{ "operationId": "get-waf-policy-ruleset-composite", "method": "GET", "path": "/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/web-application-firewall/ruleset", "summary": "Get a security policy's rule set", "requestExamples": [], "responseExamples": [ { "status": "200", "contentType": "application/json", "example": { "adaptiveIntelligence": { "threatIntelEnabled": true }, "attackGroups": [ { "action": "alert", "conditionException": {}, "group": "POLICY" }, { "action": "alert", "conditionException": {}, "group": "WAT" }, { "action": "deny", "conditionException": { "advancedExceptions": { "conditionOperator": "AND", "conditions": [ { "extensions": [ "test12" ], "positiveMatch": true, "type": "extensionMatch" }, { "filenames": [ "test13" ], "positiveMatch": true, "type": "filenameMatch" }, { "hosts": [ "test.hostname.com" ], "positiveMatch": true, "type": "hostMatch" }, { "ips": [ "192.0.2.225" ], "positiveMatch": true, "type": "ipMatch", "useHeaders": true }, { "caseSensitive": true, "name": "test14", "nameCase": true, "positiveMatch": true, "type": "uriQueryMatch", "value": "test15", "wildcard": true }, { "header": "Accept", "positiveMatch": true, "type": "requestHeaderMatch", "value": "test16", "valueCase": true, "valueWildcard": true }, { "methods": [ "GET" ], "positiveMatch": true, "type": "requestMethodMatch" }, { "paths": [ "/test16" ], "positiveMatch": true, "type": "pathMatch" }, { "clientLists": [ "97813_IPLIST" ], "positiveMatch": true, "type": "clientListMatch", "useHeaders": true } ], "headerCookieOrParamValues": [ { "valueWildcard": true, "values": [ "test11" ] } ], "specificHeaderCookieParamXmlOrJsonNames": [ { "names": [ "test3" ], "selector": "REQUEST_HEADERS_NAMES", "wildcard": true }, { "names": [ "test4" ], "selector": "REQUEST_HEADERS", "wildcard": true }, { "names": [ "test5" ], "selector": "REQUEST_COOKIES_NAMES", "wildcard": true }, { "names": [ "test6" ], "selector": "REQUEST_COOKIES", "wildcard": true }, { "names": [ "test1" ], "selector": "ARGS_NAMES", "wildcard": true }, { "names": [ "test2" ], "selector": "ARGS", "wildcard": true }, { "names": [ "test7" ], "selector": "JSON_NAMES", "wildcard": true }, { "names": [ "test8" ], "selector": "JSON_PAIRS", "wildcard": true }, { "names": [ "test9" ], "selector": "XML_PAIRS", "wildcard": true }, { "selector": "REQUEST_PROTOCOL", "wildcard": true }, { "selector": "REQUEST_METHOD", "wildcard": true }, { "selector": "REQUEST_URI", "wildcard": true }, { "selector": "QUERY_STRING", "wildcard": true }, { "selector": "REQUEST_FILENAME", "wildcard": true }, { "selector": "REQUEST_PATH_SEGMENT", "wildcard": true }, { "selector": "REQUEST_BODY", "wildcard": true }, { "selector": "REQBODY_PROCESSOR_ERROR", "wildcard": true }, { "selector": "FILES_NAMES", "wildcard": true } ] } }, "group": "PROTOCOL" }, { "action": "alert", "conditionException": {}, "group": "SQL" }, { "action": "alert", "conditionException": {}, "group": "XSS" }, { "action": "alert", "conditionException": {}, "group": "LFI" }, { "action": "alert", "conditionException": {}, "group": "RFI" }, { "action": "alert", "conditionException": {}, "group": "PLATFORM" }, { "action": "none", "conditionException": {}, "group": "OUTBOUND" }, { "action": "none", "conditionException": {}, "group": "CMD" } ], "ruleSetInfo": { "ruleSetVersion": 1 }, "rules": [ { "action": "alert", "conditionException": { "advancedExceptions": { "conditionOperator": "AND", "conditions": [ { "extensions": [ "test12" ], "positiveMatch": true, "type": "extensionMatch" }, { "filenames": [ "test13" ], "positiveMatch": true, "type": "filenameMatch" }, { "hosts": [ "test.hostname.com" ], "positiveMatch": true, "type": "hostMatch" }, { "ips": [ "192.0.2.242" ], "positiveMatch": true, "type": "ipMatch", "useHeaders": true }, { "caseSensitive": true, "name": "test14", "nameCase": true, "positiveMatch": true, "type": "uriQueryMatch", "value": "test15", "wildcard": true }, { "header": "Accept", "positiveMatch": true, "type": "requestHeaderMatch", "value": "test16", "valueCase": true, "valueWildcard": true }, { "methods": [ "GET" ], "positiveMatch": true, "type": "requestMethodMatch" }, { "paths": [ "/test16" ], "positiveMatch": true, "type": "pathMatch" }, { "clientLists": [ "97813_IPLIST" ], "positiveMatch": true, "type": "clientListMatch", "useHeaders": true } ], "headerCookieOrParamValues": [ { "valueWildcard": true, "values": [ "test11" ] } ], "specificHeaderCookieParamXmlOrJsonNames": [ { "names": [ "test3" ], "selector": "REQUEST_HEADERS_NAMES", "wildcard": true }, { "names": [ "test4" ], "selector": "REQUEST_HEADERS", "wildcard": true }, { "names": [ "test5" ], "selector": "REQUEST_COOKIES_NAMES", "wildcard": true }, { "names": [ "test6" ], "selector": "REQUEST_COOKIES", "wildcard": true }, { "names": [ "test1" ], "selector": "ARGS_NAMES", "wildcard": true }, { "names": [ "test2" ], "selector": "ARGS", "wildcard": true }, { "names": [ "test7" ], "selector": "JSON_NAMES", "wildcard": true }, { "names": [ "test8" ], "selector": "JSON_PAIRS", "wildcard": true }, { "names": [ "test9" ], "selector": "XML_PAIRS", "wildcard": true }, { "selector": "REQUEST_PROTOCOL", "wildcard": true }, { "selector": "REQUEST_METHOD", "wildcard": true }, { "selector": "REQUEST_URI", "wildcard": true }, { "selector": "QUERY_STRING", "wildcard": true }, { "selector": "REQUEST_FILENAME", "wildcard": true }, { "selector": "REQUEST_PATH_SEGMENT", "wildcard": true }, { "selector": "REQUEST_BODY", "wildcard": true }, { "selector": "REQBODY_PROCESSOR_ERROR", "wildcard": true }, { "selector": "FILES_NAMES", "wildcard": true } ] } }, "ruleId": 950002, "ruleName": "CMD Injection Attack Detected (OS Commands 4)" }, { "action": "alert", "conditionException": {}, "ruleId": 950006, "ruleName": "CMD Injection Attack Detected (OS Commands 5)" }, { "action": "alert", "conditionException": {}, "ruleId": 950007, "ruleName": "SQL Injection Attack (Blind Testing)" }, { "action": "none", "conditionException": {}, "ruleId": 950011, "ruleName": "Server-Side Include (SSI) Attack" }, { "action": "alert", "conditionException": {}, "ruleId": 950118, "ruleName": "Remote File Inclusion Attack (Common PHP RFI Attacks)" }, { "action": "alert", "conditionException": {}, "ruleId": 950203, "ruleName": "Local File Inclusion (LFI) Attack (Directory Traversal and Obfuscation Attempts)" }, { "action": "alert", "conditionException": {}, "ruleId": 950204, "ruleName": "Local File Inclusion (LFI) Attack (Directory Traversal and Obfuscation Attempts)" }, { "action": "alert", "conditionException": {}, "ruleId": 950216, "ruleName": "Unicode Full/Half Width Abuse Attack Attempt" }, { "action": "alert", "conditionException": {}, "ruleId": 950220, "ruleName": "Possible URL Redirector Abuse (Off-Domain URL)" }, { "action": "alert", "conditionException": {}, "ruleId": 950902, "ruleName": "SQL Injection Attack (Tautology Probes 1)" }, { "action": "alert", "conditionException": {}, "ruleId": 951910, "ruleName": "HTTP Response Splitting Attack (Header Injection)" }, { "action": "alert", "conditionException": {}, "ruleId": 958003, "ruleName": "Cross-site Scripting (XSS) Attack (Fromcharcode Detected)" }, { "action": "alert", "conditionException": {}, "ruleId": 958008, "ruleName": "Cross-site Scripting (XSS) Attack (HTML INPUT IMAGE Tag)" }, { "action": "alert", "conditionException": {}, "ruleId": 958023, "ruleName": "Cross-site Scripting (XSS) Attack (Javascript URL Protocol Handler with \"lowsrc\" Attribute)" }, { "action": "alert", "conditionException": {}, "ruleId": 958034, "ruleName": "Cross-site Scripting (XSS) Attack (Style Attribute with 'expression' Keyword)" }, { "action": "alert", "conditionException": {}, "ruleId": 958051, "ruleName": "Cross-site Scripting (XSS) Attack (Script Tag)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000065, "ruleName": "Apache Struts Remote Command Execution (Deserialization Attack)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000072, "ruleName": "Deserialization Attack Detected" }, { "action": "alert", "conditionException": {}, "ruleId": 3000080, "ruleName": "Cross-site Scripting (XSS) Attack (Attribute Injection 1)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000081, "ruleName": "Cross-site Scripting (XSS) Attack (Attribute Injection 2)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000100, "ruleName": "SQL Injection Attack (SmartDetect)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000101, "ruleName": "SQL Injection Attack (Common SQL Database Probes)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000102, "ruleName": "SQL Injection Attack (Null Byte Detected)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000103, "ruleName": "SQL Injection Attack (NoSQL Injection)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000104, "ruleName": "SQL Injection Attack (NoSQL Injection)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000105, "ruleName": "NOSQL Operator Injection Detected" }, { "action": "alert", "conditionException": {}, "ruleId": 3000108, "ruleName": "Pandora / DirtJumper DDoS Detection - HTTP GET Attacks" }, { "action": "alert", "conditionException": {}, "ruleId": 3000109, "ruleName": "Ruby on Rails YAML Injection Attack" }, { "action": "alert", "conditionException": {}, "ruleId": 3000110, "ruleName": "Cross-site Scripting (XSS) Attack (SmartDetect)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000111, "ruleName": "Cross-site Scripting (XSS) Attack (Common PoC Probes 1)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000112, "ruleName": "Cross-site Scripting (XSS) Attack (Common PoC Probes 2)" }, { "action": "alert", "conditionException": {}, "ruleId": 3000113, "ruleName": "Cross-site Scripting (XSS) Attack (Javascript Mixed Case Obfuscation)" }, { "action": "none", "conditionException": {}, "ruleId": 99999900, "ruleName": "DDoSia Toolkit DETECTED" } ] } }, { "status": "400", "contentType": "application/json", "example": { "detail": "The request could not be understood by the server due to malformed syntax.", "instance": "https://problems.luna.akamaiapis.net/appsec/error-instances/d54686b5-21cb-4ab7-a8d6-a92282cf1749", "status": 400, "title": "Bad Request", "type": "https://problems.luna.akamaiapis.net/appsec/error-types/BAD-REQUEST" } }, { "status": "404", "contentType": "application/problem+json", "example": { "detail": "The requested resource is not found", "instance": "https://problems.luna.akamaiapis.net/appsec/error-instances/d54686b5-21cb-4ab7-a8d6-a92282cf1749", "status": 404, "title": "Not Found", "type": "https://problems.luna.akamaiapis.net/appsec/error-types/NOT-FOUND" } }, { "status": "500", "contentType": "application/problem+json", "example": { "detail": "Internal Server Error", "instance": "12ab3c45-789d-01ef-2gh3-ijk4l56m78no", "status": 500, "title": "Internal Server Error", "type": "internal_server_error" } } ] }