PATCH /wafpolicy/{uuid}

PATCH /wafpolicy/{uuid}

/wafpolicy/{uuid}

Request
URI
PATCH
https://{api_host}/api/wafpolicy/{uuid}
COPY
Path Parameters
string
uuid
Required

UUID of the object to fetch

Query Parameters
string
name
Optional

object name

Header Parameters
string
X-Avi-Tenant
Optional

Avi Tenant Header

string
X-Avi-Tenant-UUID
Optional

Avi Tenant Header UUID

string
X-Avi-Version
Required

The caller is required to set Avi Version Header to the expected version of configuration. The response from the controller will provide and accept data according to the specified version. The controller will reject POST and PUT requests where the data is not compatible with the specified version.

string
X-CSRFToken
Optional

Avi Controller may send back CSRF token in the response cookies. The caller should update the request headers with this token else controller will reject requests.


Request Body

WafPolicy object creation

WafPolicy of type(s) application/json
Optional

Show optional properties

{
    "mode": "string",
    "name": "string",
    "waf_profile_ref": "string"
}
{
    "_last_modified": "string",
    "allow_mode_delegation": false,
    "allowlist": {
        "rules": [
            {
                "actions": [
                    "string"
                ],
                "description": "string",
                "enable": false,
                "index": 0,
                "match": {
                    "bot_detection_result": {
                        "classifications": [
                            {
                                "type": "string",
                                "user_defined_type": "string"
                            }
                        ],
                        "match_operation": "string"
                    },
                    "client_ip": {
                        "addrs": [
                            {
                                "addr": "string",
                                "type": "string"
                            }
                        ],
                        "group_refs": [
                            "string"
                        ],
                        "match_criteria": "string",
                        "prefixes": [
                            {
                                "ip_addr": {
                                    "addr": "string",
                                    "type": "string"
                                },
                                "mask": 0
                            }
                        ],
                        "ranges": [
                            {
                                "begin": {
                                    "addr": "string",
                                    "type": "string"
                                },
                                "end": {
                                    "addr": "string",
                                    "type": "string"
                                }
                            }
                        ]
                    },
                    "cookie": {
                        "match_case": "string",
                        "match_criteria": "string",
                        "name": "string",
                        "value": "string"
                    },
                    "geo_matches": [
                        {
                            "attribute": "string",
                            "match_operation": "string",
                            "values": [
                                "string"
                            ]
                        }
                    ],
                    "hdrs": [
                        {
                            "hdr": "string",
                            "match_case": "string",
                            "match_criteria": "string",
                            "value": [
                                "string"
                            ]
                        }
                    ],
                    "host_hdr": {
                        "match_case": "string",
                        "match_criteria": "string",
                        "value": [
                            "string"
                        ]
                    },
                    "ip_reputation_type": {
                        "match_operation": "string",
                        "reputation_types": [
                            "string"
                        ]
                    },
                    "method": {
                        "match_criteria": "string",
                        "methods": [
                            "string"
                        ]
                    },
                    "path": {
                        "match_case": "string",
                        "match_criteria": "string",
                        "match_decoded_string": false,
                        "match_str": [
                            "string"
                        ],
                        "string_group_refs": [
                            "string"
                        ]
                    },
                    "protocol": {
                        "match_criteria": "string",
                        "protocols": "string"
                    },
                    "query": {
                        "match_case": "string",
                        "match_criteria": "string",
                        "match_decoded_string": false,
                        "match_str": [
                            "string"
                        ],
                        "string_group_refs": [
                            "string"
                        ]
                    },
                    "source_ip": {
                        "addrs": [
                            {
                                "addr": "string",
                                "type": "string"
                            }
                        ],
                        "group_refs": [
                            "string"
                        ],
                        "match_criteria": "string",
                        "prefixes": [
                            {
                                "ip_addr": {
                                    "addr": "string",
                                    "type": "string"
                                },
                                "mask": 0
                            }
                        ],
                        "ranges": [
                            {
                                "begin": {
                                    "addr": "string",
                                    "type": "string"
                                },
                                "end": {
                                    "addr": "string",
                                    "type": "string"
                                }
                            }
                        ]
                    },
                    "tls_fingerprint_match": {
                        "fingerprints": [
                            "string"
                        ],
                        "match_operation": "string",
                        "string_group_refs": [
                            "string"
                        ]
                    },
                    "version": {
                        "match_criteria": "string",
                        "versions": [
                            "string"
                        ]
                    },
                    "vs_port": {
                        "match_criteria": "string",
                        "ports": [
                            0
                        ]
                    }
                },
                "name": "string",
                "sampling_percent": 0
            }
        ]
    },
    "application_signatures": {
        "provider_ref": "string",
        "resolved_rules": [
            {
                "enable": false,
                "exclude_list": [
                    {
                        "client_subnet": {
                            "ip_addr": {
                                "addr": "string",
                                "type": "string"
                            },
                            "mask": 0
                        },
                        "description": "string",
                        "match_element": "string",
                        "match_element_criteria": {
                            "match_case": "string",
                            "match_op": "string"
                        },
                        "uri_match_criteria": {
                            "match_case": "string",
                            "match_op": "string"
                        },
                        "uri_path": "string"
                    }
                ],
                "index": 0,
                "is_sensitive": false,
                "mode": "string",
                "name": "string",
                "paranoia_level": "string",
                "phase": "string",
                "rule": "string",
                "rule_id": "string",
                "tags": [
                    "string"
                ]
            }
        ],
        "rule_overrides": [
            {
                "enable": false,
                "exclude_list": [
                    {
                        "client_subnet": {
                            "ip_addr": {
                                "addr": "string",
                                "type": "string"
                            },
                            "mask": 0
                        },
                        "description": "string",
                        "match_element": "string",
                        "match_element_criteria": {
                            "match_case": "string",
                            "match_op": "string"
                        },
                        "uri_match_criteria": {
                            "match_case": "string",
                            "match_op": "string"
                        },
                        "uri_path": "string"
                    }
                ],
                "mode": "string",
                "rule_id": "string"
            }
        ],
        "ruleset_version": "string",
        "selected_applications": [
            "string"
        ]
    },
    "auto_update_crs": false,
    "bypass_static_extensions": false,
    "confidence_override": {
        "confid_high_value": 0,
        "confid_low_value": 0,
        "confid_probable_value": 0,
        "confid_very_high_value": 0
    },
    "configpb_attributes": {
        "version": 0
    },
    "created_by": "string",
    "crs_overrides": [
        {
            "enable": false,
            "exclude_list": [
                {
                    "client_subnet": {
                        "ip_addr": {
                            "addr": "string",
                            "type": "string"
                        },
                        "mask": 0
                    },
                    "description": "string",
                    "match_element": "string",
                    "match_element_criteria": {
                        "match_case": "string",
                        "match_op": "string"
                    },
                    "uri_match_criteria": {
                        "match_case": "string",
                        "match_op": "string"
                    },
                    "uri_path": "string"
                }
            ],
            "mode": "string",
            "name": "string",
            "rule_overrides": [
                {
                    "enable": false,
                    "exclude_list": [
                        {
                            "client_subnet": {
                                "ip_addr": {
                                    "addr": "string",
                                    "type": "string"
                                },
                                "mask": 0
                            },
                            "description": "string",
                            "match_element": "string",
                            "match_element_criteria": {
                                "match_case": "string",
                                "match_op": "string"
                            },
                            "uri_match_criteria": {
                                "match_case": "string",
                                "match_op": "string"
                            },
                            "uri_path": "string"
                        }
                    ],
                    "mode": "string",
                    "rule_id": "string"
                }
            ]
        }
    ],
    "description": "string",
    "enable_app_learning": false,
    "enable_auto_rule_updates": false,
    "enable_regex_learning": false,
    "failure_mode": "string",
    "geo_db_ref": "string",
    "learning_params": {
        "enable_learn_from_bots": false,
        "enable_per_uri_learning": false,
        "learn_from_authenticated_clients_only": false,
        "learn_from_bots": {
            "classifications": [
                {
                    "type": "string",
                    "user_defined_type": "string"
                }
            ],
            "match_operation": "string"
        },
        "max_params": 0,
        "max_uris": 0,
        "min_hits_to_learn": 0,
        "sampling_percent": 0,
        "trusted_ipgroup_ref": "string",
        "update_interval": 0
    },
    "markers": [
        {
            "key": "string",
            "values": [
                "string"
            ]
        }
    ],
    "min_confidence": "string",
    "mode": "string",
    "name": "string",
    "paranoia_level": "string",
    "positive_security_model": {
        "group_refs": [
            "string"
        ]
    },
    "post_crs_groups": [
        {
            "enable": false,
            "exclude_list": [
                {
                    "client_subnet": {
                        "ip_addr": {
                            "addr": "string",
                            "type": "string"
                        },
                        "mask": 0
                    },
                    "description": "string",
                    "match_element": "string",
                    "match_element_criteria": {
                        "match_case": "string",
                        "match_op": "string"
                    },
                    "uri_match_criteria": {
                        "match_case": "string",
                        "match_op": "string"
                    },
                    "uri_path": "string"
                }
            ],
            "index": 0,
            "name": "string",
            "rules": [
                {
                    "enable": false,
                    "exclude_list": [
                        {
                            "client_subnet": {
                                "ip_addr": {
                                    "addr": "string",
                                    "type": "string"
                                },
                                "mask": 0
                            },
                            "description": "string",
                            "match_element": "string",
                            "match_element_criteria": {
                                "match_case": "string",
                                "match_op": "string"
                            },
                            "uri_match_criteria": {
                                "match_case": "string",
                                "match_op": "string"
                            },
                            "uri_path": "string"
                        }
                    ],
                    "index": 0,
                    "is_sensitive": false,
                    "mode": "string",
                    "name": "string",
                    "paranoia_level": "string",
                    "phase": "string",
                    "rule": "string",
                    "rule_id": "string",
                    "tags": [
                        "string"
                    ]
                }
            ]
        }
    ],
    "pre_crs_groups": [
        {
            "enable": false,
            "exclude_list": [
                {
                    "client_subnet": {
                        "ip_addr": {
                            "addr": "string",
                            "type": "string"
                        },
                        "mask": 0
                    },
                    "description": "string",
                    "match_element": "string",
                    "match_element_criteria": {
                        "match_case": "string",
                        "match_op": "string"
                    },
                    "uri_match_criteria": {
                        "match_case": "string",
                        "match_op": "string"
                    },
                    "uri_path": "string"
                }
            ],
            "index": 0,
            "name": "string",
            "rules": [
                {
                    "enable": false,
                    "exclude_list": [
                        {
                            "client_subnet": {
                                "ip_addr": {
                                    "addr": "string",
                                    "type": "string"
                                },
                                "mask": 0
                            },
                            "description": "string",
                            "match_element": "string",
                            "match_element_criteria": {
                                "match_case": "string",
                                "match_op": "string"
                            },
                            "uri_match_criteria": {
                                "match_case": "string",
                                "match_op": "string"
                            },
                            "uri_path": "string"
                        }
                    ],
                    "index": 0,
                    "is_sensitive": false,
                    "mode": "string",
                    "name": "string",
                    "paranoia_level": "string",
                    "phase": "string",
                    "rule": "string",
                    "rule_id": "string",
                    "tags": [
                        "string"
                    ]
                }
            ]
        }
    ],
    "required_data_files": [
        {
            "name": "string",
            "type": "string"
        }
    ],
    "tenant_ref": "string",
    "updated_crs_rules_in_detection_mode": false,
    "url": "string",
    "uuid": "string",
    "waf_crs_ref": "string",
    "waf_profile_ref": "string"
}
Responses
200

OK

Returns WafPolicy of type(s) application/json
"WafPolicy Object"
string
_last_modified
Optional

UNIX time since epoch in microseconds. Units(MICROSECONDS).

boolean
allow_mode_delegation
Optional
Constraints: default: true

Allow Rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

object
allowlist
Optional

allowlist

object
application_signatures
Optional

application_signatures

boolean
auto_update_crs
Optional

If this flag is set, the system will try to keep the CRS version used in this policy up-to-date. If a newer CRS object is available on this controller, the system will issue the CRS upgrade process for this WAF Policy. It will not update polices if the current CRS version is CRS-VERSION-NOT-APPLICABLE. Field introduced in 22.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

boolean
bypass_static_extensions
Optional
Constraints: default: true

Enable the functionality to bypass WAF for static file extensions. Field introduced in 22.1.1. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

object
confidence_override
Optional

confidence_override

object
configpb_attributes
Optional

configpb_attributes

string
created_by
Optional

Creator name. Field introduced in 17.2.4. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

array of object
crs_overrides
Optional

Override attributes for CRS rules. Field introduced in 20.1.6. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

string
description
Optional

Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
enable_app_learning
Optional

Enable Application Learning for this WAF policy. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
enable_auto_rule_updates
Optional
Constraints: default: true

Enable Application Learning based rule updates on the WAF Profile. Rules will be programmed in dedicated WAF learning group. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
enable_regex_learning
Optional

Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

string
failure_mode
Optional
Constraints: default: WAF_FAILURE_MODE_OPEN

WAF Policy failure mode. This can be 'Open' or 'Closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

string
geo_db_ref
Optional

Geo Location Mapping Database used by this WafPolicy. It is a reference to an object of type GeoDB. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

object
learning_params
Optional

learning_params

array of object
markers
Optional

List of labels to be used for granular RBAC. Field introduced in 20.1.5. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.

string
min_confidence
Optional
Constraints: default: CONFIDENCE_VERY_HIGH

Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

string
mode
Required
Constraints: default: WAF_MODE_DETECTION_ONLY

WAF Policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

string
name
Required

Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

string
paranoia_level
Optional
Constraints: default: WAF_PARANOIA_LEVEL_LOW

WAF Ruleset paranoia mode. This is used to select Rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

object
positive_security_model
Optional

positive_security_model

array of object
post_crs_groups
Optional

WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the CRS groups. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

array of object
pre_crs_groups
Optional

WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the CRS groups. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

array of object
required_data_files
Optional

The data files and types referred in this WAF policy. Field introduced in 22.1.3. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.

string
tenant_ref
Optional

It is a reference to an object of type Tenant. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
updated_crs_rules_in_detection_mode
Optional
Constraints: default: true

While updating CRS, the system will make sure that new rules are added in DETECTION mode. It only has an effect if the Policy is in ENFORCEMENT mode. In this case, the update will set new rules into DETECTION mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is DETECTION, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the UI based CRS update workflow. Field introduced in 22.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

string
url
Optional

url

string
uuid
Optional

Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

string
waf_crs_ref
Optional

WAF core ruleset used for the CRS part of this Policy. It is a reference to an object of type WafCRS. Field introduced in 18.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

string
waf_profile_ref
Required

WAF Profile for WAF policy. It is a reference to an object of type WafProfile. Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.


401

log in failed

Operation doesn't return any data structure

Code Samples
COPY
                    curl -X PATCH -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{"mode:"string","name:"string","waf_profile_ref:"string"}'