Local Policy File v1beta2 (beta)
Last updated
Was this helpful?
Last updated
Was this helpful?
Beta Feature Notice This feature is currently in beta and may undergo changes based on user feedback and testing. please note that some functionality may be subject to updates or improvements in future releases.
We encourage you to explore this feature and share your feedback to help us enhance it. If you encounter any issues or have suggestions, please contact us at info@openappsec.io
In order to use the v1beta2 CRDs simply replace the existing configuration file on your agent
For Linux deployments use
open-appsec-ctl --edit-policyFor Docker Deployment replace the mounted local configuration file
Make sure to apply policy once done.
open-appsec-ctl --apply-policyExample configurations can be found .
You can download all the configuration segments examples shown below in a single file here:
https://raw.githubusercontent.com/openappsec/openappsec/main/config/linux/v1beta2/example/local_policy.yamlWhen creating your own local configuration file based on the v1beta2 configuration schema:
Make sure to add apiVersion: v1beta2 at the top of the file to specify using v1beta2 of our local configuration.
The policies section defines the default behaviors that will apply to all web resources exposed as well as specific rules for overriding the default behavior for specific hostname/path combinations.
policies:
default:
mode: detect-learn
accessControlPractices: [access-control-practice-example]
threatPreventionPractices: [threat-prevention-practice-example]
triggers: [log-trigger-example]
customResponse: web-user-response-exmaple
sourceIdentifiers: ""
trustedSources: ""
exceptions:
- exception-example
specificRules:
- host: "example.com"
mode: prevent-learn
threatPreventionPractices: [threat-prevention-practice-example]
accessControlPractices: [access-control-practice-example]
triggers: [log-trigger-example]
customResponse: web-user-response-exmaple
sourceIdentifiers: ""
trustedSources: ""
exceptions:
- exception-exampledefault (object, required): The default configuration for the policy. This field is required.
mode (string, required): Specifies the mode of the entire policy.
Possible values: prevent-learn, detect-learn, prevent, detect, inactive.
Default: detect-learn.
threatPreventionPractices (array<string>, required): A list of threat prevention practices.
Minimum items: 0.
accessControlPractices (array<string>, required): A list of access control practices.
Minimum items: 0.
customResponse (string, optional): Specifies a custom response code.
Default: 403.
triggers (array<string>, required): Specifies additional triggers for the policy.
sourceIdentifiers (string, optional): Specifies source identifiers for the policy.
trustedSources (string, optional): Specifies trusted sources for the policy.
exceptions (array<string>, optional): Specifies exception rules for the policy.
specificRules (array<object>, optional): Specifies rules tailored to specific hosts.
host (string, required): Specifies the host for the rule.
mode (string, required): Mode for the specific rule.
Possible values: prevent-learn, detect-learn, prevent, detect, inactive.
Default: detect-learn.
threatPreventionPractices (array<string>, required): Threat prevention practices for the specific rule.
accessControlPractices (array<string>, required): Access control practices for the specific rule.
triggers (array<string>, required): Triggers for the specific rule.
customResponse (string, optional): Custom response code for the specific rule.
sourceIdentifiers (string, optional): Source identifiers for the specific rule.
trustedSources (string, optional): Trusted sources for the specific rule.
exceptions (array<string>, optional): Exception rules for the specific rule.
Practice resources define which threat prevention security engines will be active and what their settings are.
threatPreventionPractices:
- name: threat-prevention-practice-example
practiceMode: inherited
webAttacks:
overrideMode: inherited
minimumConfidence: high
intrusionPrevention:
# intrusion prevention (IPS) requires "Premium Edition"
overrideMode: inherited
maxPerformanceImpact: medium
minSeverityLevel: medium
minCveYear: 2016
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
fileSecurity:
# file security requires "Premium Edition"
overrideMode: inherited
minSeverityLevel: medium
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
snortSignatures:
# you must specify snort signatures in configmap or file to activate snort inspection
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
schemaValidation: # schema validation requires "Premium Edition"
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
antiBot: # antibot requires "Premium Edition"
overrideMode: inherited
injectedUris: []
validatedUris: []name (string ,required) Unique name for the threat prevention practice.
practiceMode (string ,optional) Defines the mode of operation for the practice. Possible values: inherited, prevent-learn, detect-learn, prevent, detect, inactive
Default: inherited from mode set in policy.
webAttacks (object ,required)
overrideMode (string ,optional) The override mode for web attacks. Possible values: prevent-learn, detect-learn, prevent, detect, inactive, inherited #inherited from threatPreventionPractice mode set in policy
Default: inherited
minimumConfidence (string ,optional) The minimum confidence level for web attacks. Possible values: medium, high, critical
Default: high
maxUrlSizeBytes (integer ,optional) Maximum URL size in bytes.
Default: 32768
maxObjectDepth (integer ,optional)Maximum object depth.
Default: 40
maxBodySizeKb (integer ,optional) Maximum body size in KB.
Default: 1000000
maxHeaderSizeBytes (integer ,optional) Maximum header size in bytes.
Default: 102400
protections (object, optional)
csrfProtection (string ,optional) CSRF protection mode. Possible values: prevent-learn, detect-learn, prevent, detect, inactive, inherited #inherited from overrideMode
Default: inactive
errorDisclosure (string ,optional) Error disclosure mode. Possible values: prevent-learn, detect-learn, prevent, detect, inactive, inherited #inherited from overrideMode
Default: inactive
openRedirect (string ,optional) Open redirect protection mode. Possible values: prevent-learn, detect-learn, prevent, detect, inactive, inherited #inherited from overrideMode
Default: inactive
nonValidHttpMethods (bollean,optional)
Default: false
antiBot (object, optional)
overrideMode (string ,required) Override mode for bot prevention. Possible values: prevent-learn, detect-learn, prevent, detect, inactive, inherited #inherited from threatPreventionPractice mode set in policy
Default: inactive
injectedUris (array<string>, optional) List of injected URIs to be checked for bot prevention.
validatedUris (array<string>, optional) List of validated URIs to be checked for bot prevention.
snortSignatures (object, optional)
overrideMode (string ,required) Override mode for Snort signatures. Possible values:prevent-learn, detect-learn, prevent, detect, inactive, inherited
Default: inherited inherited from threatPreventionPractice mode set in policy
configmap (array<string> ,optional) List of configuration maps related to Snort signatures.
files (array<string> ,optional)List of files related to Snort signatures.
schemaValidation (object, optional)
overrideMode (string ,required) Override mode for schema validation. Possible values: prevent-learn, detect-learn,prevent, detect, inactive, inherited
Default: inherited inherited from threatPreventionPractice mode set in policy
enforcementLevel (string ,optional) Level of enforcement for schema validation.
configmap (array<string> ,optional) List of configuration maps related to schema validation.
files (array<string> ,optional) List of files related to schema validation
intrusionPrevention (object, optional)
overrideMode string: (required) Override mode for intrusion prevention. Possible values: prevent-learn, detect-learn, prevent, detect, inactive, inherited inherited from threatPreventionPractice mode set in policy
Default: inactive
maxPerformanceImpact (string ,optional) ) Maximum acceptable performance impact. Possible values: low, medium, high
Default: medium
minSeverityLevel (string ,optional) Minimum severity level for intrusion prevention events. Possible values: low, medium, high, critical
Default: medium
minCveYear (integer, optional) ) Minimum year of CVE for inclusion in intrusion prevention events.
Default: 2016
highConfidenceEventAction (string ,optional) Action for high confidence events. Possible values: prevent, detect, inactive, inherited
Default: inherited as set in overrideMode for intrusionPrevention
mediumConfidenceEventAction (string ,optional) Action for medium confidence events. Possible values:prevent, detect, inactive, inherited
Default: inherited as set in overrideMode for intrusionPrevention
lowConfidenceEventAction (string ,optional) Action for medium confidence events. Possible values:prevent, detect, inactive, inherited
Default: detect
fileSecurity (object, optional)
overrideMode string: (required) Override mode for intrusion prevention. Possible values: prevent-learn, detect-learn, prevent, detect, inactive, inherited inherited from threatPreventionPractice mode set in policy
Default: inactive
minSeverityLevel (string ,optional) Minimum severity level for file secuirty events. Possible values: low, medium, high, critical
Default: medium
highConfidenceEventAction (string ,optional) Action for high confidence events. Possible values: prevent, detect, inactive, inherited
Default: inherited as set in overrideMode for intrusionPrevention
mediumConfidenceEventAction (string ,optional) Action for medium confidence events. Possible values:prevent, detect, inactive, inherited
Default: inherited as set in overrideMode for intrusionPrevention
lowConfidenceEventAction (string ,optional) Action for medium confidence events. Possible values:prevent, detect, inactive, inherited
Default: detect
archiveInspection (object, optional):
extractArchiveFiles (boolean, optional): Whether to extract files from archives for inspection.
Default: false.
scanMaxFileSize (integer, optional): Maximum file size to scan within archives. Default: 10.
scanMaxFileSizeUnit (string, optional): Unit of the maximum file size for scanning. Possible values: bytes, KB, MB, GB.
Default: MB.
archivedFilesWithinArchivedFiles (string, optional): Action for archived files nested within other archived files. Possible values: prevent, detect, inactive, inherited.
Default: inherited, as set in overrideMode for fileSecurity.
archivedFilesWhereContentExtractionFailed (string, optional): Action when content extraction from archived files fails. Possible values: prevent, detect, inactive, inherited.
Default: inherited, as set in overrideMode for fileSecurity.
largeFileInspection (object, optional):
fileSizeLimit (integer, optional): Maximum file size limit for inspection.
Default: 10.
fileSizeLimitUnit (string, optional): Unit of the file size limit. Possible values: bytes, KB, MB, GB.
Default: MB.
filesExceedingSizeLimitAction (string, optional): Action for files exceeding the size limit. Possible values: prevent, detect, inactive, inherited.
Default: inherited, as set in overrideMode for fileSecurity.
unnamedFilesAction (string, optional): Action for unnamed files. Possible values: prevent, detect, inactive, inherited.
Default: inherited, as set in overrideMode for fileSecurity.
threatEmulationEnabled (boolean, optional): Whether threat emulation is enabled for file security.
Default: false.
Practice resources define which Access Control security engines will be active and what their settings are.
accessControlPractices:
- name: access-control-practice-example
practiceMode: inherited
rateLimit:
# specify one or more rules below to use rate limiting
overrideMode: inherited
rules: []name (string, required): The name of the access control policy.
practiceMode (string, optional): Defines the mode for the access control policy. Possible values: prevent, detect, inactive, inherited (inherited values are determined by the mode set in the policy).
Default: inherited .
rateLimit (object, required):
overrideMode (string, optional): Allows overriding the mode defined at the policy level for this specific engine. Possible values: prevent, detect, inactive, inherited (inherited values are determined by the mode set in the practice).
Default: inactive.
rules (array<objects>, optional): List of rate-limiting rules.
action (string, optional): Action to take when a rate limit is exceeded. Possible values: inherited, prevent, detect (inherited values are determined by the mode set in the rate limiting overide mode).
Default: inherited.
condition (array<objects>, optional): List of conditions for rate limiting (currently not supported).
key (string, required): The key for the condition.
value (string, required): The value for the condition.
uri (string, optional): URI pattern for the rate limit rule.
limit (integer, optional): The rate limit threshold.
unit (string, optional): The time unit for the rate limit. Possible values: minute, second.
Default: minute.
triggers (array<objects>, optional): List of triggers that activate the rule.
comment (string, optional): A comment explaining the rate limit.
Optional custom responses can be configured to return in prevent mode either a customizable block page or the desired response code only. The custom responses than can be referenced within one or more policy elements.
customResponses:
- name: web-user-response-exmaple
mode: response-code-only
httpResponseCode: 403name (string, required): A unique name for the custom response configuration.
mode (string, required): Defines the response mode for blocked requests. Possible values: block-page, redirect, response-code-only.
Default: response-code-only.
messageTitle (string, optional): Title displayed on the block page (relevant when mode is block-page).
messageBody (string, optional): Body message displayed on the block page (relevant when mode is block-page).
httpResponseCode (integer, required): HTTP response code returned when blocking. Minimum: 100. Maximum: 599.
Default: 403.
redirectUrl (string, optional): URL to redirect the blocked requests to (relevant when mode is redirect).
redirectAddXEventId (boolean, optional): Adds an X-Event-ID header to redirected requests.
Default: false.
Optional log trigger elements can be used to configure custom logging requirements. They can then be referenced within one or more policy elements.
logTriggers:
- name: log-trigger-example
accessControlLogging:
allowEvents: false
dropEvents: true
appsecLogging:
detectEvents: true
preventEvents: true
allWebRequests: false
extendedLogging:
urlPath: true
urlQuery: true
httpHeaders: false
requestBody: false
additionalSuspiciousEventsLogging:
enabled: true
minSeverity: high
responseBody: false
responseCode: true
logDestination:
cloud: true
logToAgent: false
stdout:
format: jsonname (string, required): The unique name identifying the log trigger.
accessControlLogging (object, required): Configuration for access control logs.
allowEvents (boolean, optional): Log allowed events.
Default: false.
dropEvents (boolean, optional): Log dropped events.
Default: true.
appsecLogging (object, required): Configuration for application security logs.
detectEvents (boolean, optional): Log detection events.
Default: true.
preventEvents (boolean, optional): Log prevention events.
Default: true.
allWebRequests (boolean, optional): Log all web requests, regardless of action.
Default: false.
additionalSuspiciousEventsLogging (object, required): Configuration for logging suspicious events.
enabled (boolean, optional): Enable or disable logging for suspicious events. Default: true.
minSeverity (string, optional): Minimum severity level to log. Options: high, critical.
Default: high.
responseBody (boolean, optional): Include response body in logs.
Default: false.
responseCode (boolean, optional): Include response code in logs.
Default: true.
extendedLogging (object, required): Configuration for extended logging details.
urlPath (boolean, optional): Log URL path.
Default: false.
urlQuery (boolean, optional): Log URL query parameters.
Default: false.
httpHeaders (boolean, optional): Log HTTP headers.
Default: false.
requestBody (boolean, optional): Log HTTP request body.
Default: false.
logDestination (object, required): Configuration for log destinations.
cloud (boolean, optional): Send logs to the cloud.
Default: false.
syslogService (array, optional): List of syslog services.
address (array<string>, required): Syslog server address.
port (integer, required): Syslog server port.
logToAgent (boolean, optional): Send logs to the agent.
Default: true.
stdout (object, optional): Configuration for logs sent to standard output.
format (string, optional): Log format. Options: json, json-formatted.
Default: json.
k8s-service (boolean, optional): Enable logging to Kubernetes service (default depends on environment type).
cefService (array, optional): List of CEF (Common Event Format) services.
address (string, required): CEF server address.
port (integer, required): CEF server port.
proto (string, optional): Protocol for CEF. Options: tcp, udp.
Optional exception elements can be used to configure custom exceptions. They can then be referenced within one or more policy elements.
exceptions:
- name: exception-example
action: "accept"
condition:
- key: "countryCode"
value: "US"name: (string ,required) - The unique name identifying the exception.
action: (string ,required) - Action to take when the exception is triggered. Possible options: skip, accept, drop, suppressLog.
Default: accept.
condition: (array<object> ,required) - List of one or more conditions that must be met for the exception to apply.
value: (string ,required) - The value associated with the key to match.
Optional trusted sources can be defined, for which the machine learning engine will assume, that the traffic originating from them is benign and learn accordingly.
Trusted sources elements can then be referenced within the policies section.
trustedsources:
- name: trusted-sources-example
minNumOfSources: 3
sourcesIdentifiers:
- 1.0.0.27
- 1.0.0.28
- 1.0.0.29name: (string). A unique identifier for the trusted source configuration.
minNumOfSources: (integer , required) - The minimum number of trusted sources needed to apply the configuration.
Default: 3.
sourcesIdentifiers: (array<stri
Source Identifiers can be used to define how open-appsec distinguishes between different sources, e.g. based on source IP addresses, x-forwarded-for header content, etc.
sourcesIdentifiers:
- name: sources-identifier-example
- identifier: sourceip
value:
- "0.0.0.0"name: (string ,required) A unique identifier for the sources configuration.
sourcesIdentifiers: (array<object>, required) A list of source identifiers to distinguish between sources based on the selected type and values. Each item is an object with the following properties:
identifier: (string enum, required) - The type of identifier. Possible options: headerkey, JWTKey, cookie, sourceip, x-forwarded-for
Default: sourceip.
value: (array<string>, required) - A list of values associated with the identifier. Each item is a string.
Here you find the full schema file for the local declarative configuration yaml file. This also shows you which fields are required and which are optional
type: object
properties:
apiVersion:
type: string
enum:
- v1beta1
- v1beta2
policies:
type: object
properties:
appsecClassName:
type: string
default:
type: object
required:
- mode
- threatPreventionPractices
- accessControlPractices
properties:
mode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
default: detect-learn
threatPreventionPractices:
type: array
items:
type: string
accessControlPractices:
type: array
items:
type: string
customResponse:
type: string
default: "403"
triggers:
type: array
items:
type: string
sourceIdentifiers:
type: string
trustedSources:
type: string
exceptions:
type: array
items:
type: string
specificRules:
type: array
items:
type: object
properties:
name:
type: string
host:
type: string
mode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
default: detect-learn
threatPreventionPractices:
type: array
items:
type: string
accessControlPractices:
type: array
items:
type: string
triggers:
type: array
items:
type: string
customResponse:
type: string
sourceIdentifiers:
type: string
trustedSources:
type: string
exceptions:
type: array
items:
type: string
logTriggers:
type: array
items:
type: object
required:
- accessControlLogging
- appsecLogging
- additionalSuspiciousEventsLogging
- extendedLogging
- logDestination
properties:
appsecClassName:
type: string
name:
type: string
accessControlLogging:
type: object
properties:
allowEvents:
type: boolean
default: false
dropEvents:
type: boolean
default: true
appsecLogging:
type: object
properties:
detectEvents:
type: boolean
default: true
preventEvents:
type: boolean
default: true
allWebRequests:
type: boolean
default: false
additionalSuspiciousEventsLogging:
type: object
properties:
enabled:
type: boolean
default: true
minSeverity:
type: string
enum:
- high
- critical
default: high
responseBody:
type: boolean
default: false
responseCode:
type: boolean
default: true
extendedLogging:
type: object
properties:
urlPath:
type: boolean
default: false
urlQuery:
type: boolean
default: false
httpHeaders:
type: boolean
default: false
requestBody:
type: boolean
default: false
logDestination:
type: object
properties:
cloud:
type: boolean
default: false
local-tuning:
type: boolean
default: false
syslogService:
type: array
items:
type: object
properties:
address:
type: string
port:
type: integer
logToAgent:
type: boolean
default: true
stdout:
type: object
properties:
format:
type: string
enum:
- json
- json-formatted
default: json
cefService:
type: array
items:
type: object
properties:
address:
type: string
port:
type: integer
proto:
type: string
enum:
- tcp
- udp
threatPreventionPractices:
type: array
items:
type: object
required:
- webAttacks
- intrusionPrevention
- fileSecurity
- snortSignatures
properties:
appsecClassName:
type: string
name:
type: string
practiceMode:
type: string
enum:
- inherited
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
default: inherited
webAttacks:
type: object
required:
- overrideMode
properties:
overrideMode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
- inherited
default: inactive
minimumConfidence:
type: string
enum:
- medium
- high
- critical
default: high
maxUrlSizeBytes:
type: integer
default: 32768
maxObjectDepth:
type: integer
default: 40
maxBodySizeKb:
type: integer
default: 1000000
maxHeaderSizeBytes:
type: integer
default: 102400
protections:
type: object
properties:
csrfProtection:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
- inherited
default: inactive
errorDisclosure:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
- inherited
default: inactive
openRedirect:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
- inherited
default: inactive
nonValidHttpMethods:
type: boolean
default: false
antiBot:
type: object
required:
- overrideMode
properties:
overrideMode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
- inherited
default: inactive
injectedUris:
type: array
items:
type: object
properties:
uri:
type: string
validatedUris:
type: array
items:
type: object
properties:
uri:
type: string
snortSignatures:
type: object
required:
- overrideMode
properties:
overrideMode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
- inherited
default: inactive
configmap:
type: array
items:
type: string
files:
type: array
items:
type: string
schemaValidation:
type: object
required:
- overrideMode
properties:
overrideMode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
- inherited
default: inactive
enforcementLevel:
type: string
configmap:
type: array
items:
type: string
files:
type: array
items:
type: string
intrusionPrevention:
type: object
required:
- overrideMode
properties:
overrideMode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
- inherited
default: inactive
maxPerformanceImpact:
type: string
enum:
- low
- medium
- high
default: medium
minSeverityLevel:
type: string
enum:
- low
- medium
- high
- critical
default: medium
minCveYear:
type: integer
default: 2016
highConfidenceEventAction:
type: string
enum:
- prevent
- detect
- inactive
- inherited
default: inherited
mediumConfidenceEventAction:
type: string
enum:
- prevent
- detect
- inactive
- inherited
default: inherited
lowConfidenceEventAction:
type: string
enum:
- prevent
- detect
- inactive
- inherited
default: detect
fileSecurity:
type: object
required:
- overrideMode
properties:
overrideMode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
- inherited
default: inactive
minSeverityLevel:
type: string
enum:
- low
- medium
- high
- critical
default: medium
highConfidenceEventAction:
type: string
enum:
- prevent
- detect
- inactive
- inherited
default: inherited
mediumConfidenceEventAction:
type: string
enum:
- prevent
- detect
- inactive
- inherited
default: inherited
lowConfidenceEventAction:
type: string
enum:
- prevent
- detect
- inactive
- inherited
default: detect
archiveInspection:
type: object
properties:
extractArchiveFiles:
type: boolean
default: false
scanMaxFileSize:
type: integer
default: 10
scanMaxFileSizeUnit:
type: string
enum:
- bytes
- KB
- MB
- GB
default: MB
archivedFilesWithinArchivedFiles:
type: string
enum:
- prevent
- detect
- inactive
- inherited #as set in overrideMode for fileSecurity
default: inherited
archivedFilesWhereContentExtractionFailed:
type: string
enum:
- prevent
- detect
- inactive
- inherited #as set in overrideMode for fileSecurity
default: inherited
largeFileInspection:
type: object
properties:
fileSizeLimit:
type: integer
default: 10
fileSizeLimitUnit:
type: string
enum:
- bytes
- KB
- MB
- GB
default: MB
filesExceedingSizeLimitAction:
type: string
enum:
- prevent
- detect
- inactive
- inherited #as set in overrideMode for fileSecurity
default: inherited
unnamedFilesAction:
type: string
enum:
- prevent
- detect
- inactive
- inherited #as set in overrideMode for fileSecurity
default: inherited
threatEmulationEnabled:
type: boolean
default: false
accessControlPractices:
type: array
items:
type: object
required:
- rateLimit
properties:
appsecClassName:
type: string
name:
type: string
practiceMode:
type: string
enum:
- inherited #inherited from mode set in policy
- prevent
- detect
- inactive
default: inherited
rateLimit:
type: object
required:
- overrideMode
properties:
overrideMode:
type: string
enum:
- prevent
- detect
- inactive
- inherited
default: inactive
rules:
type: array
items:
type: object
properties:
action: # currently not supported
type: string
enum:
- inherited
- prevent
- detect
default: inherited
condition: # currently not supported
type: array
items:
type: object
required:
- key
- value
properties:
key:
type: string
value:
type: string
uri:
type: string
limit:
type: integer
unit:
type: string
enum:
- minute
- second
default: minute
triggers:
type: array
items:
type: string
comment:
type: string
customResponses:
type: array
items:
type: object
required:
- mode
properties:
appsecClassName:
type: string
name:
type: string
mode:
type: string
enum:
- block-page
- redirect
- response-code-only
default: response-code-only
messageTitle:
type: string
messageBody:
type: string
httpResponseCode:
type: integer
minimum: 100
maximum: 599
default: 403
redirectUrl:
type: string
redirectAddXEventId:
type: boolean
default: false
sourcesIdentifiers:
type: array
items:
type: object
required:
- sourcesIdentifiers
properties:
name:
type: string
sourcesIdentifiers:
type: array
items:
type: object
required:
- identifier
properties:
identifier:
type: string
enum:
- headerkey
- JWTKey
- cookie
- sourceip
- x-forwarded-for
default: sourceip
value:
type: array
items:
type: string
exceptions:
type: array
items:
type: object
required:
- action
- condition
properties:
appsecClassName:
type: string
name:
type: string
action:
type: string
enum:
- skip
- accept
- drop
- suppressLog
default: accept
condition:
type: array
items:
type: object
required:
- key
- value
properties:
key:
type: string
value:
type: string
trustedSources:
type: array
items:
type: object
required:
- minNumOfSources
- sourcesIdentifiers
properties:
appsecClassName:
type: string
name:
type: string
minNumOfSources:
type: integer
default: 3
sourcesIdentifiers:
type: array
items:
type: string
policyActivations:
type: array
items:
type: object
properties:
appsecClassName:
type: string
enabledPolicies:
type: array
items:
type: object
properties:
name:
type: string
hosts:
type: array
items:
type: string
required:
- hosts
required:
- enabledPolicies
additionalProperties: false
key: (string ,required) - The key to evaluate, such as sourceIP, countryCode, or URL. find full list .