Replace WAF Exclusion Policy.

PUT

/api/config/namespaces/{metadata.namespace}/waf_exclusion_policys/{metadata.name}

const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/waf_exclusion_policys/example';
const options = {
  method: 'PUT',
  headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'},
  body: '{"metadata":{"annotations":{},"description":"example","disable":true,"labels":{},"name":"example","namespace":"example"},"spec":{"waf_exclusion_rules":[{"any_domain":{},"any_path":{},"app_firewall_detection_control":{"exclude_attack_type_contexts":[{"context":"CONTEXT_ANY","context_name":"example","exclude_attack_type":"ATTACK_TYPE_NONE"}],"exclude_bot_name_contexts":[{"bot_name":"example"}],"exclude_signature_contexts":[{"context":"CONTEXT_ANY","context_name":"example","signature_id":1}],"exclude_violation_contexts":[{"context":"CONTEXT_ANY","context_name":"example","exclude_violation":"VIOL_NONE"}]},"exact_value":"example","expiration_timestamp":"2026-04-15T12:00:00Z","metadata":{"description":"example","name":"example"},"methods":["ANY"],"path_prefix":"example","path_regex":"example","suffix_value":"example","waf_skip_processing":{}}]}}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request PUT \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/waf_exclusion_policys/example \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "waf_exclusion_rules": [ { "any_domain": {}, "any_path": {}, "app_firewall_detection_control": { "exclude_attack_type_contexts": [ { "context": "CONTEXT_ANY", "context_name": "example", "exclude_attack_type": "ATTACK_TYPE_NONE" } ], "exclude_bot_name_contexts": [ { "bot_name": "example" } ], "exclude_signature_contexts": [ { "context": "CONTEXT_ANY", "context_name": "example", "signature_id": 1 } ], "exclude_violation_contexts": [ { "context": "CONTEXT_ANY", "context_name": "example", "exclude_violation": "VIOL_NONE" } ] }, "exact_value": "example", "expiration_timestamp": "2026-04-15T12:00:00Z", "metadata": { "description": "example", "name": "example" }, "methods": [ "ANY" ], "path_prefix": "example", "path_regex": "example", "suffix_value": "example", "waf_skip_processing": {} } ] } }'

Replace an existing WAF exclusion policy.

Examples of this operation.

Authorizations

ApiToken

Parameters

Path Parameters

metadata.namespace

required

string

Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

metadata.name

required

string

Name The configuration object to be replaced will be looked up by name.

Request Body^required

application/json

ReplaceRequest is used to replace contents of a waf_exclusion_policy

This is the input message of the ‘Replace’ RPC.

object

metadata

object

annotations

annotations

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.

object

description

description

Human readable description for the object.

string

>= 21 characters <= 1200 characters

disable

disable

A value of true will administratively disable the object.

boolean format: boolean

labels

labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

object

name

name

This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 6 characters <= 1024 characters

namespace

namespace

This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

string

>= 6 characters <= 1024 characters

spec

object

waf_exclusion_rules

An ordered list of rules.

Required: YES.

Array<object>

<= 256 items

SimpleWafExclusionRule

Simple WAF exclusion rule specifies a simple set of match conditions to be matched to skip a list of WAF detections.

object

any_domain

object

any_path

object

app_firewall_detection_control

object

exclude_attack_type_contexts

Exclude Attack Types Contexts

Attack Types to be excluded for the defined match criteria.

Array<object>

<= 64 items

App Firewall Attack Type Context

App Firewall Attack Type context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).

string

<= 128 characters

exclude_attack_type

string

default: ATTACK_TYPE_NONE

Allowed values: ATTACK_TYPE_NONE ATTACK_TYPE_NON_BROWSER_CLIENT ATTACK_TYPE_OTHER_APPLICATION_ATTACKS ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE ATTACK_TYPE_DETECTION_EVASION ATTACK_TYPE_VULNERABILITY_SCAN ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS ATTACK_TYPE_BUFFER_OVERFLOW ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION ATTACK_TYPE_INFORMATION_LEAKAGE ATTACK_TYPE_DIRECTORY_INDEXING ATTACK_TYPE_PATH_TRAVERSAL ATTACK_TYPE_XPATH_INJECTION ATTACK_TYPE_LDAP_INJECTION ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION ATTACK_TYPE_COMMAND_EXECUTION ATTACK_TYPE_SQL_INJECTION ATTACK_TYPE_CROSS_SITE_SCRIPTING ATTACK_TYPE_DENIAL_OF_SERVICE ATTACK_TYPE_HTTP_PARSER_ATTACK ATTACK_TYPE_SESSION_HIJACKING ATTACK_TYPE_HTTP_RESPONSE_SPLITTING ATTACK_TYPE_FORCEFUL_BROWSING ATTACK_TYPE_REMOTE_FILE_INCLUDE ATTACK_TYPE_MALICIOUS_FILE_UPLOAD ATTACK_TYPE_GRAPHQL_PARSER_ATTACK

exclude_bot_name_contexts

Exclude Bot Names Contexts

Bot Names to be excluded for the defined match criteria.

Array<object>

<= 64 items

Bot Name Context

Specifies bot to be excluded by its name.

object

bot_name

BotName

Required: YES.

string

<= 1024 characters

exclude_signature_contexts

Exclude Signature Contexts

Signature IDs to be excluded for the defined match criteria.

Array<object>

<= 1024 items

App Firewall Signature Context

App Firewall signature context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

signature_id

SignatureID

The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context. Required: YES.

integer format: int64

exclude_violation_contexts

Exclude Violation Contexts

Violations to be excluded for the defined match criteria.

Array<object>

<= 64 items

App Firewall Violation Context

App Firewall violation context changes to be applied for this request.

object

context

string

default: CONTEXT_ANY

Allowed values: CONTEXT_ANY CONTEXT_BODY CONTEXT_REQUEST CONTEXT_RESPONSE CONTEXT_PARAMETER CONTEXT_HEADER CONTEXT_COOKIE CONTEXT_URL CONTEXT_URI

context_name

Context Name

string

<= 128 characters

exclude_violation

string

default: VIOL_NONE

Allowed values: VIOL_NONE VIOL_FILETYPE VIOL_METHOD VIOL_MANDATORY_HEADER VIOL_HTTP_RESPONSE_STATUS VIOL_REQUEST_MAX_LENGTH VIOL_FILE_UPLOAD VIOL_FILE_UPLOAD_IN_BODY VIOL_XML_MALFORMED VIOL_JSON_MALFORMED VIOL_ASM_COOKIE_MODIFIED VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION VIOL_HTTP_PROTOCOL_CRLF_CHARACTERS_BEFORE_REQUEST_START VIOL_HTTP_PROTOCOL_NO_HOST_HEADER_IN_HTTP_1_1_REQUEST VIOL_HTTP_PROTOCOL_BAD_MULTIPART_PARAMETERS_PARSING VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS VIOL_HTTP_PROTOCOL_CONTENT_LENGTH_SHOULD_BE_A_POSITIVE_NUMBER VIOL_EVASION_DIRECTORY_TRAVERSALS VIOL_MALFORMED_REQUEST VIOL_EVASION_MULTIPLE_DECODING VIOL_DATA_GUARD VIOL_EVASION_APACHE_WHITESPACE VIOL_COOKIE_MODIFIED VIOL_EVASION_IIS_UNICODE_CODEPOINTS VIOL_EVASION_IIS_BACKSLASHES VIOL_EVASION_PERCENT_U_DECODING VIOL_EVASION_BARE_BYTE_DECODING VIOL_EVASION_BAD_UNESCAPE VIOL_HTTP_PROTOCOL_BAD_MULTIPART_FORMDATA_REQUEST_PARSING VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST VIOL_HTTP_PROTOCOL_HIGH_ASCII_CHARACTERS_IN_HEADERS VIOL_ENCODING VIOL_COOKIE_MALFORMED VIOL_GRAPHQL_FORMAT VIOL_GRAPHQL_MALFORMED VIOL_GRAPHQL_INTROSPECTION_QUERY

exact_value

exact value

Exclusive with [any_domain suffix_value] Exact domain name.

string

>= 1 characters <= 256 characters

expiration_timestamp

expiration timestamp

The expiration_timestamp is the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.

string format: date-time

<= 1024 characters

metadata

object

description

description

Human readable description.

string

>= 21 characters <= 256 characters

name

name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 1 characters <= 1024 characters

methods

Methods

Methods to be matched.

Array<string>

<= 16 items

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path_prefix

prefix

Exclusive with [any_path path_regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

path_regex

Path Regex

Exclusive with [any_path path_prefix] Define the regex for the path. For example, the regex ^/.*$ will match on all paths.

string

<= 256 characters

suffix_value

suffix value

Exclusive with [any_domain exact_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”

string

>= 1 characters <= 256 characters

waf_skip_processing

object

example

Replace WAF Exclusion Policy.

Authorizations

Parameters

Path Parameters

Request Bodyrequired

Responses

200

Examplegenerated

401

Examplegenerated

403

Examplegenerated

404

Examplegenerated

409

Examplegenerated

429

Examplegenerated

500

Examplegenerated

503

Examplegenerated

504

Examplegenerated

Request Body^required

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated