Application rules
List all Application rules
Request
Definition
GET /api/v1/application_rules
Headers
Authorizationrequired Authentication token with privileges to view the resource.Bearer {token}
Query string parameters
| Parameter | Type | Required | Description | Values |
|---|---|---|---|---|
paginate | boolean | Yes | If the result must be paginated. | |
page | integer | Yes if paginate is true | Page index. | |
page_size | integer | Yes if paginate is true | Number of items displayed per page. | |
id | string | No | Filters results whose ID matches the entered string. | |
id_list | array<string> | No | Filters results whose id matches any of the list items. | |
rq_host | string | No | Filters results where the Host matches the entered string. | |
rq_host_list | array<string> | No | Filters results whose Host matches any of the entered Hosts list. | |
rq_host_search | string | No | Filters results whose Host matches all or part of the entered string. | |
timestamp_create | integer | No | Filters the results related to the timestamp entered. | |
timestamp_create_start | integer | No | Filters results created after the date entered. | |
timestamp_create_end | integer | No | Filters results created before the date entered. | |
timestamp_update | integer | No | Filters the results related to the timestamp entered. | |
timestamp_update_start | integer | No | Filters results updated after the date entered. | |
timestamp_update_end | integer | No | Filters results updated before the date entered. | |
username | string | No | Filters the results whose username of the person who created the rule matches the string entered. | |
username_list | array<string> | No | Filters the results where the username of the rule matches one of the items in the list. | |
username_search | string | No | Filters results where the username of the person who created the rule matches all or part of the specified string. | |
service | string | No | Filters the results whose service who created the rule matches the string entered. | |
service_list | array<string> | No | Filters the results where the service of the rule matches one of the items in the list. | |
service_search | string | No | Filters results where the service who created the rule matches all or part of the specified string. | |
rule_set | string | No | Filters results where the rule set matches the string entered. | |
rule_set_id | string | No | Filters results where the rule set ID matches the string entered. | |
enabled | boolean | No | Filters results where the rule state matches the entered rule state. |
Response
Status codes
| Status code | Message |
|---|---|
| 200 | "List of rules" |
| 400 | "Error with pagination fields" |
| 403 | "Forbidden" |
Body
- Attributes
- Example
-
data.application_rules.actionstringAction defined in the rule.
-
data.application_rules.action.firewall_actionstringFirewall action.
-
data.application_rules.action.firewall_namestringFirewall name.
-
data.application_rules.action.sync_statusstringSync status state.
-
-
data.application_rules.alert_set_idsstringSet of alert IDs that have been handled by creating the rule.
-
data.application_rules.conditionsstringConditions of rule.
-
data.application_rules.expressionsstringString specifying the matching directives of the rule.
-
data.application_rules.not_opbooleanNegation operator for rule condition.
-
data.application_rules.operatorstringOperator for rule condition.
-
data.application_rules.targetsstringSpecifies the elements on which the rule applies the conditions.
-
-
data.application_rules.descriptionstringApplication rules description.
-
data.application_rules.durationintegerApplication rules duration.
-
data.application_rules.enabledbooleanIndicates whether the rule is enabled.
-
data.application_rules.idstringApplication rules ID.
-
data.rules.prioritystringPriority with which the rule is activated in relation to the others.
-
data.application_rules.rq_hoststringHeader Host associated with the rule.
-
data.application_rules.rule_setstringName of rule group.
-
data.application_rules.rule_set_idstringID of rule group.
-
data.application_rules.start_timeintegerDate and time the rule was activated in UNIX timestamp format (microseconds).
-
data.application_rules.timestamp_createintegerDate and time in UNIX format (in microseconds) when the rule was created.
-
data.application_rules.timestamp_updateintegerDate and time in UNIX format (in microseconds) when the rule was updated.
-
data.application_rules.usernamestringUsername of who created rule.
{
"data": {
"application_rules": [
{
"actions": [
{
"firewall_action": "deny",
"firewall_name": "waf_test",
"sync_status": "not_synced"
}
],
"alert_set_ids": [],
"conditions": [
{
"expressions": [
"test_expression"
],
"not_op": false,
"operator": "contains",
"targets": [
"request_body:x-www-form-urlencoded:field"
]
},
{
"expressions": [
"aaa"
],
"not_op": false,
"operator": "contains",
"targets": [
"request:aaa"
]
},
{
"expressions": [
"<script>"
],
"not_op": false,
"operator": "contains",
"targets": [
"path",
"query"
]
}
],
"description": null,
"duration": null,
"enabled": true,
"id": "CxxQnxxx£Cx=",
"priority": "1",
"rq_host": "www.xxxxxxxxx-xxx.it",
"rule_set": null,
"rule_set_id": null,
"service": null,
"start_time": null,
"timestamp_create": 10,
"timestamp_update": 10,
"username": "admin"
}
]
},
"message": "List of rules",
"pagination": {
"first": 1,
"last": 1,
"page": 0,
"total_count": 1,
"total_pages": 1
},
"status": "ok"
}
List a specific rule
Request
Definition
GET /api/v1/application_rules/{application_rule_id}
Header
Authorizationrequired Authentication token with privileges to view the resource.Bearer {token}
Response
Status codes
| Status code | Message |
|---|---|
| 200 | "Rule retrieved." |
| 400 | "Error retrieving rule" |
| 400 | "Error with pagination fields" |
| 403 | "Forbidden" |
Body
{
"data": {
"rule": {
"actions": [
{
"application_rule_id": "CxxQnxxx£Cx=",
"firewall_action": "deny",
"firewall_name": "waf_test",
"sync_status": "not_synced"
}
],
"alert_set_ids": [],
"conditions": [
{
"application_rule_id": "CxxQnxxx£Cx=",
"expressions": [
{
"condition_id": "CxxQnxxx£Cx=",
"expression": "test_expression"
}
],
"id": "CxxQnxxx£Cx=",
"not_op": false,
"operator": "contains",
"targets": [
{
"condition_id": "CxxQnxxx£Cx=",
"target": "request_body:x-www-form-urlencoded:field"
}
]
},
],
"description": null,
"duration": null,
"enabled": true,
"id": "CxxQnxxx£Cx=",
"priority": "1",
"rq_host": "www.xxxxxxxxx-xxx.it",
"rule_set": null,
"rule_set_id": null,
"service": null,
"start_time": null,
"timestamp_create": 10,
"timestamp_update": 10,
"username": "admin"
}
},
"message": "Rule retrieved",
"status": "ok"
}
Create new application rule
Request
Definition
POST /api/v1/application_rules
Header
-
AuthorizationrequiredAuthentication token with privileges to view the resource.
Bearer {token} -
Content-Typerequiredmultipart/mixed
Request body
{
"rules": [
{
"actions": [
{
"firewall_action": "deny",
"firewall_name": "waf_test"
}
],
"conditions": [
{
"expressions": [
{
"expression": "<script>"
}
],
"operator": "contains",
"targets": [
{
"target": "path"
},
{
"target": "query"
}
]
},
{
"expressions": [
{
"expression": "aaa"
}
],
"operator": "contains",
"targets": [
{
"target": "request:aaa"
}
]
},
{
"expressions": [
{
"expression": "test_expression"
}
],
"operator": "contains",
"targets": [
{
"target": "request_body:x-www-form-urlencoded:field"
}
]
}
],
"description": "Negative rule",
"priority": "1",
"rq_host": "www.xxxxxxxxx-xxx.it",
"username": "admin"
}
]
}
Response
Status codes
| Status code | Message |
|---|---|
| 200 | "Rules created" |
| 400 | "Error creating rules" |
| 403 | "Forbidden" |
Body
{
"data": {
"rule_ids": [
"abc18f6b-b41a-420e-a08a-1bd21d46754d"
]
},
"message": "Rules created",
"status": "ok"
}
Update a specific rule
Request
Definition
PUT /api/v1/application_rules/{application_rule_id}
Header
-
AuthorizationrequiredAuthentication token with privileges to view the resource.
Bearer {token} -
Content-Typerequiredmultipart/mixed
Request body
{
"attrs": {
"description": "A new description",
"priority": "10"
}
}
Response
Status codes
| Status code | Message |
|---|---|
| 200 | "Rules updated" |
| 400 | "Error updating the rule" |
| 403 | "Forbidden" |
Body
{
"data": {
"rule_ids": [
"ac07f403-ca35-4911-8211-bb59ed7be152"
]
},
"message": "Rules updated",
"status": "ok"
}
Update multiple rules
Request
Definition
PUT /api/v1/application_rules/
Header
-
AuthorizationrequiredAuthentication token with privileges to view the resource.
Bearer {token} -
Content-Typerequiredmultipart/mixed
Request body
{
"attrs": {
"description": "A new description",
"priority": "10"
},
"rule_ids": [
"c5ed7447-161c-4c5d-aaae-f64517694fae",
"1e62e14b-d3e5-4c63-8e2e-e65223abeb71"
]
}
Response
Status codes
| Status code | Message |
|---|---|
| 200 | "Rules updated" |
| 400 | "Error updating the rule" |
| 403 | "Forbidden" |
Body
{
"data": {
"rule_ids": [
"1e62e14b-d3e5-4c63-8e2e-e65223abeb71",
"c5ed7447-161c-4c5d-aaae-f64517694fae"
]
},
"message": "Rules updated",
"status": "ok"
}
Delete rules by specific IDs
Request
Definition
DELETE //api/v1/application_rules
Header
-
AuthorizationrequiredAuthentication token with privileges to view the resource.
Bearer {token} -
Content-Typerequiredmultipart/mixed
Request body
{
"rule_ids": [
"f4d87358-7003-42ee-80dd-168230777260"
]
}
Response
Status codes
| Status code | Message |
|---|---|
| 200 | "Rules deleted" |
| 400 | "Error deleting rules." |
| 403 | "Forbidden" |
Body
{
"data": {
"rule_ids": [
"f4d87358-7003-42ee-80dd-168230777260"
]
},
"message": "Rules deleted",
"status": "ok"
}