How can we help?

The latest application delivery knowledge and expertise at your fingertips.

Web Application Firewall (WAF) RESTful API Updates

This section contains details about the Web Application Firewall API commands and parameters. You can retrieve or configure each of these parameters using the get or set RESTful API commands.

Here are few examples of a set command to set the parameters of WAF on a virtual service:

Enable legacy WAF

access/modvs?vs=1&InterceptMode=1

Enable OWASP WAF

access/modvs?vs=1&InterceptMode=2

The following WAF parameters can be retrieved or configured using the get or set commands:

NameTypeDefaultRangeDescription
InterceptB0

0 – Disabled

1 – Enabled

Enable/disable the Web Application Firewall (WAF) for this Virtual Service.
InterceptModeB0

0 – Disabled

1 – Legacy

2 – OWASP

Enable/disable the Web Application Firewall (WAF) for this Virtual Service.
InterceptOptsS<unset> Most of the fields in the WAF Options (Legacy) section of the Virtual Service modify screen in the LoadMaster WUI can be set using this parameter.
OwaspOptsS<unset> Most of the fields in the WAF section of the Virtual Service modify screen in the LoadMaster WUI can be set using this parameter.
BlockingParanoiaI11 - 4The paranoia level at which the OWASP engine blocks the request coming from the server.
ExecutingParanoiaI11 - 4The paranoia level at which the OWASP engine logs requests that are coming from the server. This value should not be lower than the BlockingParanoia level.

AnomalyScoringThreshold

I1001 - 10000Set the Anomaly Scoring Threshold value. Every detection rule in the CRS raises the anomaly score. If the cumulative anomaly score per request hits the configured limit, the request will be blocked
pcrelimitI30001000 - 99999This setting sets the maximum iterations that the internal PCRE engine will use to resolve a regular expression before failing a match.
AlertThresholdI0 - disabled0 - 100000This is the threshold of incidents per hour before sending an alert. Setting this to 0 disables alerting.

InterceptPOSTOtherContentTypes

S<unset> 

When the otherctypesenable parameter is enabled, use the InterceptPOSTOtherContentType s parameter to enter a comma separated list of POST content types allowed for WAF analysis, for example text/plain,text/css. By default, all types (other than XML/JSON) are enabled. To set this to any other content types, set the value to any.

PostOtherContentTypesS  

When the otherctypesenable parameter is enabled, use the POSTOtherContentTypes parameter to enter a comma separated list of POST content types allowed for WAF analysis, for example text/plain,text/css. By default, all types (other than XML/JSON) are enabled. To set this to any other content types, set the value to any.

IPReputationBlocking

B0

0 – Disabled

1 – Enabled

Enables the checking of client addresses against the IP reputation database.
RuleSetsS  In OWASP CRS rulesets are described by three digit numbers. Specify the three digit number of the rulesets you wish to enable. For example: RuleSets=911, 913, 920….
ExcludedWorkLoadsS  Specify a list of workloads that the customer is running. By default, some workloads cause a lot of false positives, if someone is running one of workloads (drupal, wordpress, nextcloud, dokuwiki, cpanel, xenforo), add its name to the list will stop certain checks that are known to cause problems.
BlockedCountriesS  Enter the two letter country codes that are to be blocked.
AuditPartsS ABEFHKZEnter a valid string which contains the sections that are to be put in the wafaudit log for each request. Currently, only four values B, E, F, H are enabled.
CustomRules   Specify a list of custom rules that are to be configured for the Virtual Service.
DisabledRules   Specify a list of disabled rules.

 

OWASP Cutom Rulesets

To add a new custom rule, run the addowaspcustomrule command. For example:

/access/addowaspcustomrule?filename=owasp-cus.conf

To delete an existing rule, run the delowaspcustomrule command. For example:

/access/delowaspcustomrule?filename=owasp-cus

To downlaod a custom rule, run the downloadowaspcustomrule command. For example:

/access/downloadowaspcustomrule?filename=owasp-cus

 

OWASP Cutom Data

To add a custom data, run the addowaspcustomdata command. For example:

/access/addowaspcustomdata?filename=owasp-cust.data

To delete an existing data, run the delowaspcustomdata command. For example:

/access/delowaspcustomdata?filename=owasp-cust

To downlaod a custom data, run the downloadowaspcustomdata command. For example:

/access/downloadowaspcustomdata?filename=owasp-cust


Comments