Skip to main content

Update WAAS Host Policy

PUT 

/api/v32.03/policies/firewall/app/host

x-prisma-cloud-target-env: {"permission":"policyWAAS","saas":true,"self-hosted":true}
x-public: true

Updates the WAAS policy for hosts. All rules in the policy are updated in a single shot.

To invoke this endpoint in the Console UI:

  1. Navigate to Defend > WAAS > Host.
  2. Click + Add rule and enter the new rule information.
  3. Click the Add new app button to move to the configuration window.
  4. Configure the application with at least one endpoint, and click the Save button.

Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. We recommend the following process:

  1. Manually define your app's policy via the Console UI as described here.
  2. Use the Export button on Defend > WAAS to export the app's policy rules to a JSON file.
  3. Use the exported file as a template to modify, then either import the file back in using the Import button, or use it as the basis for defining the rules to include in this endpoint's payload.

cURL Request

Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule:

$ curl 'https://<CONSOLE>/api/v<VERSION>/policies/firewall/app/host' \
-k \
-X PUT \
-u <USER> \
-H 'Content-Type: application/json' \
-d \
'{
"_id":"hostAppFirewall",
"rules":[
{
"name":"My Rule",
"notes":"My Notes 4",
"collections":[
{
"name":"All"
}
],
"applicationsSpec":[
{
"banDurationMinutes":5,
"certificate":{
"encrypted":""
},
"dosConfig":{
"effect":"disable"
},
"apiSpec":{
"description":"test",
"endpoints":[
{
"host":"*",
"basePath":"*",
"exposedPort":0,
"internalPort":1,
"tls":false,
"http2":false
}
],
"effect":"disable",
"fallbackEffect":"disable"
},
"botProtectionSpec":{
"userDefinedBots":[

],
"knownBotProtectionsSpec":{
"searchEngineCrawlers":"disable",
"businessAnalytics":"disable",
"educational":"disable",
"news":"disable",
"financial":"disable",
"contentFeedClients":"disable",
"archiving":"disable",
"careerSearch":"disable",
"mediaSearch":"disable"
},
"unknownBotProtectionSpec":{
"generic":"disable",
"webAutomationTools":"disable",
"webScrapers":"disable",
"apiLibraries":"disable",
"httpLibraries":"disable",
"botImpersonation":"disable",
"browserImpersonation":"disable",
"requestAnomalies":{
"threshold":9,
"effect":"disable"
}
},
"sessionValidation":"disable",
"interstitialPage":false,
"jsInjectionSpec":{
"enabled":false,
"timeoutEffect":"disable"
}
},
"networkControls":{
"advancedProtectionEffect":"alert",
"deniedSubnetsEffect":"alert",
"deniedCountriesEffect":"alert",
"allowedCountriesEffect":"alert"
},
"body":{
"inspectionSizeBytes":131072
},
"intelGathering":{
"infoLeakageEffect":"disable",
"removeFingerprintsEnabled":true
},
"maliciousUpload":{
"effect":"disable",
"allowedFileTypes":[
],
"allowedExtensions":[
]
},
"csrfEnabled":true,
"clickjackingEnabled":true,
"sqli":{
"effect":"alert",
"exceptionFields":[
]
},
"xss":{
"effect":"alert",
"exceptionFields":[
]
},
"attackTools":{
"effect":"alert",
"exceptionFields":[
]
},
"shellshock":{
"effect":"alert",
"exceptionFields":[
]
},
"malformedReq":{
"effect":"alert",
"exceptionFields":[
]
},
"cmdi":{
"effect":"alert",
"exceptionFields":[
]
},
"lfi":{
"effect":"alert",
"exceptionFields":[
]
},
"codeInjection":{
"effect":"alert",
"exceptionFields":[
]
},
"remoteHostForwarding":{
}
}
],
"expandDetails":true
}
],
"minPort":30000,
"maxPort":31000
}'

Note: No response will be returned upon successful execution.

Request

Body

    _id string

    Unique internal ID.

    maxPort integer

    Maximum port number to use in the application firewall.

    minPort integer

    Minimum port number to use in the application firewall.

    rules object[]

    Rules in the policy.

  • Array [
  • allowMalformedHttpHeaderNames boolean

    AllowMalformedHTTPHeaderNames indicates if validation of http request header names should allow non-compliant characters.

    applicationsSpec object[]

    List of API specifications in the rule.

  • Array [
  • apiSpec object

    APISpec is an API specification

    description string

    Description of the app.

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    endpoints object[]

    The app's endpoints.

  • Array [
  • basePath string

    Base path for the endpoint.

    exposedPort integer

    Exposed port that the proxy is listening on.

    grpc boolean

    Indicates if the proxy supports gRPC (true) or not (false).

    host string

    URL address (name or IP) of the endpoint's API specification (e.g., petstore.swagger.io). The address can be prefixed with a wildcard (e.g., *.swagger.io).

    http2 boolean

    Indicates if the proxy supports HTTP/2 (true) or not (false).

    internalPort integer

    Internal port that the application is listening on.

    tls boolean

    Indicates if the connection is secured (true) or not (false).

  • ]
  • fallbackEffect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    paths object[]

    Paths of the API's endpoints.

  • Array [
  • methods object[]

    Supported operations for the path (e.g., PUT, GET, etc.).

  • Array [
  • method string

    Type of HTTP request (e.g., PUT, GET, etc.).

    parameters object[]

    Parameters that are part of the HTTP request.

  • Array [
  • allowEmptyValue boolean

    Indicates if an empty value is allowed (true) or not (false).

    array boolean

    Indicates if multiple values of the specified type are allowed (true) or not (false).

    explode boolean

    Indicates if arrays should generate separate parameters for each array item or object property.

    location waas.ParamLocation

    Possible values: [path,query,cookie,header,body,json,xml,formData,multipart]

    ParamLocation is the location of a parameter

    max double

    Maximum allowable value for a numeric parameter.

    min double

    Minimum allowable value for a numeric parameter.

    name string

    Name of the parameter.

    required boolean

    Indicates if the parameter is required (true) or not (false).

    style waas.ParamStyle

    Possible values: [simple,spaceDelimited,tabDelimited,pipeDelimited,form,matrix,label]

    ParamStyle is a param format style, defined by OpenAPI specification It describes how the parameter value will be serialized depending on the type of the parameter value. Ref: https://swagger.io/docs/specification/serialization/ https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#style-examples

    type waas.ParamType

    Possible values: [integer,number,string,boolean,array,object]

    ParamType is the type of a parameter, defined by OpenAPI specification Ref: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types

  • ]
  • ]
  • path string

    Relative path to an endpoint such as "/pet/{petId}".

  • ]
  • queryParamFallbackEffect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    appID string

    Unique ID for the app.

    attackTools object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
  • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
  • autoApplyPatchesSpec object

    AutoApplyPatchesSpec is the configuration for automation apply patches protection

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    banDurationMinutes integer

    Ban duration, in minutes.

    body object

    BodyConfig represents app configuration related to HTTP Body

    inspectionLimitExceededEffect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    inspectionSizeBytes integer

    InspectionSizeBytes represents the max amount of data to inspect in request body.

    skip boolean

    Skip indicates that body inspection should be skipped.

    botProtectionSpec object

    BotProtectionSpec is the bot protections spec

    interstitialPage boolean

    Indicates if an interstitial page is served (true) or not (false).

    jsInjectionSpec object

    JSInjectionSpec is the js injection protection spec

    enabled boolean

    Indicates if JavaScript injection is enabled (true) or not (false).

    timeoutEffect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    knownBotProtectionsSpec object

    KnownBotProtectionsSpec is the known bot protections spec

    archiving waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    businessAnalytics waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    careerSearch waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    contentFeedClients waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    educational waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    financial waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    mediaSearch waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    news waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    searchEngineCrawlers waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    reCAPTCHASpec object

    ReCAPTCHASpec is the reCAPTCHA spec

    allSessions boolean

    Indicates if the reCAPTCHA page is served at the start of every new session (true) or not (false).

    customPageSpec object

    CustomReCAPTCHAPageSpec is the custom reCAPTCHA page spec

    body string

    Custom HTML for the reCAPTCHA page.

    enabled boolean

    Indicates if the custom reCAPTCHA page is enabled.

    enabled boolean

    Indicates if reCAPTCHA integration is enabled (true) or not (false).

    secretKey object

    Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database

    encrypted string

    Specifies an encrypted value of the secret.

    plain string

    Specifies the plain text value of the secret.

    siteKey string

    ReCAPTCHA site key to use when invoking the reCAPTCHA service.

    successExpirationHours integer

    Duration for which the indication of reCAPTCHA success is kept. Maximum value is 30 days * 24 = 720 hours.

    type waas.ReCAPTCHAType

    Possible values: [checkbox,invisible]

    ReCAPTCHAType is the reCAPTCHA configured type

    sessionValidation waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    unknownBotProtectionSpec object

    UnknownBotProtectionSpec is the unknown bot protection spec

    apiLibraries waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    botImpersonation waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    browserImpersonation waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    generic waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    httpLibraries waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    requestAnomalies object

    RequestAnomalies is the request anomalies spec

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    threshold waas.RequestAnomalyThreshold

    Possible values: [3,6,9]

    RequestAnomalyThreshold is the score threshold for which request anomaly violation is triggered

    webAutomationTools waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    webScrapers waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    userDefinedBots object[]

    Effects to perform when user-defined bots are detected.

  • Array [
  • effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    headerName string

    Header name which defines the bot.

    headerValues string[]

    Header values corresponding to the header name. Can contain wildcards.

    name string

    Name of the bot.

    subnets string[]

    Subnets where the bot originates. Specify using network lists.

  • ]
  • certificate object

    Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database

    encrypted string

    Specifies an encrypted value of the secret.

    plain string

    Specifies the plain text value of the secret.

    clickjackingEnabled boolean

    Indicates whether clickjacking protection is enabled (true) or not (false).

    cmdi object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
  • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
  • codeInjection object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
  • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
  • csrfEnabled boolean

    Indicates whether Cross-Site Request Forgery (CSRF) protection is enabled (true) or not (false).

    customBlockResponse object

    CustomBlockResponseConfig is a custom block message config for a policy

    body string

    Custom HTML for the block response.

    code integer

    Custom HTTP response code for the block response.

    enabled boolean

    Indicates if the custom block response is enabled (true) or not (false).

    customRules object[]

    List of custom runtime rules.

  • Array [
  • _id integer

    Custom rule ID.

    action customrules.Action

    Possible values: [audit,incident]

    Action is the action to perform if the custom rule applies

    effect customrules.Effect

    Possible values: [block,prevent,alert,allow,ban,disable]

    Effect is the effect that will be used for custom rule

  • ]
  • disableEventIDHeader boolean

    Indicates if event ID header should be attached to the response or not.

    dosConfig object

    DoSConfig is a dos policy specification

    alert object

    DoSRates specifies dos requests rates (thresholds)

    average integer

    Average request rate (requests / second).

    burst integer

    Burst request rate (requests / second).

    ban object

    DoSRates specifies dos requests rates (thresholds)

    average integer

    Average request rate (requests / second).

    burst integer

    Burst request rate (requests / second).

    enabled boolean

    Enabled indicates if dos protection is enabled.

    excludedNetworkLists string[]

    Network IPs to exclude from DoS tracking.

    matchConditions object[]

    Conditions on which to match to track a request. The conditions are \"OR\"'d together during the check.

  • Array [
  • fileTypes string[]

    File types for request matching.

    methods string[]

    HTTP methods for request matching.

    responseCodeRanges object[]

    Response codes for the request's response matching.

  • Array [
  • end integer

    End of the range. Can be omitted if using a single status code.

    start integer

    Start of the range. Can also be used for a single, non-range value.

  • ]
  • ]
  • trackSession boolean

    Indicates if the custom session ID generated during bot protection flow is tracked (true) or not (false).

    headerSpecs object[]

    Configuration for inspecting HTTP headers.

  • Array [
  • allow boolean

    Indicates if the flow is to be allowed (true) or blocked (false).

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    name string

    Header name.

    required boolean

    Indicates if the header must be present (true) or not (false).

    values string[]

    Wildcard expressions that represent the header value.

  • ]
  • intelGathering object

    IntelGatheringConfig is the configuration for intelligence gathering protections

    infoLeakageEffect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    removeFingerprintsEnabled boolean

    Indicates if server fingerprints should be removed (true) or not (false).

    lfi object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
  • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
  • malformedReq object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
  • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
  • maliciousUpload object

    MaliciousUploadConfig is the configuration for file upload protection

    allowedExtensions string[]

    Allowed file extensions.

    allowedFileTypes waas.FileType[]

    Possible values: [pdf,officeLegacy,officeOoxml,odf,jpeg,png,gif,bmp,ico,avi,mp4,aac,mp3,wav,zip,gzip,rar,7zip]

    Allowed file types.

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    networkControls object

    NetworkControls contains the network controls config (e.g., access controls for IPs and countries)

    advancedProtectionEffect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    countries object

    AccessControls contains the access controls config (e.g., denied/allowed sources)

    alert string[]

    Alert are the denied sources for which we alert.

    allow string[]

    Allow are the allowed sources for which we don't alert or prevent.

    allowMode boolean

    AllowMode indicates allowlist (true) or denylist (false) mode.

    enabled boolean

    Enabled indicates if access controls protection is enabled.

    fallbackEffect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    prevent string[]

    Prevent are the denied sources.

    exceptionSubnets string[]

    Network lists for which requests completely bypass WAAS checks and protections.

    networkControlsExceptionSubnets object

    FeatureExceptions represents subnets that should bypass WAAS features

    subnets string[]

    Subnets are network lists for which requests bypass WAAS features.

    subnets object

    AccessControls contains the access controls config (e.g., denied/allowed sources)

    alert string[]

    Alert are the denied sources for which we alert.

    allow string[]

    Allow are the allowed sources for which we don't alert or prevent.

    allowMode boolean

    AllowMode indicates allowlist (true) or denylist (false) mode.

    enabled boolean

    Enabled indicates if access controls protection is enabled.

    fallbackEffect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    prevent string[]

    Prevent are the denied sources.

    remoteHostForwarding object

    RemoteHostForwardingConfig defines a remote host to forward requests to

    enabled boolean

    Indicates if remote host forwarding is enabled (true) or not (false).

    target string

    Remote host to forward requests to.

    responseHeaderSpecs object[]

    Configuration for modifying HTTP response headers.

  • Array [
  • name string

    Header name (will be canonicalized when possible).

    override boolean

    Indicates whether to override existing values (true) or add to them (false).

    values string[]

    New header values.

  • ]
  • sessionCookieBan boolean

    Indicates if bans in this app are made by session cookie ID (true) or false (not).

    sessionCookieEnabled boolean

    Indicates if session cookies are enabled (true) or not (false).

    sessionCookieSameSite waas.SameSite

    Possible values: [Lax,Strict,None]

    SameSite allows a server to define a cookie attribute making it impossible for the browser to send this cookie along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage, and provide some protection against cross-site request forgery attacks.

    See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for details

    sessionCookieSecure boolean

    Indicates the Secure attribute of the session cookie.

    shellshock object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
  • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
  • sqli object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
  • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
  • tlsConfig object

    TLSConfig holds the user TLS configuration and the certificate data

    HSTSConfig object

    HSTSConfig is the HTTP Strict Transport Security configuration in order to enforce HSTS header see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

    enabled boolean

    Enabled indicates if HSTS enforcement is enabled.

    includeSubdomains boolean

    IncludeSubdomains indicates if this rule applies to all of the site's subdomains as well.

    maxAgeSeconds integer

    maxAgeSeconds is the time (in seconds) that the browser should remember that a site is only be accessed using HTTPS.

    preload boolean

    Preload indicates if it should support preload.

    metadata object

    CertificateMeta is the certificate metadata

    issuerName string

    IssuerName is the certificate issuer common name.

    notAfter date-time

    NotAfter is the time the certificate is not valid (expiry time).

    subjectName string

    SubjectName is the certificate subject common name.

    minTLSVersion waas.MinTLSVersion

    Possible values: [1.0,1.1,1.2,1.3]

    MinTLSVersion is the list of acceptable TLS versions

    xss object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
  • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
  • ]
  • autoProtectPorts boolean

    AutoProtectPorts indicates if http ports should be automatically detected and protected.

    collections object[]

    List of collections. Used to scope the rule.

  • Array [
  • accountIDs string[]

    List of account IDs.

    appIDs string[]

    List of application IDs.

    clusters string[]

    List of Kubernetes cluster names.

    color common.Color

    Color is a hexadecimal representation of color code value

    containers string[]

    List of containers.

    description string

    Free-form text.

    functions string[]

    List of functions.

    hosts string[]

    List of hosts.

    images string[]

    List of images.

    labels string[]

    List of labels.

    modified date-time

    Datetime when the collection was last modified.

    name string

    Collection name. Must be unique.

    namespaces string[]

    List of Kubernetes namespaces.

    owner string

    User who created or last modified the collection.

    prisma boolean

    Indicates whether this collection originates from Prisma Cloud.

    system boolean

    Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).

  • ]
  • disabled boolean

    Indicates if the rule is currently disabled (true) or not (false).

    modified date-time

    Datetime when the rule was last modified.

    name string

    Name of the rule.

    notes string

    Free-form text.

    outOfBandScope waas.OutOfBandRuleScope

    Possible values: [container,host,]

    OutOfBandRuleScope represents the Out-of-Band Rule Scope

    owner string

    User who created or last modified the rule.

    previousName string

    Previous name of the rule. Required for rule renaming.

    readTimeoutSeconds integer

    ReadTimeout is the timeout of request reads in seconds, when no value is specified (0) the timeout is 5 seconds.

    skipAPILearning boolean

    SkipAPILearning indicates if API discovery is to be skipped (true) or not (false).

    trafficMirroring object

    TrafficMirroringConfig is the traffic mirroring configuration

    enabled boolean

    TODO #41884 - remove traffic mirroring enabled flag when no longer needed for BC Enabled indicates if traffic mirroring is enabled.

    sampling boolean

    Sampling indicates if this is a sampling VPC.

    vpcConfig object

    VPCConfig is the VPC configuration (there is a 1-to-1 relation with the rule, only one configuration per rule)

    autoScalingEnabled boolean

    AutoScalingEnabled indicates that the deployment is made with auto VPC observer instances scaling.

    autoScalingMaxInstances integer

    AutoScalingMaxInstances is the maximum deployed instances when auto scaling is enabled.

    configID string

    ConfigID is a unique ID for the configuration.

    consoleHostname string

    ConsoleHostname represents the hostname of the console to connect to.

    credentialID string

    CredentialID is the service provider authentication data.

    instanceNames string[]

    InstanceNames are the names of the instances to mirror (can be wildcard).

    instanceType string

    InstanceType is the instance type to use for the defender instance.

    ports int[]

    Ports are the ports to mirror.

    region string

    Region is the AWS region the mirrored VMs are located in.

    subnetID string

    SubnetID is the ID of the subnet the defender will be deployed in.

    tags string[]

    Tags are the tags to filter for instances to mirror in Key:Value format or "*".

    vpcID string

    VPCID is the ID of the VPC to look for instances to mirror and to deploy the defender in.

    windows boolean

    Indicates whether the operating system of the app is windows, default is Linux.

  • ]

Responses

OK

Loading...