origin

Specifies the origins that will be allowed to do CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match.

Array<string>

<= 128 items

allow_origin_regex

allow_origin_regex

Specifies regex patterns that match allowed origins. An origin is allowed if either allow_origin or allow_origin_regex match.

Array<string>

<= 16 items

disabled

disabled

Disable the CorsPolicy for a particular route. This is useful when virtual-host has CorsPolicy, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.

boolean format: boolean

expose_headers

expose_headers

Specifies the content for the access-control-expose-headers header.

string

<= 1024 characters

maximum_age

maximum_age

integer format: int32

csrf_policy

object

all_load_balancer_domains

object

custom_domain_list

object

domains

Domains

A list of domain names that will be matched to loadbalancer. These domains are not used for SNI match. Wildcard names are supported in the suffix or prefix form. Required: YES.

Array<string>

>= 1 items <= 32 items

disabled

object

custom_cache_rule

object

cdn_cache_rules

cdn_cache_rule

Reference to CDN Cache Rule configuration object.

Array<object>

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

data_guard_rules

Array<object>

<= 64 items

SimpleDataGuardRule

Simple Data Guard rule specifies a simple set of match conditions to enable data guard protection.

object

any_domain

object

apply_data_guard

object

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

skip_data_guard

object

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

ddos_mitigation_rules

Define manual mitigation rules to block L7 DDoS attacks.

Array<object>

<= 256 items

DDoSMitigationRule

DDoS Mitigation Rule specifies the sources to be blocked.

object

block

object

ddos_client_source

object

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

country_list

country_list

Sources that are located in one of the countries in the given list.

Array<string>

<= 64 items

ja4_tls_fingerprint_matcher

object

exact_values

exact values

A list of exact JA4 TLS fingerprint to match the input JA4 TLS fingerprint against.

Array<string>

<= 16 items

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

default_cache_action

object

cache_disabled

object

cache_ttl_default

Use Cache TTL Provided by Origin

Exclusive with [cache_disabled cache_ttl_override] Use Cache TTL Provided by Origin, and set a contigency TTL value in case one is not provided.

string

<= 1024 characters

cache_ttl_override

Override Cache TTL Provided by Origin

Exclusive with [cache_disabled cache_ttl_default] Always override the Cahce TTL provided by Origin.

string

<= 1024 characters

default_sensitive_data_policy

object

disable_api_definition

object

disable_api_discovery

object

disable_client_side_defense

object

disable_ip_reputation

object

disable_malicious_user_detection

object

disable_rate_limit

object

disable_threat_mesh

object

disable_waf

object

dns_info

DNS information for this virtual host.

Array<object>

DNS information

A message that contains DNS information for a given IP address.

object

ip_address

IP address

IP address associated with virtual host.

string

<= 1024 characters

domains

A list of fully qualified domain names. The CDN Distribution will be setup for these FQDN name(s). [This can be a domain or a sub-domain] Required: YES.

Array<string>

>= 1 items <= 32 items

enable_api_discovery

object

api_crawler

object

api_crawler_config

object

domains

Configured API Domains

Enter domains and their credentials to allow authenticated API crawling. You can only include domains you own that are associated with this Load Balancer.

Required: YES.

Array<object>

<= 32 items

Configured API Domains

The DomainConfiguration message.

object

domain

Custom domain to crawl

Select the domain to execute API Crawling with given credentials.

Required: YES.

string format: hostname

>= 26 characters <= 256 characters

simple_login

object

password

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

user

The custom domain user authentication

Enter the username to assign credentials for the selected domain to crawl.

string

<= 64 characters

disable_api_crawler

object

api_discovery_from_code_scan

object

code_base_integrations

Code Base Integrations

Required: YES.

Array<object>

<= 5 items

Code Base Integration

object

all_repos

object

code_base_integration

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

selected_repos

object

api_code_repo

API Code Repository

Code repository which contain API endpoints

Required: YES.

Array<string>

custom_api_auth_discovery

object

api_discovery_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_api_auth_discovery

object

disable_learn_from_redirect_traffic

object

discovered_api_settings

object

purge_duration_for_inactive_discovered_apis

purge_duration_for_inactive_discovered_apis

Inactive discovered API will be deleted after configured duration.

integer format: int64

enable_learn_from_redirect_traffic

object

enable_challenge

object

captcha_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

default_captcha_challenge_parameters

object

default_js_challenge_parameters

object

default_mitigation_settings

object

js_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

malicious_user_mitigation

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

enable_ip_reputation

object

ip_threat_categories

IP Threat Categories

If the source IP matches on atleast one of the enabled IP threat categories, the request will be denied.

Required: YES.

Array<string>

<= 32 items

Allowed values: SPAM_SOURCES WINDOWS_EXPLOITS WEB_ATTACKS BOTNETS SCANNERS REPUTATION PHISHING PROXY MOBILE_THREATS TOR_PROXY DENIAL_OF_SERVICE NETWORK

enable_malicious_user_detection

object

enable_threat_mesh

object

graphql_rules

Array<object>

<= 64 items

GraphQL Rule

This section defines various configuration OPTIONS for GraphQL inspection.

object

any_domain

object

exact_path

Path

Specifies the exact path to GraphQL endpoint. Default value is /graphql. Required: YES.

string

<= 256 characters

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

graphql_settings

object

disable_introspection

object

enable_introspection

object

max_batched_queries

Max Batched Queries

Specify maximum number of queries in a single batched request. Required: YES.

integer format: int64

max_depth

Max Depth

Specify maximum depth for the GraphQL query. Required: YES.

integer format: int64

max_total_length

Max Total Length

Specify maximum length in bytes for the GraphQL query. Required: YES.

integer format: int64

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

method_get

object

method_post

object

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

host_name

Internally generated host name to be used for the virtual host.

string

<= 1024 characters

http

object

dns_volterra_managed

Manage DNS Domain

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

tls_cert_options

object

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_inline_params

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

tls_config

object

tls_11_plus

object

tls_12_plus

object

js_challenge

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

jwt_validation

object

action

object

block

object

report

object

jwks_config

object

cleartext

cleartext

The JSON Web Key Set (JWKS) is a set of keys used to verify JSON Web Token (JWT) issued by the Authorization Server. See RFC 7517 for more details.

string

<= 1024 characters

mandatory_claims

object

claim_names

Claim names

Human-readable name for the resource

Array<string>

<= 16 items

reserved_claims

object

audience

object

audiences

audiences

Required: YES.

Array<string>

>= 1 items <= 16 items

audience_disable

object

issuer

issuer

Exclusive with [issuer_disable]

string

<= 1024 characters

issuer_disable

object

validate_period_disable

object

validate_period_enable

object

target

object

all_endpoint

object

api_groups

object

api_groups

api group

Required: YES.

Array<string>

<= 32 items

base_paths

object

base_paths

base_paths

Required: YES.

Array<string>

<= 16 items

token_location

object

bearer_token

object

authorization_server

object

authorization_servers

authorization_server_name

Authorization Servers are configured separately in the ‘Shared Objects’ section of the Web App & API Protection workspace and used to fetch JWKS for JWT validation.

Required: YES.

Array<object>

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

l7_ddos_action_block

object

l7_ddos_action_default

object

l7_ddos_action_js_challenge

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

no_challenge

object

no_service_policies

object

origin_pool

object

more_origin_options

object

enable_byte_range_request

Enable Origin Byte Range Requests

Choice to enable/disable byte range requests towards origin.

boolean format: boolean

websocket_proxy

Enable websocket proxy to the origin

Option to enable proxying of websocket connections to the origin server.

boolean format: boolean

no_tls

object

origin_request_timeout

Origin Request Timeout

Configures the time after which a request to the origin will time out waiting for a response.

string

<= 1024 characters

origin_servers

List of Origin Servers

List of original servers

Required: YES.

Array<object>

>= 1 items <= 32 items

CDNOriginServerType

Various OPTIONS to specify origin server.

object

port

Port

Port the workload can be reached on.

integer format: int64

>= 1 <= 65535

public_ip

object

Exclusive with [] Public IPv4 address.

string

<= 1024 characters

public_name

object

dns_name

DNS name

DNS Name Required: YES.

string

>= 1 characters <= 256 characters

refresh_interval

refresh_interval

Interval for DNS refresh in seconds. Max value is 7 days as per https://datatracker.ietf.org/doc/HTML/rfc8767.

integer format: int64

public_name

object

dns_name

DNS name

DNS Name Required: YES.

string

>= 1 characters <= 256 characters

refresh_interval

refresh_interval

Interval for DNS refresh in seconds. Max value is 7 days as per https://datatracker.ietf.org/doc/HTML/rfc8767.

integer format: int64

use_tls

object

default_session_key_caching

object

disable_session_key_caching

object

disable_sni

object

max_session_keys

Max Session Keys Cached

Exclusive with [default_session_key_caching disable_session_key_caching]

Number of session keys that are cached.

integer format: int64

no_mtls

object

skip_server_verification

object

sni

sni

Exclusive with [disable_sni use_host_header_as_sni] SNI value to be used.

string

<= 256 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_host_header_as_sni

object

use_mtls

object

tls_certificates

mTLS certificate

MTLS Client Certificate

Required: YES.

Array<object>

>= 1 items <= 1 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

use_system_defaults

object

use_mtls_obj

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

use_server_verification

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Origin Pool for verification of server’s certificate.

string

>= 1 characters <= 131072 characters

volterra_trusted_ca

object

other_settings

object

add_location

Add Site information

X-example: true Appends header x-F5 Distributed Cloud-location = in responses.

boolean format: boolean

header_options

object

request_headers_to_add

Headers to add in request

Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied.

Array<object>

<= 32 items

HeaderManipulationOptionType

object

append

append

Should the value be appended? If true, the value is appended to existing values. Default value is do not append.

boolean format: boolean

name

name

Name of the HTTP header. Required: YES.

string

>= 6 characters <= 256 characters

secret_value

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

value

value

Exclusive with [secret_value] Value of the HTTP header.

string

>= 3 characters <= 8096 characters

request_headers_to_remove

Header to be removed from request

List of keys of Headers to be removed from the HTTP request being sent towards upstream.

Array<string>

<= 32 items

response_headers_to_add

Headers to add in response

Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied.

Array<object>

<= 32 items

HeaderManipulationOptionType

object

append

append

Should the value be appended? If true, the value is appended to existing values. Default value is do not append.

boolean format: boolean

name

name

Name of the HTTP header. Required: YES.

string

>= 6 characters <= 256 characters

secret_value

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

string format: uri

<= 131072 characters

value

value

Exclusive with [secret_value] Value of the HTTP header.

string

>= 3 characters <= 8096 characters

response_headers_to_remove

Header to be removed from response

List of keys of Headers to be removed from the HTTP response being sent towards downstream.

Array<string>

<= 32 items

logging_options

object

client_log_options

object

header_list

List of Headers

List of headers.

Array<string>

<= 64 items

origin_log_options

object

header_list

List of Headers

List of headers.

Array<string>

<= 64 items

policy_based_challenge

object

always_enable_captcha_challenge

object

always_enable_js_challenge

object

captcha_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

default_captcha_challenge_parameters

object

default_js_challenge_parameters

object

default_mitigation_settings

object

default_temporary_blocking_parameters

object

js_challenge_parameters

object

cookie_expiry

cookie_expiry

Cookie expiration period, in seconds. An expired cookie causes the loadbalancer to issue a new challenge.

integer format: int64

custom_page

custom_page

Please Wait

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

js_script_delay

js_script_delay

Delay introduced by Javascript, in milliseconds.

integer format: int64

malicious_user_mitigation

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_challenge

object

rule_list

object

rules

Rules

Array<object>

<= 64 items

Challenge Rule

Challenge rule.

object

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

spec

object

any_asn

object

any_client

object

any_ip

object

arg_matchers

Array<object>

<= 16 items

ArgMatcherType

A argument matcher specifies the name of a single argument in the body and the criteria to match it. A argument matcher can check for one of the following:

Presence or absence of the argument
At least one of the values for the argument in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive JSON path in the HTTP request body. Required: YES.

string

>= 6 characters <= 256 characters

asn_list

object

as_numbers

as numbers

Array<integer>

>= 1 items <= 16 items

asn_matcher

object

asn_sets

asn_sets

A list of references to bgp_asn_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

body_matcher

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

client_selector

object

expressions

expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>

<= 1 items

cookie_matchers

Array<object>

<= 16 items

CookieMatcherType

Presence or absence of the cookie
At least one of the values for the cookie in the request satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert Match of the expression defined.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-sensitive cookie name. Required: YES.

string

>= 6 characters <= 256 characters

disable_challenge

object

domain_matcher

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

enable_captcha_challenge

object

enable_javascript_challenge

object

expiration_timestamp

string format: date-time

<= 1024 characters

headers

Array<object>

<= 16 items

HeaderMatcherType

Presence or absence of the header in the input
At least one of the values for the header in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

name

name

A case-insensitive HTTP header name. Required: YES.

string

>= 6 characters <= 256 characters

http_method

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

methods

methods

List of methods values to match against.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

ip_matcher

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_sets

prefix_sets

A list of references to ip_prefix_set objects.

Required: YES.

Array<object>

<= 4 items

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

ip_prefix_list

object

invert_match

invert_matcher

Invert the match result.

boolean format: boolean

ip_prefixes

ip prefixes

List of IPv4 prefix strings.

Array<string>

<= 128 items

path

object

exact_values

exact values

A list of exact path values to match the input HTTP path against.

Array<string>

<= 16 items

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

prefix_values

prefix values

A list of path prefix values to match the input HTTP path against.

Array<string>

<= 16 items

regex_values

regex values

A list of regular expressions to match the input HTTP path against.

Array<string>

<= 16 items

suffix_values

Suffix values

A list of path suffix values to match the input HTTP path against.

Array<string>

<= 64 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

query_params

Array<object>

<= 16 items

QueryParameterMatcherType

Presence or absence of the query parameter in the input
At least one of the values for the query parameter in the input satisfies the MatcherType item.

object

check_not_present

object

check_present

object

invert_matcher

invert_matcher

Invert the match result.

boolean format: boolean

item

object

exact_values

exact values

A list of exact values to match the input against.

Array<string>

<= 64 items

regex_values

regex values

A list of regular expressions to match the input against.

Array<string>

<= 16 items

transformers

transformers

An ordered list of transformers (starting from index 0) to be applied to the path before matching.

Array<string>

<= 9 items

Allowed values: LOWER_CASE UPPER_CASE BASE64_DECODE NORMALIZE_PATH REMOVE_WHITESPACE URL_DECODE TRIM_LEFT TRIM_RIGHT TRIM

key

key

A case-sensitive HTTP query parameter name. Required: YES.

string

>= 7 characters <= 256 characters

tls_fingerprint_matcher

object

classes

classes

A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

Allowed values: TLS_FINGERPRINT_NONE ANY_MALICIOUS_FINGERPRINT ADWARE ADWIND DRIDEX GOOTKIT GOZI JBIFROST QUAKBOT RANSOMWARE TROLDESH TOFSEE TORRENTLOCKER TRICKBOT

exact_values

exact values

A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.

Array<string>

<= 16 items

excluded_values

excluded values

Array<string>

<= 32 items

temporary_user_blocking

object

custom_page

custom_page

Blocked

”. Base64 encoded string for this HTML is “PHA+IFBsZWFzZSBXYWl0IDwvcD4=”

string

<= 65536 characters

protected_cookies

Array<object>

<= 16 items

CookieManipulationOptionType

Set Cookie protection attributes.

object

add_httponly

object

add_secure

object

disable_tampering_protection

object

enable_tampering_protection

object

ignore_httponly

object

ignore_max_age

object

ignore_samesite

object

ignore_secure

object

max_age_value

add_max_age

Exclusive with [ignore_max_age] Add max age attribute.

integer format: int32

name

name

Name of the Cookie Required: YES.

string

>= 6 characters <= 256 characters

samesite_lax

object

samesite_none

object

samesite_strict

object

rate_limit

object

custom_ip_allowed_list

object

rate_limiter_allowed_prefixes

rate_limiter_allowed_prefixes

References to ip_prefix_set objects. Requests from source IP addresses that are covered by one of the allowed IP Prefixes are not subjected to rate limiting.

Required: YES.

Array<object>

>= 1 items <= 4 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ip_allowed_list

object

prefixes

ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>

<= 128 items

no_ip_allowed_list

object

no_policies

object

policies

object

policies

Rate Limiter Policies

Ordered list of rate limiter policies.

Required: YES.

Array<object>

<= 16 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

rate_limiter

object

action_block

object

hours

object

duration

Duration

Configuration parameter for duration

integer format: int64

minutes

object

duration

Duration

Configuration parameter for duration

integer format: int64

seconds

object

duration

Duration

Configuration parameter for duration

integer format: int64

burst_multiplier

burst_multiplier

The maximum burst of requests to accommodate, expressed as a multiple of the rate.

integer format: int64

disabled

object

leaky_bucket

object

period_multiplier

period_multiplier

This setting, combined with Per Period units, provides a duration.

integer format: int64

token_bucket

object

total_number

total_number

The total number of allowed requests per rate-limiting period. Required: YES.

integer format: int64

unit

string

default: SECOND

Allowed values: SECOND MINUTE HOUR

sensitive_data_policy

object

sensitive_data_policy_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

service_domains

CNAME provided from service per domain.

Array<object>

object

domain

Domain Name

Domain Name.

string format: hostname

>= 26 characters <= 1024 characters

service_domain

Service Domain

Service Domain.

string

<= 1024 characters

service_policies_from_namespace

object

slow_ddos_mitigation

object

disable_request_timeout

object

request_headers_timeout

Request Headers Timeout

integer format: int64

request_timeout

Custom Timeout

Exclusive with [disable_request_timeout]

integer format: int64

state

string

default: VIRTUAL_HOST_READY

Allowed values: VIRTUAL_HOST_READY VIRTUAL_HOST_PENDING_VERIFICATION VIRTUAL_HOST_VERIFICATION_FAILED VIRTUAL_HOST_PENDING_DNS_DELEGATION VIRTUAL_HOST_PENDING_A_RECORD VIRTUAL_HOST_DNS_A_RECORD_ADDED VIRTUAL_HOST_INTERNET_NLB_PENDING_CREATION VIRTUAL_HOST_INTERNET_NLB_CREATION_FAILED

system_default_timeouts

object

trusted_clients

Define rules to skip processing of one or more features such as WAF, Bot Defense etc. For clients.

Array<object>

<= 256 items

SimpleClientSrcRule

Simple client source rule specifies the sources to be blocked or trusted (skip WAF)

object

actions

actions

Actions that should be taken when client identifier matches the rule.

Array<string>

<= 10 items

as_number

as number

Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.

integer format: int64

bot_skip_processing

object

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

http_header

object

headers

headers

List of HTTP header name and value pairs

Required: YES.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

ip_prefix

ip prefix

Exclusive with [as_number http_header ipv6_prefix user_identifier] IPv4 prefix string.

string

<= 1024 characters

ipv6_prefix

ipv6 prefix

Exclusive with [as_number http_header ip_prefix user_identifier] IPv6 prefix string.

string

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

skip_processing

object

user_identifier

user identifier

Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier. User identifier value needs to be copied from security event.

string

<= 256 characters

waf_skip_processing

object

user_id_client_ip

object

user_identification

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

waf_exclusion

object

waf_exclusion_inline_rules

object

rules

List of WAF Exclusion Rules

An ordered list of WAF Exclusions specific to this Load Balancer.

Array<object>

<= 256 items

SimpleWafExclusionRule

Simple WAF exclusion rule specifies a simple set of match conditions to be matched to skip a list of WAF detections.

object

any_domain

object

any_path

object

app_firewall_detection_control

object

exclude_attack_type_contexts

Exclude Attack Types Contexts

Attack Types to be excluded for the defined match criteria.

Array<object>

<= 64 items

App Firewall Attack Type Context

App Firewall Attack Type context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

exclude_attack_type

string

default: ATTACK_TYPE_NONE

exclude_bot_name_contexts

Exclude Bot Names Contexts

Bot Names to be excluded for the defined match criteria.

Array<object>

<= 64 items

Bot Name Context

Specifies bot to be excluded by its name.

object

bot_name

BotName

Required: YES.

string

<= 1024 characters

exclude_signature_contexts

Exclude Signature Contexts

Signature IDs to be excluded for the defined match criteria.

Array<object>

<= 1024 items

App Firewall Signature Context

App Firewall signature context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

signature_id

SignatureID

The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context. Required: YES.

integer format: int64

exclude_violation_contexts

Exclude Violation Contexts

Violations to be excluded for the defined match criteria.

Array<object>

<= 64 items

App Firewall Violation Context

App Firewall violation context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

exclude_violation

string

default: VIOL_NONE

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

expiration_timestamp

expiration timestamp

string format: date-time

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path_prefix

prefix

Exclusive with [any_path path_regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

path_regex

Path Regex

Exclusive with [any_path path_prefix] Define the regex for the path. For example, the regex ^/.*$ will match on all paths.

string

<= 256 characters

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

waf_skip_processing

object

waf_exclusion_policy

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

status

status

The status reported by different services for this configuration object.

Array<object>

>= 17 characters <= 17 characters

StatusObject

Most recently observed status of object.

object

cdn_site_status

object

error

Error

Error message (if any)

string

<= 1024 characters

site

Site Name

Name of the site that reported this status.

string

<= 1024 characters

status

string

default: DEPLOYMENT_STATUS_NOT_DEPLOYED

Allowed values: DEPLOYMENT_STATUS_NOT_DEPLOYED DEPLOYMENT_STATUS_DEPLOYING DEPLOYMENT_STATUS_DEPLOY_FAILED DEPLOYMENT_STATUS_DEPLOYED

cdn_status

object

cfg_version

Cfg Version

Cfg version.

integer format: int64

cp_version

CP Version

CP version.

integer format: int64

deployment_status

string

default: CDN_LB_STATUS_CREATED

Allowed values: CDN_LB_STATUS_CREATED CDN_LB_STATUS_DEPLOYING CDN_LB_STATUS_DEPLOY_FAILED CDN_LB_STATUS_DEPLOYED CDN_LB_STATUS_FAILED

error

Error

Error message.

string

<= 1024 characters

conditions

conditions

Conditions represent the normalized status values for configuration object.

Array<object>

ConditionType

Conditions are used in the object status to describe the current state of the object, e.g. Ready, Succeeded, etc.

object

hostname

hostname

Hostname of the instance of the site that sent the status.

string

<= 1024 characters

last_update_time

last_update_time

Last time the condition was updated.

string format: date-time

<= 1024 characters

reason

reason

X-reason: “Insufficient memory in data plane” A human readable string explaining the reason for reaching this condition.

string

>= 27 characters <= 1024 characters

service_name

service name

Name of the service that sent the status.

string

<= 1024 characters

status

status

Status of the condition “Success” Validtion has succeded. Requested operation was successful. “Failed” Validation has failed. “Incomplete” Validation of configuration has failed due to missing configuration. “Installed” Validation has passed and configuration has been installed in data path or K8s “Down” Configuration is operationally down. E.g. Down interface “Disabled” Configuration is administratively disabled i.e. objectmetatype.disable = true. “NotApplicable” Configuration is not applicable e.g. Tenant service_policy_set(s) in system namespace are not applicable on REs.

string

>= 17 characters <= 1024 characters

type

type

Type of the condition “Validation” represents validation user given configuration object “Operational” represents operational status of a given configuration object.

string

<= 1024 characters

metadata

object

creation_timestamp

creation_timestamp

Creation_timestamp is when the status object was created. It is used to find/tie-break for latest status object from same origin.

string format: date-time

<= 1024 characters

creator_class

creator_class

Class of creator which created this StatusObject. This will be service’s DNS FQDN. This will be set by the system based on client certificate information.

string

<= 1024 characters

creator_id

creator_id

ID of creator which created this StatusObject. This will be a concrete identifier for service (e.g. Identifying the environment also). This will be set by the system based on client certificate information.

string

<= 1024 characters

publish

string

default: STATUS_DO_NOT_PUBLISH

Allowed values: STATUS_DO_NOT_PUBLISH STATUS_PUBLISH

status_id

status_id

Status_id is a field used by the generator to distinguish (if necessary) between two status objects for the same config object from the same site and same service and potentially same daemon(creator-ID)

string

<= 1024 characters

uid

uid

Uid is the unique in time and space value for a StatusObject.

string format: uuid

>= 36 characters <= 1024 characters

vtrp_id

vtrp_id

Origin of this status exchanged by VTRP.

string

<= 1024 characters

vtrp_stale

vtrp_stale

Indicate whether mars deems this object to be stale via graceful restart timer information.

boolean format: boolean

object_refs

object_refs

CDN loadbalancer view object direct reference.

Array<object>

ObjectRefType

object

kind

kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 1024 characters

uid

uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid

>= 36 characters <= 1024 characters

virtual_host_status

object

error_description

Error Description

Description of error during DNS configuration.

string

<= 1024 characters

existing_certificate_state

Existing Certificate Status

Status of Existing Auto Certficate.

string

<= 1024 characters

renew_certificate_state

string

default: AutoCertDisabled

state

string

default: VIRTUAL_HOST_READY

suggested_action

Suggested Action

Suggested action for customer on error.

string

<= 1024 characters

system_metadata

object

creation_timestamp

creation_timestamp

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

string format: date-time

<= 1024 characters

creator_class

creator_class

A value identifying the class of the user or service which created this configuration object.

string

<= 1024 characters

creator_id

creator_id

A value identifying the exact user or service that created this configuration object.

string

<= 1024 characters

deletion_timestamp

deletion_timestamp

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only.

string format: date-time

<= 1024 characters

finalizers

finalizers

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

Array<string>

initializers

object

pending

pending

Pending is a list of initializers that must execute in order before this object is initialized. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients.

Array<object>

InitializerType

Initializer is information about an initializer that has not yet completed.

object

name

name

Name of the service that is responsible for initializing this object.

string

>= 6 characters <= 1024 characters

result

object

code

code

Suggested HTTP return code for this status, 0 if not set.

integer format: int32

reason

reason

A human-readable description of why this operation is in the “Failure” status. If this value is empty there is no information available.

string

>= 27 characters <= 1024 characters

status

status

Status of the operation. One of: “Success” or “Failure”.

string

>= 17 characters <= 1024 characters

labels

labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the operator or software. Values here can be interpreted by software(backend or frontend) to enable certain behavior e.g. Things marked as soft-deleted(restorable).

object

modification_timestamp

modification_timestamp

ModificationTimestamp is a timestamp representing the server time when this object was last modified.

string format: date-time

<= 1024 characters

object_index

object_index

Unique index for the object. Some objects need a unique integer index to be allocated for each object type. This field will be populated for all objects that need it and will be zero otherwise.

integer format: int64

owner_view

object

kind

kind

Kind of the view object.

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

uid

uid

UID of the view object.

string format: uuid

>= 36 characters <= 1024 characters

tenant

tenant

Tenant to which this configuration object belongs to. The value for this is found from presented credentials.

string

>= 6 characters <= 1024 characters

uid

uid

Uid is the unique in time and space value for this object. It is generated by the server on successful creation of an object and is not allowed to change on Replace API. The value of is taken from uid field of ObjectMetaType, if provided.

string format: uuid

>= 36 characters <= 1024 characters

Example

{
  "create_form": {
    "spec": {
      "api_rate_limit": {
        "api_endpoint_rules": [
          {
            "api_endpoint_method": {
              "methods": [
                "ANY"
              ]
            },
            "client_matcher": {
              "ip_threat_category_list": {
                "ip_threat_categories": [
                  "SPAM_SOURCES"
                ]
              },
              "tls_fingerprint_matcher": {
                "classes": [
                  "TLS_FINGERPRINT_NONE"
                ]
              }
            },
            "inline_rate_limiter": {
              "unit": "SECOND"
            },
            "request_matcher": {
              "cookie_matchers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "jwt_claims": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "query_params": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ]
            }
          }
        ],
        "bypass_rate_limiting_rules": {
          "bypass_rate_limiting_rules": [
            {
              "api_endpoint": {
                "methods": [
                  "ANY"
                ]
              },
              "client_matcher": {
                "ip_threat_category_list": {
                  "ip_threat_categories": [
                    "SPAM_SOURCES"
                  ]
                },
                "tls_fingerprint_matcher": {
                  "classes": [
                    "TLS_FINGERPRINT_NONE"
                  ]
                }
              },
              "request_matcher": {
                "cookie_matchers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "headers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "jwt_claims": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "query_params": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ]
              }
            }
          ]
        },
        "server_url_rules": [
          {
            "client_matcher": {
              "ip_threat_category_list": {
                "ip_threat_categories": [
                  "SPAM_SOURCES"
                ]
              },
              "tls_fingerprint_matcher": {
                "classes": [
                  "TLS_FINGERPRINT_NONE"
                ]
              }
            },
            "inline_rate_limiter": {
              "unit": "SECOND"
            },
            "request_matcher": {
              "cookie_matchers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "jwt_claims": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "query_params": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ]
            }
          }
        ]
      },
      "api_specification": {
        "validation_all_spec_endpoints": {
          "fall_through_mode": {
            "fall_through_mode_custom": {
              "open_api_validation_rules": [
                {
                  "api_endpoint": {
                    "methods": [
                      "ANY"
                    ]
                  }
                }
              ]
            }
          },
          "validation_mode": {
            "response_validation_mode_active": {
              "response_validation_properties": [
                "PROPERTY_QUERY_PARAMETERS"
              ]
            },
            "validation_mode_active": {
              "request_validation_properties": [
                "PROPERTY_QUERY_PARAMETERS"
              ]
            }
          }
        },
        "validation_custom_list": {
          "fall_through_mode": {
            "fall_through_mode_custom": {
              "open_api_validation_rules": [
                {
                  "api_endpoint": {
                    "methods": [
                      "ANY"
                    ]
                  }
                }
              ]
            }
          },
          "open_api_validation_rules": [
            {
              "api_endpoint": {
                "methods": [
                  "ANY"
                ]
              },
              "validation_mode": {
                "response_validation_mode_active": {
                  "response_validation_properties": [
                    "PROPERTY_QUERY_PARAMETERS"
                  ]
                },
                "validation_mode_active": {
                  "request_validation_properties": [
                    "PROPERTY_QUERY_PARAMETERS"
                  ]
                }
              }
            }
          ]
        }
      },
      "blocked_clients": [
        {
          "actions": [
            "SKIP_PROCESSING_WAF"
          ]
        }
      ],
      "bot_defense": {
        "policy": {
          "javascript_mode": "ASYNC_JS_NO_CACHING",
          "js_insert_all_pages": {
            "javascript_location": "AFTER_HEAD"
          },
          "js_insert_all_pages_except": {
            "javascript_location": "AFTER_HEAD"
          },
          "js_insertion_rules": {
            "rules": [
              {
                "javascript_location": "AFTER_HEAD"
              }
            ]
          },
          "mobile_sdk_config": {
            "mobile_identifier": {
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ]
            }
          },
          "protected_app_endpoints": [
            {
              "flow_label": {
                "authentication": {
                  "login": {
                    "transaction_result": {
                      "failure_conditions": [
                        {
                          "status": "EmptyStatusCode"
                        }
                      ],
                      "success_conditions": [
                        {
                          "status": "EmptyStatusCode"
                        }
                      ]
                    }
                  }
                }
              },
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "http_methods": [
                "METHOD_ANY"
              ],
              "mitigation": {
                "block": {
                  "status": "EmptyStatusCode"
                }
              },
              "protocol": "BOTH",
              "query_params": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "web_mobile": {
                "mobile_identifier": "HEADERS"
              }
            }
          ]
        },
        "regional_endpoint": "AUTO"
      },
      "ddos_mitigation_rules": [
        {
          "ddos_client_source": {
            "country_list": [
              "COUNTRY_NONE"
            ],
            "tls_fingerprint_matcher": {
              "classes": [
                "TLS_FINGERPRINT_NONE"
              ]
            }
          }
        }
      ],
      "enable_ip_reputation": {
        "ip_threat_categories": [
          "SPAM_SOURCES"
        ]
      },
      "https": {
        "tls_cert_options": {
          "tls_cert_params": {
            "tls_config": {
              "custom_security": {
                "max_version": "TLS_AUTO",
                "min_version": "TLS_AUTO"
              }
            },
            "use_mtls": {
              "xfcc_options": {
                "xfcc_header_elements": [
                  "XFCC_NONE"
                ]
              }
            }
          },
          "tls_inline_params": {
            "tls_certificates": [
              {
                "custom_hash_algorithms": {
                  "hash_algorithms": [
                    "INVALID_HASH_ALGORITHM"
                  ]
                }
              }
            ],
            "tls_config": {
              "custom_security": {
                "max_version": "TLS_AUTO",
                "min_version": "TLS_AUTO"
              }
            },
            "use_mtls": {
              "xfcc_options": {
                "xfcc_header_elements": [
                  "XFCC_NONE"
                ]
              }
            }
          }
        }
      },
      "origin_pool": {
        "use_tls": {
          "default_session_key_caching": {},
          "no_mtls": {},
          "tls_config": {
            "custom_security": {
              "max_version": "TLS_AUTO",
              "min_version": "TLS_AUTO"
            }
          },
          "use_host_header_as_sni": {},
          "use_mtls": {
            "tls_certificates": [
              {
                "custom_hash_algorithms": {
                  "hash_algorithms": [
                    "INVALID_HASH_ALGORITHM"
                  ]
                }
              }
            ]
          },
          "volterra_trusted_ca": {}
        }
      },
      "policy_based_challenge": {
        "rule_list": {
          "rules": [
            {
              "spec": {
                "arg_matchers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "body_matcher": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                },
                "cookie_matchers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "headers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "http_method": {
                  "methods": [
                    "ANY"
                  ]
                },
                "path": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                },
                "query_params": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "tls_fingerprint_matcher": {
                  "classes": [
                    "TLS_FINGERPRINT_NONE"
                  ]
                }
              }
            }
          ]
        }
      },
      "rate_limit": {
        "no_ip_allowed_list": {},
        "no_policies": {},
        "rate_limiter": {
          "period_multiplier": 0,
          "unit": "SECOND"
        }
      },
      "trusted_clients": [
        {
          "actions": [
            "SKIP_PROCESSING_WAF"
          ]
        }
      ],
      "waf_exclusion": {
        "waf_exclusion_inline_rules": {
          "rules": [
            {
              "app_firewall_detection_control": {
                "exclude_attack_type_contexts": [
                  {
                    "context": "CONTEXT_ANY",
                    "exclude_attack_type": "ATTACK_TYPE_NONE"
                  }
                ],
                "exclude_signature_contexts": [
                  {
                    "context": "CONTEXT_ANY"
                  }
                ],
                "exclude_violation_contexts": [
                  {
                    "context": "CONTEXT_ANY",
                    "exclude_violation": "VIOL_NONE"
                  }
                ]
              },
              "methods": [
                "ANY"
              ]
            }
          ]
        }
      }
    }
  },
  "replace_form": {
    "spec": {
      "api_rate_limit": {
        "api_endpoint_rules": [
          {
            "api_endpoint_method": {
              "methods": [
                "ANY"
              ]
            },
            "client_matcher": {
              "ip_threat_category_list": {
                "ip_threat_categories": [
                  "SPAM_SOURCES"
                ]
              },
              "tls_fingerprint_matcher": {
                "classes": [
                  "TLS_FINGERPRINT_NONE"
                ]
              }
            },
            "inline_rate_limiter": {
              "unit": "SECOND"
            },
            "request_matcher": {
              "cookie_matchers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "jwt_claims": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "query_params": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ]
            }
          }
        ],
        "bypass_rate_limiting_rules": {
          "bypass_rate_limiting_rules": [
            {
              "api_endpoint": {
                "methods": [
                  "ANY"
                ]
              },
              "client_matcher": {
                "ip_threat_category_list": {
                  "ip_threat_categories": [
                    "SPAM_SOURCES"
                  ]
                },
                "tls_fingerprint_matcher": {
                  "classes": [
                    "TLS_FINGERPRINT_NONE"
                  ]
                }
              },
              "request_matcher": {
                "cookie_matchers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "headers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "jwt_claims": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "query_params": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ]
              }
            }
          ]
        },
        "server_url_rules": [
          {
            "client_matcher": {
              "ip_threat_category_list": {
                "ip_threat_categories": [
                  "SPAM_SOURCES"
                ]
              },
              "tls_fingerprint_matcher": {
                "classes": [
                  "TLS_FINGERPRINT_NONE"
                ]
              }
            },
            "inline_rate_limiter": {
              "unit": "SECOND"
            },
            "request_matcher": {
              "cookie_matchers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "jwt_claims": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "query_params": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ]
            }
          }
        ]
      },
      "api_specification": {
        "validation_all_spec_endpoints": {
          "fall_through_mode": {
            "fall_through_mode_custom": {
              "open_api_validation_rules": [
                {
                  "api_endpoint": {
                    "methods": [
                      "ANY"
                    ]
                  }
                }
              ]
            }
          },
          "validation_mode": {
            "response_validation_mode_active": {
              "response_validation_properties": [
                "PROPERTY_QUERY_PARAMETERS"
              ]
            },
            "validation_mode_active": {
              "request_validation_properties": [
                "PROPERTY_QUERY_PARAMETERS"
              ]
            }
          }
        },
        "validation_custom_list": {
          "fall_through_mode": {
            "fall_through_mode_custom": {
              "open_api_validation_rules": [
                {
                  "api_endpoint": {
                    "methods": [
                      "ANY"
                    ]
                  }
                }
              ]
            }
          },
          "open_api_validation_rules": [
            {
              "api_endpoint": {
                "methods": [
                  "ANY"
                ]
              },
              "validation_mode": {
                "response_validation_mode_active": {
                  "response_validation_properties": [
                    "PROPERTY_QUERY_PARAMETERS"
                  ]
                },
                "validation_mode_active": {
                  "request_validation_properties": [
                    "PROPERTY_QUERY_PARAMETERS"
                  ]
                }
              }
            }
          ]
        }
      },
      "blocked_clients": [
        {
          "actions": [
            "SKIP_PROCESSING_WAF"
          ]
        }
      ],
      "bot_defense": {
        "policy": {
          "javascript_mode": "ASYNC_JS_NO_CACHING",
          "js_insert_all_pages": {
            "javascript_location": "AFTER_HEAD"
          },
          "js_insert_all_pages_except": {
            "javascript_location": "AFTER_HEAD"
          },
          "js_insertion_rules": {
            "rules": [
              {
                "javascript_location": "AFTER_HEAD"
              }
            ]
          },
          "mobile_sdk_config": {
            "mobile_identifier": {
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ]
            }
          },
          "protected_app_endpoints": [
            {
              "flow_label": {
                "authentication": {
                  "login": {
                    "transaction_result": {
                      "failure_conditions": [
                        {
                          "status": "EmptyStatusCode"
                        }
                      ],
                      "success_conditions": [
                        {
                          "status": "EmptyStatusCode"
                        }
                      ]
                    }
                  }
                }
              },
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "http_methods": [
                "METHOD_ANY"
              ],
              "mitigation": {
                "block": {
                  "status": "EmptyStatusCode"
                }
              },
              "protocol": "BOTH",
              "query_params": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "web_mobile": {
                "mobile_identifier": "HEADERS"
              }
            }
          ]
        },
        "regional_endpoint": "AUTO"
      },
      "ddos_mitigation_rules": [
        {
          "ddos_client_source": {
            "country_list": [
              "COUNTRY_NONE"
            ],
            "tls_fingerprint_matcher": {
              "classes": [
                "TLS_FINGERPRINT_NONE"
              ]
            }
          }
        }
      ],
      "enable_ip_reputation": {
        "ip_threat_categories": [
          "SPAM_SOURCES"
        ]
      },
      "https": {
        "tls_cert_options": {
          "tls_cert_params": {
            "tls_config": {
              "custom_security": {
                "max_version": "TLS_AUTO",
                "min_version": "TLS_AUTO"
              }
            },
            "use_mtls": {
              "xfcc_options": {
                "xfcc_header_elements": [
                  "XFCC_NONE"
                ]
              }
            }
          },
          "tls_inline_params": {
            "tls_certificates": [
              {
                "custom_hash_algorithms": {
                  "hash_algorithms": [
                    "INVALID_HASH_ALGORITHM"
                  ]
                }
              }
            ],
            "tls_config": {
              "custom_security": {
                "max_version": "TLS_AUTO",
                "min_version": "TLS_AUTO"
              }
            },
            "use_mtls": {
              "xfcc_options": {
                "xfcc_header_elements": [
                  "XFCC_NONE"
                ]
              }
            }
          }
        }
      },
      "origin_pool": {
        "use_tls": {
          "default_session_key_caching": {},
          "no_mtls": {},
          "tls_config": {
            "custom_security": {
              "max_version": "TLS_AUTO",
              "min_version": "TLS_AUTO"
            }
          },
          "use_host_header_as_sni": {},
          "use_mtls": {
            "tls_certificates": [
              {
                "custom_hash_algorithms": {
                  "hash_algorithms": [
                    "INVALID_HASH_ALGORITHM"
                  ]
                }
              }
            ]
          },
          "volterra_trusted_ca": {}
        }
      },
      "policy_based_challenge": {
        "rule_list": {
          "rules": [
            {
              "spec": {
                "arg_matchers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "body_matcher": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                },
                "cookie_matchers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "headers": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "http_method": {
                  "methods": [
                    "ANY"
                  ]
                },
                "path": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                },
                "query_params": [
                  {
                    "item": {
                      "transformers": [
                        "LOWER_CASE"
                      ]
                    }
                  }
                ],
                "tls_fingerprint_matcher": {
                  "classes": [
                    "TLS_FINGERPRINT_NONE"
                  ]
                }
              }
            }
          ]
        }
      },
      "rate_limit": {
        "no_ip_allowed_list": {},
        "no_policies": {},
        "rate_limiter": {
          "period_multiplier": 0,
          "unit": "SECOND"
        }
      },
      "trusted_clients": [
        {
          "actions": [
            "SKIP_PROCESSING_WAF"
          ]
        }
      ],
      "waf_exclusion": {
        "waf_exclusion_inline_rules": {
          "rules": [
            {
              "app_firewall_detection_control": {
                "exclude_attack_type_contexts": [
                  {
                    "context": "CONTEXT_ANY",
                    "exclude_attack_type": "ATTACK_TYPE_NONE"
                  }
                ],
                "exclude_signature_contexts": [
                  {
                    "context": "CONTEXT_ANY"
                  }
                ],
                "exclude_violation_contexts": [
                  {
                    "context": "CONTEXT_ANY",
                    "exclude_violation": "VIOL_NONE"
                  }
                ]
              },
              "methods": [
                "ANY"
              ]
            }
          ]
        }
      }
    }
  },
  "spec": {
    "api_rate_limit": {
      "api_endpoint_rules": [
        {
          "api_endpoint_method": {
            "methods": [
              "ANY"
            ]
          },
          "client_matcher": {
            "ip_threat_category_list": {
              "ip_threat_categories": [
                "SPAM_SOURCES"
              ]
            },
            "tls_fingerprint_matcher": {
              "classes": [
                "TLS_FINGERPRINT_NONE"
              ]
            }
          },
          "inline_rate_limiter": {
            "unit": "SECOND"
          },
          "request_matcher": {
            "cookie_matchers": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ],
            "headers": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ],
            "jwt_claims": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ],
            "query_params": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ]
          }
        }
      ],
      "bypass_rate_limiting_rules": {
        "bypass_rate_limiting_rules": [
          {
            "api_endpoint": {
              "methods": [
                "ANY"
              ]
            },
            "client_matcher": {
              "ip_threat_category_list": {
                "ip_threat_categories": [
                  "SPAM_SOURCES"
                ]
              },
              "tls_fingerprint_matcher": {
                "classes": [
                  "TLS_FINGERPRINT_NONE"
                ]
              }
            },
            "request_matcher": {
              "cookie_matchers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "jwt_claims": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "query_params": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ]
            }
          }
        ]
      },
      "server_url_rules": [
        {
          "client_matcher": {
            "ip_threat_category_list": {
              "ip_threat_categories": [
                "SPAM_SOURCES"
              ]
            },
            "tls_fingerprint_matcher": {
              "classes": [
                "TLS_FINGERPRINT_NONE"
              ]
            }
          },
          "inline_rate_limiter": {
            "unit": "SECOND"
          },
          "request_matcher": {
            "cookie_matchers": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ],
            "headers": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ],
            "jwt_claims": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ],
            "query_params": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ]
          }
        }
      ]
    },
    "api_specification": {
      "validation_all_spec_endpoints": {
        "fall_through_mode": {
          "fall_through_mode_custom": {
            "open_api_validation_rules": [
              {
                "api_endpoint": {
                  "methods": [
                    "ANY"
                  ]
                }
              }
            ]
          }
        },
        "validation_mode": {
          "response_validation_mode_active": {
            "response_validation_properties": [
              "PROPERTY_QUERY_PARAMETERS"
            ]
          },
          "validation_mode_active": {
            "request_validation_properties": [
              "PROPERTY_QUERY_PARAMETERS"
            ]
          }
        }
      },
      "validation_custom_list": {
        "fall_through_mode": {
          "fall_through_mode_custom": {
            "open_api_validation_rules": [
              {
                "api_endpoint": {
                  "methods": [
                    "ANY"
                  ]
                }
              }
            ]
          }
        },
        "open_api_validation_rules": [
          {
            "api_endpoint": {
              "methods": [
                "ANY"
              ]
            },
            "validation_mode": {
              "response_validation_mode_active": {
                "response_validation_properties": [
                  "PROPERTY_QUERY_PARAMETERS"
                ]
              },
              "validation_mode_active": {
                "request_validation_properties": [
                  "PROPERTY_QUERY_PARAMETERS"
                ]
              }
            }
          }
        ]
      }
    },
    "auto_cert_info": {
      "auto_cert_state": "AutoCertDisabled"
    },
    "blocked_clients": [
      {
        "actions": [
          "SKIP_PROCESSING_WAF"
        ]
      }
    ],
    "bot_defense": {
      "policy": {
        "javascript_mode": "ASYNC_JS_NO_CACHING",
        "js_insert_all_pages": {
          "javascript_location": "AFTER_HEAD"
        },
        "js_insert_all_pages_except": {
          "javascript_location": "AFTER_HEAD"
        },
        "js_insertion_rules": {
          "rules": [
            {
              "javascript_location": "AFTER_HEAD"
            }
          ]
        },
        "mobile_sdk_config": {
          "mobile_identifier": {
            "headers": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ]
          }
        },
        "protected_app_endpoints": [
          {
            "flow_label": {
              "authentication": {
                "login": {
                  "transaction_result": {
                    "failure_conditions": [
                      {
                        "status": "EmptyStatusCode"
                      }
                    ],
                    "success_conditions": [
                      {
                        "status": "EmptyStatusCode"
                      }
                    ]
                  }
                }
              }
            },
            "headers": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ],
            "http_methods": [
              "METHOD_ANY"
            ],
            "mitigation": {
              "block": {
                "status": "EmptyStatusCode"
              }
            },
            "protocol": "BOTH",
            "query_params": [
              {
                "item": {
                  "transformers": [
                    "LOWER_CASE"
                  ]
                }
              }
            ],
            "web_mobile": {
              "mobile_identifier": "HEADERS"
            }
          }
        ]
      },
      "regional_endpoint": "AUTO"
    },
    "cert_state": "AutoCertDisabled",
    "ddos_mitigation_rules": [
      {
        "ddos_client_source": {
          "country_list": [
            "COUNTRY_NONE"
          ],
          "tls_fingerprint_matcher": {
            "classes": [
              "TLS_FINGERPRINT_NONE"
            ]
          }
        }
      }
    ],
    "enable_ip_reputation": {
      "ip_threat_categories": [
        "SPAM_SOURCES"
      ]
    },
    "https": {
      "tls_cert_options": {
        "tls_cert_params": {
          "tls_config": {
            "custom_security": {
              "max_version": "TLS_AUTO",
              "min_version": "TLS_AUTO"
            }
          },
          "use_mtls": {
            "xfcc_options": {
              "xfcc_header_elements": [
                "XFCC_NONE"
              ]
            }
          }
        },
        "tls_inline_params": {
          "tls_certificates": [
            {
              "custom_hash_algorithms": {
                "hash_algorithms": [
                  "INVALID_HASH_ALGORITHM"
                ]
              }
            }
          ],
          "tls_config": {
            "custom_security": {
              "max_version": "TLS_AUTO",
              "min_version": "TLS_AUTO"
            }
          },
          "use_mtls": {
            "xfcc_options": {
              "xfcc_header_elements": [
                "XFCC_NONE"
              ]
            }
          }
        }
      }
    },
    "origin_pool": {
      "use_tls": {
        "default_session_key_caching": {},
        "no_mtls": {},
        "tls_config": {
          "custom_security": {
            "max_version": "TLS_AUTO",
            "min_version": "TLS_AUTO"
          }
        },
        "use_host_header_as_sni": {},
        "use_mtls": {
          "tls_certificates": [
            {
              "custom_hash_algorithms": {
                "hash_algorithms": [
                  "INVALID_HASH_ALGORITHM"
                ]
              }
            }
          ]
        },
        "volterra_trusted_ca": {}
      }
    },
    "policy_based_challenge": {
      "rule_list": {
        "rules": [
          {
            "spec": {
              "arg_matchers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "body_matcher": {
                "transformers": [
                  "LOWER_CASE"
                ]
              },
              "cookie_matchers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "headers": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "http_method": {
                "methods": [
                  "ANY"
                ]
              },
              "path": {
                "transformers": [
                  "LOWER_CASE"
                ]
              },
              "query_params": [
                {
                  "item": {
                    "transformers": [
                      "LOWER_CASE"
                    ]
                  }
                }
              ],
              "tls_fingerprint_matcher": {
                "classes": [
                  "TLS_FINGERPRINT_NONE"
                ]
              }
            }
          }
        ]
      }
    },
    "rate_limit": {
      "no_ip_allowed_list": {},
      "no_policies": {},
      "rate_limiter": {
        "period_multiplier": 0,
        "unit": "SECOND"
      }
    },
    "state": "VIRTUAL_HOST_READY",
    "trusted_clients": [
      {
        "actions": [
          "SKIP_PROCESSING_WAF"
        ]
      }
    ],
    "waf_exclusion": {
      "waf_exclusion_inline_rules": {
        "rules": [
          {
            "app_firewall_detection_control": {
              "exclude_attack_type_contexts": [
                {
                  "context": "CONTEXT_ANY",
                  "exclude_attack_type": "ATTACK_TYPE_NONE"
                }
              ],
              "exclude_signature_contexts": [
                {
                  "context": "CONTEXT_ANY"
                }
              ],
              "exclude_violation_contexts": [
                {
                  "context": "CONTEXT_ANY",
                  "exclude_violation": "VIOL_NONE"
                }
              ]
            },
            "methods": [
              "ANY"
            ]
          }
        ]
      }
    }
  },
  "status": [
    {
      "cdn_site_status": {
        "status": "DEPLOYMENT_STATUS_NOT_DEPLOYED"
      },
      "cdn_status": {
        "deployment_status": "CDN_LB_STATUS_CREATED"
      },
      "metadata": {
        "publish": "STATUS_DO_NOT_PUBLISH"
      },
      "virtual_host_status": {
        "renew_certificate_state": "AutoCertDisabled",
        "state": "VIRTUAL_HOST_READY"
      }
    }
  ]
}

401

Returned when operation is not authorized.

application/json

string format: string

Example^generated

example

403

Returned when there is no permission to access resource.

application/json

string format: string

Example^generated

example

404

Returned when resource is not found.

application/json

string format: string

Example^generated

example

409

Returned when operation on resource is conflicting with current value.

application/json

string format: string

Example^generated

example

429

Returned when operation has been rejected as it is happening too frequently.

application/json

string format: string

Example^generated

example

500

Returned when server encountered an error in processing API.

application/json

string format: string

Example^generated

example

503

Returned when service is unavailable temporarily.

application/json

string format: string

Example^generated

example

504

Returned when server timed out processing request.

application/json

string format: string

Example^generated

example

GET CDN Loadbalancer.

Authorizations

Parameters

Path Parameters

Query Parameters

Responses

200

Example

401

Examplegenerated

403

Examplegenerated

404

Examplegenerated

409

Examplegenerated

429

Examplegenerated

500

Examplegenerated

503

Examplegenerated

504

Examplegenerated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated