{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/api-evangelist/akamai/main/json-schema/appsec-custom-rule-schema.json", "title": "custom-rule", "additionalProperties": false, "description": "Contains settings for a custom rule.", "properties": { "conditions": { "description": "Contains the details about the condition that triggers the custom rule.", "items": { "additionalProperties": false, "properties": { "name": { "description": "The name you assign to the custom rule.", "oneOf": [ { "items": { "type": "string" }, "title": "Array", "type": "array" }, { "title": "String", "type": "string" } ] }, "nameCase": { "description": "Whether to consider the case-sensitivity of the provided query parameter `name`. This only applies to the `uriQueryMatch` condition `type`.", "type": "boolean" }, "nameWildcard": { "description": "Whether the provided header `name` is a wildcard. This only applies to the `requestHeaderMatch` condition `type`.", "type": "boolean" }, "positiveMatch": { "description": "Whether the condition should trigger on a match (`true`) or a lack of match (`false`).", "type": "boolean" }, "type": { "description": "The type of condition. See [CustomRule condition type values](https://techdocs.akamai.com/application-security/reference/condition-type-values).", "enum": [ "cookieMatch", "extensionMatch", "filenameMatch", "ipMatch", "pathMatch", "requestHeaderMatch", "requestMethodMatch", "requestProtocolVersionMatch", "uriQueryMatch", "headerOrderMatch", "argsPostMatch", "argsPostNamesMatch", "clientCertPresentMatch", "clientCertValidMatch", "clientTlsFingerprintMatch", "hostMatch", "ipAddressMatch", "geoMatch", "asNumberMatch", "clientListMatch" ], "type": "string" }, "useXForwardForHeaders": { "description": "Whether the condition should include `X-Forwarded-For` (XFF) header. This only applies when the `type` is `ipAddressMatch`, `geoMatch`, `asNumberMatch`, or `clientListMatch`.", "type": "boolean" }, "value": { "description": "The value that triggers the condition when matched or not matched. Specify a string for the `requestProtocolVersionMatch`, `clientCertPresentMatch`, `clientCertValidMatch`, and `headerOrderMatch` conditions. For all other conditions, specify an array of strings.", "oneOf": [ { "items": { "type": "string" }, "title": "Array", "type": "array" }, { "title": "String", "type": "string" } ], "type": "string" }, "valueCase": { "description": "Whether to consider the case-sensitivity of the provided header `value`. This only applies to the `requestHeaderMatch` condition `type`.", "type": "boolean" }, "valueExactMatch": { "description": "Whether to consider only exact matches of the header `value`.", "type": "boolean" }, "valueIgnoreSegment": { "description": "Whether to ignore path segments when matching. This only applies when the `type` is `pathMatch`.", "type": "boolean" }, "valueNormalize": { "description": "Whether to normalize the value of the header when matching. This only applies to type values of `extensionMatch` and `pathMatch`.", "type": "boolean" }, "valueRecursive": { "description": "Whether to use recursion when matching. When `false`, you can only match on the filename in the root folder. This only applies when the condition `type` is `filenameMatch`.", "type": "boolean" }, "valueWildcard": { "description": "Whether the provided header `value` is a wildcard. This only applies when the condition `type` is `requestHeaderMatch`.", "type": "boolean" } }, "required": [ "type", "positiveMatch" ], "type": "object" }, "type": "array" }, "description": { "description": "The custom rule description.", "type": "string" }, "effectiveTimePeriod": { "additionalProperties": false, "description": "The time period during which the custom rule is active.", "properties": { "endDate": { "description": "An ISO 8601 timestamp that sets when the rule expires or deactivates.", "type": "string" }, "startDate": { "description": "An ISO 8601 timestamp that sets when the rule activates.", "format": "date-time", "type": "string" }, "status": { "description": "The current status of the rule based on its `startDate` and `endDate`. By default, rules are active for 30 days. When `ACTIVE`, the rule triggers when conditions are met. When `INACTIVE`, the rule doesn't trigger. When `EXPIRING`, the rule still triggers because it's still active until its specified expiration date. When the rule's status is `EXPIRED`, the rule is inactive and doesn't trigger. If your rule expires and you want to use it again, make a PUT request to [Modify a custom rule](https://techdocs.akamai.com/application-security/reference/put-config-custom-rule) with the new dates you'd like the rule to be active.", "enum": [ "active", "inactive", "expiring", "expired" ], "type": "string" } }, "required": [ "endDate", "startDate" ], "type": "object" }, "id": { "description": "Uniquely identifies the rule.", "type": "integer" }, "inspectRequest": { "description": "Whether to inspect the HTTP request for unstructured custom rules.", "type": "boolean" }, "inspectResponse": { "description": "Whether to inspect the HTTP response for unstructured custom rules.", "type": "boolean" }, "loggingOptions": { "description": "The specific conditions to be logged.", "items": { "additionalProperties": false, "description": "Condition to be logged.", "properties": { "id": { "description": "The unique identifier for each logging option. See [Logging option values](https://techdocs.akamai.com/application-security/reference/logging-option-values).", "enum": [ "CLIENT_TLS_FINGERPRINT_MATCH", "HEADER_ORDER_MATCH", "REQUEST_HEADER_MATCH", "COOKIE_MATCH", "URI_QUERY_MATCH", "ARGS_POST_MATCH" ], "type": "string" }, "name": { "description": "A description of the logging option type.", "type": "string" }, "value": { "description": "The value on which to match when determining whether to log the custom rule condition.", "type": "string" } }, "required": [ "id" ], "type": "object", "x-akamai": { "file-path": "schemas/logging-option.yaml" } }, "type": "array" }, "metadata": { "description": "The metadata you provided for unstructured custom rules.", "type": "string" }, "name": { "description": "The custom rule name.", "type": "string" }, "operation": { "description": "Specify `AND` logic to require all conditions, or `OR` logic to require at least one condition to match.", "enum": [ "AND", "OR" ], "type": "string" }, "ruleActivated": { "description": "Whether the rule is active in the configuration.", "type": "boolean" }, "samplingRate": { "description": "The portion of traffic to sample, expressed as a percent.", "maximum": 100, "minimum": 0, "type": "integer" }, "stagingOnly": { "default": false, "description": "Whether to show traffic from only the staging network, or all traffic. The default setting is `false` and only shows in the response when `true`.", "type": "boolean" }, "structured": { "description": "Whether you created the rule with the structured custom rule builder or free-form XML. This needs to be `true`.", "type": "boolean" }, "tag": { "description": "The list of labels you assigned to the custom rule.", "items": { "type": "string" }, "type": "array" }, "version": { "description": "The custom rule version.", "type": "integer" } }, "required": [ "name", "operation", "structured" ], "type": "object", "x-akamai": { "file-path": "schemas/custom-rule.yaml" } }