Skip to main content

Create a Security Rule

POST 
/v1/config/rulestacks/:rulestackname/rulelists/:rulelistname

Create a security rule for a specified rulestack.

Request

Path Parameters

    rulestackname stringrequired

    The name of the rulestack.

    rulelistname stringrequired

    The name of the rulelist.

Body

    Priority Priority (integer)required

    Possible values: > 0 and < 1000001

    The priority of the rule.

    RuleEntry objectrequired

    Details of the rule entry.

    Action Action (string)

    Possible values: [Allow, DenySilent, DenyResetServer, DenyResetBoth]

    Default value: Allow

    Security rule actions: Allow, DenySilent, DenyResetServer, DenyResetBoth.

    Applications string[]

    Default value: Any

    Application details.

    AuditComment Auditcomment (string)

    Possible values: <= 512 characters

    Audit remarks.

    Category object

    Security rule category.

    IntelligentFeeds string[]

    Specify Intelligence Feed as the source or destination of your security rule.

    URLCategoryNames string[]

    Specify URL categories in security rules to block or allow access to websites.

    DecryptionRuleType Decryptionruletype (string)

    Possible values: [SSLOutboundInspection]

    Decryption policy rule.

    Description Description (string)

    Possible values: <= 512 characters

    Rule entry description.
    Max length: 512 characters, Pattern: Any character ^.*$.

    Destination object

    Rule entry destination.

    Cidrs string[]

    Default value: Any

    The CIDR block or range as the destination of your security rule.

    Countries string[]

    Country as the destination of your security rule

    Feeds string[]

    Intelligence Feed as the destination of your security rule.

    FqdnLists string[]

    Fully Qualified Domain Name (FQDN) list as the destination of your security rule.

    PrefixLists string[]

    Grouped IP addresses as the destination of your security rule.

    Enabled Enabled (boolean)

    Default value: true

    Specify whether or not the rule is enabled.

    Logging Logging (boolean)

    Specify whether or not logging is enabled.

    NegateDestination Negatedestination (boolean)

    Rule to negate a specified destination.

    NegateSource Negatesource (boolean)

    Rule to negate a specified source.

    Protocol Protocol (string)

    Default value: application-default

    Application protocol.

    RuleName Rulename (string)required

    Possible values: non-empty and <= 128 characters, Value must match regular expression ^[a-zA-Z0-9-]+$

    Name of the rule entry.
    Length: 0-48 characters, Pattern: ^[a-zA-Z0-9-]+$.

    Source object

    Traffic source.

    Cidrs string[]

    Default value: Any

    The CIDR block or range as the source of your security rule.

    Countries string[]

    Country as the source of your security rule

    Feeds string[]

    Intelligence Feed as the source of your security rule.

    PrefixLists string[]

    Grouped IP addresses as the source of your security rule.

    Tags object[]

    Possible values: <= 200

    The key:value pairs to associate with a resource.

  • Array [
    • Key Key (string)required

    Possible values: non-empty and <= 128 characters

    A unique identifier in the key-value pair. The constant that defines the data set. .

    Value Value (string)required

    Possible values: non-empty and <= 128 characters

    The variable that belongs to the data set.

  • ]

Responses

OK

Schema
    Response object
    Priority Priority (integer)

    The priority of the rule.

    RuleEntry object

    Details of the rule entry.

    Action Action (string)

    Possible values: [Allow, DenySilent, DenyResetServer, DenyResetBoth]

    Default value: Allow

    Security rule actions: Allow, DenySilent, DenyResetServer, DenyResetBoth.

    Applications string[]

    Default value: Any

    Application details.

    AuditComment Auditcomment (string)

    Possible values: <= 512 characters

    Audit remarks.

    Category object

    Security rule category.

    IntelligentFeeds string[]
    URLCategoryNames string[]
    DecryptionRuleType Decryptionruletype (string)

    Possible values: [SSLOutboundInspection]

    Decryption policy rule.

    Description Description (string)

    Possible values: <= 512 characters

    Rule entry description.
    Max length: 512 characters, Pattern: Any character ^.*$.

    Destination object

    Rule entry destination.

    Cidrs string[]

    Default value: Any

    The CIDR block or range as the destination of your security rule.

    Countries string[]

    Country as the destination of your security rule

    Feeds string[]

    Intelligence Feed as the destination of your security rule.

    FqdnLists string[]

    Fully Qualified Domain Name (FQDN) list as the destination of your security rule.

    PrefixLists string[]

    Grouped IP addresses as the destination of your security rule.

    Enabled Enabled (boolean)

    Default value: true

    Specify whether or not the rule is enabled.

    Logging Logging (boolean)

    Specify whether or not logging is enabled.

    NegateDestination Negatedestination (boolean)

    Rule to negate a specified destination.

    NegateSource Negatesource (boolean)

    Rule to negate a specified source.

    Protocol Protocol (string)

    Default value: application-default

    Application protocol.

    RuleName Rulename (string)required

    Possible values: non-empty and <= 128 characters, Value must match regular expression ^[a-zA-Z0-9-]+$

    Name of the rule entry.
    Length: 0-48 characters, Pattern: ^[a-zA-Z0-9-]+$.

    Source object

    Traffic source.

    Cidrs string[]

    Default value: Any

    The CIDR block or range as the source of your security rule.

    Countries string[]

    Country as the source of your security rule

    Feeds string[]

    Intelligence Feed as the source of your security rule.

    PrefixLists string[]

    Grouped IP addresses as the source of your security rule.

    Tags object[]

    Possible values: <= 200

    The key:value pairs to associate with a resource.

  • Array [
    • Key Key (string)required

    Possible values: non-empty and <= 128 characters

    A unique identifier in the key-value pair. The constant that defines the data set. .

    Value Value (string)required

    Possible values: non-empty and <= 128 characters

    The variable that belongs to the data set.

  • ]
    • UpdateToken Updatetoken (string)

    Refresh token.

    RuleListName Rulelistname (string)

    Name of the rule list.
    Length: 0-128 characters, Pattern: ^[a-zA-Z0-9-]+$.

    RuleStackName Rulestackname (string)

    Name of the rulestack.

    ResponseStatus object
    ErrorCode Errorcode (integer)

    Default value: 0

    Default value of a successful response is 0. Any other number indicates an error code.

    400—HTTP bad request

    • InvalidOperationException—Operation failed because it is not valid. For example, when you delete an NGFW or rulestack in use.
    • InvalidRequestException—Operation failed due to invalid request. For example, unsupported parameter name, value, priority, or length in the request.
    • LimitExceededException—Operation failed due to violation in limit settings.
    • ThrottlingException—Operation failed due to throttling limitations.

    500—Bad request

    • InternalServerError—Your request is valid but Cloud NGFW could not perform the operation due to a system issue.
    • InsufficientCapacityException—AWS currently does not have enough capacity to fulfill your request.
    Reason Reason (string)

    The error description.

Loading...