Firewall versions

Firewall version objects contain all of the rules and settings for your WAF and remain empty until properly configured. To understand the behavior of thresholds and scores, see Managing rules. Newly created firewall versions are initiated without any associated rules. See Active Rules for details. Changes to your WAF's rules and settings can be made by cloning an existing firewall version, making the changes, and then activating the new firewall version.

Data model

allowed_http_versionsstringAllowed HTTP versions. [Default HTTP/1.0 HTTP/1.1 HTTP/2]
allowed_methodsstringA space-separated list of HTTP method names. [Default GET HEAD POST OPTIONS PUT PATCH DELETE]
allowed_request_content_typestringAllowed request content types. [Default application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain]
allowed_request_content_type_charsetstringAllowed request content type charset. [Default utf-8|iso-8859-1|iso-8859-15|windows-1252]
arg_lengthintegerThe maximum allowed length of an argument. [Default 400]
arg_name_lengthintegerThe maximum allowed argument name length. [Default 100]
combined_file_sizesintegerThe maximum allowed size of all files (in bytes). [Default 10000000]
commentstringA freeform descriptive note.
critical_anomaly_scoreintegerScore value to add for critical anomalies. [Default 6]
crs_validate_utf8_encodingbooleanCRS validate UTF8 encoding.
error_anomaly_scoreintegerScore value to add for error anomalies. [Default 5]
high_risk_country_codesstringA space-separated list of country codes in ISO 3166-1 (two-letter) format.
http_violation_score_thresholdintegerHTTP violation threshold.
inbound_anomaly_score_thresholdintegerInbound anomaly threshold.
lfi_score_thresholdintegerLocal file inclusion attack threshold.
lockedbooleanWhether a specific firewall version is locked from being modified. [Default false]
max_file_sizeintegerThe maximum allowed file size, in bytes. [Default 10000000]
max_num_argsintegerThe maximum number of arguments allowed. [Default 255]
modsec_rule_idintegerThe ModSecurity rule ID of the associated rule revision.
notice_anomaly_scoreintegerScore value to add for notice anomalies. [Default 4]
numberintegerInteger identifying a WAF firewall version. Read-only.
paranoia_levelintegerThe configured paranoia level. [Default 1]
php_injection_score_thresholdintegerPHP injection threshold.
rce_score_thresholdintegerRemote code execution threshold.
relationships.waf_firewall_version.idstringAlphanumeric string identifying a Firewall version.
relationships.waf_rule_revisions.idstringAlphanumeric string identifying a WAF rule revision.
restricted_extensionsstringA space-separated list of allowed file extensions. [Default .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx]
restricted_headersstringA space-separated list of allowed header names. [Default /proxy/ /lock-token/ /content-range/ /translate/ /if/]
rfi_score_thresholdintegerRemote file inclusion attack threshold.
session_fixation_score_thresholdintegerSession fixation attack threshold.
sql_injection_score_thresholdintegerSQL injection attack threshold.
statusstringDescribes the behavior for the particular rule revision within this firewall version.
total_arg_lengthintegerThe maximum size of argument names and values. [Default 6400]
typestringResource type. [Default waf_active_rule]
warning_anomaly_scoreintegerScore value to add for warning anomalies.
xss_score_thresholdintegerXSS attack threshold.
activebooleanWhether a specific firewall version is currently deployed. Read-only.
active_rules_fastly_block_countintegerThe number of active Fastly rules set to block. Read-only.
active_rules_fastly_log_countintegerThe number of active Fastly rules set to log. Read-only.
active_rules_fastly_score_countintegerThe number of active Fastly rules set to score. Read-only.
active_rules_owasp_block_countintegerThe number of active OWASP rules set to block. Read-only.
active_rules_owasp_log_countintegerThe number of active OWASP rules set to log. Read-only.
active_rules_owasp_score_countintegerThe number of active OWASP rules set to score. Read-only.
active_rules_trustwave_block_countintegerThe number of active Trustwave rules set to block. Read-only.
active_rules_trustwave_log_countintegerThe number of active Trustwave rules set to log. Read-only.
created_atstringDate and time in ISO 8601 format. Read-only.
deleted_atstringDate and time in ISO 8601 format. Read-only.
deployed_atstringTime-stamp (GMT) indicating when the firewall version was last deployed. Read-only.
errorstringContains error message if the firewall version fails to deploy. Read-only.
idstringAlphanumeric string identifying a Firewall version. Read-only.
last_deployment_statusstringThe status of the last deployment of this firewall version. Read-only.
relationships.waf_active_rules.idstringAlphanumeric string identifying a WAF active rule.
relationships.waf_firewall_versions.idstringAlphanumeric string identifying a Firewall version.
updated_atstringDate and time in ISO 8601 format. Read-only.


List firewall versions



Create a firewall version



Get a firewall version



Update a firewall version



Clone a firewall version



Deploy or activate a firewall version