POST /csrfpolicy
/csrfpolicy
Avi Tenant Header
Avi Tenant Header UUID
The caller is required to set Avi Version Header to the expected version of configuration. The response from the controller will provide and accept data according to the specified version. The controller will reject POST and PUT requests where the data is not compatible with the specified version.
Avi Controller may send back CSRF token in the response cookies. The caller should update the request headers with this token else controller will reject requests.
CSRFPolicy object creation
Show optional properties
{
"name": "string"
}{
"_last_modified": "string",
"configpb_attributes": {
"version": 0
},
"cookie_name": "string",
"csrf_file_ref": "string",
"description": "string",
"name": "string",
"rules": [
{
"action": "string",
"enable": false,
"index": 0,
"match": {
"bot_detection_result": {
"classifications": [
{
"type": "string",
"user_defined_type": "string"
}
],
"match_operation": "string"
},
"client_ip": {
"addrs": [
{
"addr": "string",
"type": "string"
}
],
"group_refs": [
"string"
],
"match_criteria": "string",
"prefixes": [
{
"ip_addr": {
"addr": "string",
"type": "string"
},
"mask": 0
}
],
"ranges": [
{
"begin": {
"addr": "string",
"type": "string"
},
"end": {
"addr": "string",
"type": "string"
}
}
]
},
"cookie": {
"match_case": "string",
"match_criteria": "string",
"name": "string",
"value": "string"
},
"geo_matches": [
{
"attribute": "string",
"match_operation": "string",
"values": [
"string"
]
}
],
"hdrs": [
{
"hdr": "string",
"match_case": "string",
"match_criteria": "string",
"string_group_refs": [
"string"
],
"value": [
"string"
]
}
],
"host_hdr": {
"match_case": "string",
"match_criteria": "string",
"value": [
"string"
]
},
"ip_reputation_type": {
"match_operation": "string",
"reputation_types": [
"string"
]
},
"method": {
"match_criteria": "string",
"methods": [
"string"
]
},
"path": {
"match_case": "string",
"match_criteria": "string",
"match_decoded_string": false,
"match_str": [
"string"
],
"string_group_refs": [
"string"
]
},
"protocol": {
"match_criteria": "string",
"protocols": "string"
},
"query": {
"match_case": "string",
"match_criteria": "string",
"match_decoded_string": false,
"match_str": [
"string"
],
"string_group_refs": [
"string"
]
},
"source_ip": {
"addrs": [
{
"addr": "string",
"type": "string"
}
],
"group_refs": [
"string"
],
"match_criteria": "string",
"prefixes": [
{
"ip_addr": {
"addr": "string",
"type": "string"
},
"mask": 0
}
],
"ranges": [
{
"begin": {
"addr": "string",
"type": "string"
},
"end": {
"addr": "string",
"type": "string"
}
}
]
},
"tls_fingerprint_match": {
"fingerprints": [
"string"
],
"match_operation": "string",
"string_group_refs": [
"string"
]
},
"version": {
"match_criteria": "string",
"versions": [
"string"
]
},
"vs_port": {
"match_criteria": "string",
"ports": [
0
]
}
},
"name": "string"
}
],
"tenant_ref": "string",
"token_validity_time_min": 0,
"url": "string",
"uuid": "string"
}OK
"CSRFPolicy Object"UNIX time since epoch in microseconds. Units(MICROSECONDS).
configpb_attributes
Name of the cookie to be used for CSRF token. Field introduced in 30.2.1. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
The file object that contains csrf javascript content. Must be of type 'CSRF'. It is a reference to an object of type FileObject. Field introduced in 31.1.1. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
Human-readable description of this CSRF Protection Policy. Field introduced in 30.2.1. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
The name of this CSRF Protection Policy. Field introduced in 30.2.1. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
Rules to control which requests undergo CSRF Protection.If the client's request doesn't match with any rules MatchTarget, BYPASS_CSRF action is applied. Field introduced in 30.2.1. Minimum of 1 items required. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
The unique identifier of the tenant to which this policy belongs. It is a reference to an object of type Tenant. Field introduced in 30.2.1. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
A CSRF token is rotated when this amount of time has passed. Even after that, tokens will be accepted until twice this amount of time has passed. Note, however, that other timeouts from the underlying session layer also affect how long a given token can be used. A token will be invalidated (rotated or deleted) after one of 'token_validity_time_min' (this value), 'session_establishment_timeout', 'session_idle_timeout', 'session_maximum_timeout' is reached, whichever occurs first. Allowed values are 10-1440. Special values are 0- unlimited. Field introduced in 30.2.1. Unit is MIN. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
url
A unique identifier to this CSRF Protection Policy. Field introduced in 30.2.1. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
log in failed
curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{"name:"string"}' https://{api_host}/api/csrfpolicy