Create Application Firewall.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/app_firewalls';const options = { method: 'POST', headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'}, body: '{"metadata":{"annotations":{},"description":"example","disable":true,"labels":{},"name":"example","namespace":"example"},"spec":{"allow_all_response_codes":{},"allowed_response_codes":{"response_code":[1]},"blocking":{},"blocking_page":{"blocking_page":"example","response_code":"EmptyStatusCode"},"bot_protection_setting":{"good_bot_action":"BLOCK","malicious_bot_action":"BLOCK","suspicious_bot_action":"BLOCK"},"custom_anonymization":{"anonymization_config":[{"cookie":{"cookie_name":"example"},"http_header":{"header_name":"example"},"query_parameter":{"query_param_name":"example"}}]},"default_anonymization":{},"default_bot_setting":{},"default_detection_settings":{},"detection_settings":{"bot_protection_setting":{"good_bot_action":"BLOCK","malicious_bot_action":"BLOCK","suspicious_bot_action":"BLOCK"},"default_bot_setting":{},"default_violation_settings":{},"disable_staging":{},"disable_suppression":{},"disable_threat_campaigns":{},"enable_suppression":{},"enable_threat_campaigns":{},"signature_selection_setting":{"attack_type_settings":{"disabled_attack_types":["ATTACK_TYPE_NONE"]},"default_attack_type_settings":{},"high_medium_accuracy_signatures":{},"high_medium_low_accuracy_signatures":{},"only_high_accuracy_signatures":{}},"stage_new_and_updated_signatures":{"staging_period":1},"stage_new_signatures":{"staging_period":1},"violation_settings":{"disabled_violation_types":["VIOL_NONE"]},"violations_view":[{"description":"example","enabled":true,"enabled_by_default":"example","name":"example","title":"example"}]},"disable_ai_enhancements":{},"disable_anonymization":{},"enable_ai_enhancements":{"mitigate_high_medium_risk_action":{},"mitigate_high_risk_action":{}},"monitoring":{},"use_default_blocking_page":{}}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/app_firewalls \ --header 'Authorization: <Authorization>' \ --header 'Content-Type: application/json' \ --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "allow_all_response_codes": {}, "allowed_response_codes": { "response_code": [ 1 ] }, "blocking": {}, "blocking_page": { "blocking_page": "example", "response_code": "EmptyStatusCode" }, "bot_protection_setting": { "good_bot_action": "BLOCK", "malicious_bot_action": "BLOCK", "suspicious_bot_action": "BLOCK" }, "custom_anonymization": { "anonymization_config": [ { "cookie": { "cookie_name": "example" }, "http_header": { "header_name": "example" }, "query_parameter": { "query_param_name": "example" } } ] }, "default_anonymization": {}, "default_bot_setting": {}, "default_detection_settings": {}, "detection_settings": { "bot_protection_setting": { "good_bot_action": "BLOCK", "malicious_bot_action": "BLOCK", "suspicious_bot_action": "BLOCK" }, "default_bot_setting": {}, "default_violation_settings": {}, "disable_staging": {}, "disable_suppression": {}, "disable_threat_campaigns": {}, "enable_suppression": {}, "enable_threat_campaigns": {}, "signature_selection_setting": { "attack_type_settings": { "disabled_attack_types": [ "ATTACK_TYPE_NONE" ] }, "default_attack_type_settings": {}, "high_medium_accuracy_signatures": {}, "high_medium_low_accuracy_signatures": {}, "only_high_accuracy_signatures": {} }, "stage_new_and_updated_signatures": { "staging_period": 1 }, "stage_new_signatures": { "staging_period": 1 }, "violation_settings": { "disabled_violation_types": [ "VIOL_NONE" ] }, "violations_view": [ { "description": "example", "enabled": true, "enabled_by_default": "example", "name": "example", "title": "example" } ] }, "disable_ai_enhancements": {}, "disable_anonymization": {}, "enable_ai_enhancements": { "mitigate_high_medium_risk_action": {}, "mitigate_high_risk_action": {} }, "monitoring": {}, "use_default_blocking_page": {} } }'Create Application Firewall.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
Request Bodyrequired
Section titled “Request Bodyrequired”This is the input message of the ‘Create’ RPC.
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
object
object
List of HTTP response status codes that are allowed Required: YES.
object
object
Define the content of the response page (e.g., an HTML document or a JSON object), use the {{request_id}} placeholder to provide users with a unique identifier to be able to trace the blocked request in the logs. The maximum allowed size of response body is 4096 bytes after base64 encoding, which would be about 3070 bytes in plain text.
object
object
List of HTTP headers, cookies and query parameters whose values will be masked
Required: YES.
Configure anonymization for HTTP headers, parameters or cookies which may contain sensitive data.
object
object
Masks the cookie value. The setting does not mask the cookie name. Wildcard matching can be used by prefixing or suffixing the cookie name with a wildcard asterisk (*), or by using only an asterisk to match any cookie name. Required: YES.
object
Masks the HTTP header value. The setting does not mask the HTTP header name. Wildcard matching can be used by prefixing or suffixing the HTTP header name with a wildcard asterisk (*), or by using only an asterisk to match any HTTP header name. Required: YES.
object
Masks the query parameter value. The setting does not mask the query parameter name. Wildcard matching can be used by prefixing or suffixing the query parameter name with a wildcard asterisk (*), or by using only an asterisk to match any query parameter name. Required: YES.
object
object
object
object
object
object
object
object
object
object
object
object
object
object
List of Attack Types that will be ignored and not trigger a detection
Required: YES.
object
object
object
object
object
Define staging period in days. The default staging period is 7 days and the max supported staging period is 20 days. Required: YES.
object
Define staging period in days. The default staging period is 7 days and the max supported staging period is 20 days. Required: YES.
object
List of violations to be excluded
Required: YES.
List of violation checks that are performed on HTTP request to ensure the requests are properly formatted, detection of evasion techniques and other violations.
Required: YES.
Custom configuration for a violation.
object
Human-readable description text
Enable or disable the feature
Violations that are enabled by default by F5 are advisable to leave enabled.
Human-readable name for the resource
Human-readable title for the resource
object
object
object
object
object
object
object
Responses
Section titled “Responses”A successful response.
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
object
object
List of HTTP response status codes that are allowed Required: YES.
object
object
Define the content of the response page (e.g., an HTML document or a JSON object), use the {{request_id}} placeholder to provide users with a unique identifier to be able to trace the blocked request in the logs. The maximum allowed size of response body is 4096 bytes after base64 encoding, which would be about 3070 bytes in plain text.
object
object
List of HTTP headers, cookies and query parameters whose values will be masked
Required: YES.
Configure anonymization for HTTP headers, parameters or cookies which may contain sensitive data.
object
object
Masks the cookie value. The setting does not mask the cookie name. Wildcard matching can be used by prefixing or suffixing the cookie name with a wildcard asterisk (*), or by using only an asterisk to match any cookie name. Required: YES.
object
Masks the HTTP header value. The setting does not mask the HTTP header name. Wildcard matching can be used by prefixing or suffixing the HTTP header name with a wildcard asterisk (*), or by using only an asterisk to match any HTTP header name. Required: YES.
object
Masks the query parameter value. The setting does not mask the query parameter name. Wildcard matching can be used by prefixing or suffixing the query parameter name with a wildcard asterisk (*), or by using only an asterisk to match any query parameter name. Required: YES.
object
object
object
object
object
object
object
object
object
object
object
object
object
object
List of Attack Types that will be ignored and not trigger a detection
Required: YES.
object
object
object
object
object
Define staging period in days. The default staging period is 7 days and the max supported staging period is 20 days. Required: YES.
object
Define staging period in days. The default staging period is 7 days and the max supported staging period is 20 days. Required: YES.
object
List of violations to be excluded
Required: YES.
List of violation checks that are performed on HTTP request to ensure the requests are properly formatted, detection of evasion techniques and other violations.
Required: YES.
Custom configuration for a violation.
object
Human-readable description text
Enable or disable the feature
Violations that are enabled by default by F5 are advisable to leave enabled.
Human-readable name for the resource
Human-readable title for the resource
object
object
object
object
object
object
object
object
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
A value identifying the class of the user or service which created this configuration object.
A value identifying the exact user or service that created this configuration object.
DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.
object
Pending is a list of initializers that must execute in order before this object is initialized. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients.
Initializer is information about an initializer that has not yet completed.
object
Name of the service that is responsible for initializing this object.
object
Suggested HTTP return code for this status, 0 if not set.
A human-readable description of why this operation is in the “Failure” status. If this value is empty there is no information available.
Status of the operation. One of: “Success” or “Failure”.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the operator or software. Values here can be interpreted by software(backend or frontend) to enable certain behavior e.g. Things marked as soft-deleted(restorable).
object
ModificationTimestamp is a timestamp representing the server time when this object was last modified.
Unique index for the object. Some objects need a unique integer index to be allocated for each object type. This field will be populated for all objects that need it and will be zero otherwise.
object
Kind of the view object.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
UID of the view object.
Tenant to which this configuration object belongs to. The value for this is found from presented credentials.
Uid is the unique in time and space value for this object. It is generated by the server on successful creation of an object and is not allowed to change on Replace API. The value of is taken from uid field of ObjectMetaType, if provided.
Example
{ "spec": { "allow_all_response_codes": {}, "blocking_page": { "response_code": "EmptyStatusCode" }, "bot_protection_setting": { "good_bot_action": "BLOCK", "malicious_bot_action": "BLOCK", "suspicious_bot_action": "BLOCK" }, "default_anonymization": {}, "default_bot_setting": {}, "default_detection_settings": {}, "detection_settings": { "bot_protection_setting": { "good_bot_action": "BLOCK", "malicious_bot_action": "BLOCK", "suspicious_bot_action": "BLOCK" }, "signature_selection_setting": { "attack_type_settings": { "disabled_attack_types": [ "ATTACK_TYPE_NONE" ] } }, "violation_settings": { "disabled_violation_types": [ "VIOL_NONE" ] } }, "disable_ai_enhancements": {}, "monitoring": {}, "use_default_blocking_page": {} }}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example