Suggest trust client rule.

POST

/api/config/namespaces/{namespace}/http_loadbalancers/{name}/trust_client/suggestion

const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/http_loadbalancers/example/trust_client/suggestion';
const options = {
  method: 'POST',
  headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'},
  body: '{"as_description":"example","as_number":1,"ip_prefix":"example","ip_reputation":true,"name":"example","namespace":"example","sec_event_name":"example","sec_event_types":["WAF_SEC_EVENT"],"threat_mesh":true,"user_id":"example"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/http_loadbalancers/example/trust_client/suggestion \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "as_description": "example", "as_number": 1, "ip_prefix": "example", "ip_reputation": true, "name": "example", "namespace": "example", "sec_event_name": "example", "sec_event_types": [ "WAF_SEC_EVENT" ], "threat_mesh": true, "user_id": "example" }'

Suggest SimpleClientSrcRule to trust a given IP/ASN.

Authorizations

ApiToken

Parameters

Path Parameters

namespace

required

string

Namespace Namespace of the App type for current request.

name

required

string

Name HTTP load balancer for which this client blocking rule will be applied.

Request Body^required

application/json

GetSuggestedTrustClientRuleReq

GET suggested blocking SimpleClientSrcRule for a given IP/ASN.

object

as_description

Description

AS description.

string

<= 256 characters

as_number

as number

RFC 6793 defined 4-byte AS number Required: YES.

integer format: int64

ip_prefix

ip prefix

IP prefix string. Required: YES.

string

<= 1024 characters

ip_reputation

IP Reputation Security Event

Indicates whether the security event is IP reputation.

boolean format: boolean

name

Name

HTTP load balancer for which this client blocking rule will be applied.

string

>= 6 characters <= 1024 characters

namespace

Namespace

Namespace of the App type for current request.

string

>= 6 characters <= 1024 characters

sec_event_name

Security Event Name

The name of Security Event.

string

<= 1024 characters

sec_event_types

Security Event Types

List of Security Event types that should stop being generated for this client.

Array<string>

<= 4 items

Allowed values: WAF_SEC_EVENT L7_POLICY_SEC_EVENT JS_CHALLENGE_SEC_EVENT CAPTCHA_CHALLENGE_SEC_EVENT MALICIOUS_USER_SEC_EVENT SVC_POLICY_SEC_EVENT BOT_DEFENSE_SEC_EVENT API_SEC_EVENT DDOS_SEC_EVENT DOS_SEC_EVENT

threat_mesh

Threat Mesh Security Event

Indicates whether the security event is threat mesh.

boolean format: boolean

user_id

user id

User ID of trusted client.

string

<= 256 characters

Responses

200

A successful response.

application/json

GetSuggestedTrustClientRuleRsp

GET suggested SimpleClientSrcRule to trust a given IP/ASN.

object

found_existing_rule

object

name

Name

HTTP load balancer for which this client rule will be applied.

string

>= 6 characters <= 1024 characters

rule

object

actions

actions

Actions that should be taken when client identifier matches the rule.

Array<string>

<= 10 items

Allowed values: SKIP_PROCESSING_WAF SKIP_PROCESSING_BOT SKIP_PROCESSING_MUM SKIP_PROCESSING_IP_REPUTATION SKIP_PROCESSING_API_PROTECTION SKIP_PROCESSING_OAS_VALIDATION SKIP_PROCESSING_DDOS_PROTECTION SKIP_PROCESSING_THREAT_MESH SKIP_PROCESSING_MALWARE_PROTECTION

as_number

as number

Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.

integer format: int64

bot_skip_processing

object

expiration_timestamp

expiration timestamp

The expiration_timestamp is the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.

string format: date-time

<= 1024 characters

http_header

object

headers

headers

List of HTTP header name and value pairs

Required: YES.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

ip_prefix

ip prefix

Exclusive with [as_number http_header ipv6_prefix user_identifier] IPv4 prefix string.

string

<= 1024 characters

ipv6_prefix

ipv6 prefix

Exclusive with [as_number http_header ip_prefix user_identifier] IPv6 prefix string.

string

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

skip_processing

object

user_identifier

user identifier

Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier. User identifier value needs to be copied from security event.

string

<= 256 characters

waf_skip_processing

object

Example

{
  "rule": {
    "actions": [
      "SKIP_PROCESSING_WAF"
    ]
  }
}

401

Returned when operation is not authorized.

application/json

string format: string

Example^generated

example

403

Returned when there is no permission to access resource.

application/json

string format: string

Example^generated

example

404

Returned when resource is not found.

application/json

string format: string

Example^generated

example

409

Returned when operation on resource is conflicting with current value.

application/json

string format: string

Example^generated

example

429

Returned when operation has been rejected as it is happening too frequently.

application/json

string format: string

Example^generated

example

500

Returned when server encountered an error in processing API.

application/json

string format: string

Example^generated

example

503

Returned when service is unavailable temporarily.

application/json

string format: string

Example^generated

example

504

Returned when server timed out processing request.

application/json

string format: string

Example^generated

example

Suggest trust client rule.

Authorizations

Parameters

Path Parameters

Request Bodyrequired

Responses

200

Example

401

Examplegenerated

403

Examplegenerated

404

Examplegenerated

409

Examplegenerated

429

Examplegenerated

500

Examplegenerated

503

Examplegenerated

504

Examplegenerated

Request Body^required

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated