@itentialopensource/adapter-imperva

{ "id": "@itentialopensource/adapter-imperva", "type": "Adapter", "export": "Imperva", "title": "Imperva", "src": "adapter.js", "roles": [ "admin" ], "methods": [ { "name": "iapUpdateAdapterConfiguration", "summary": "Updates the adapter configuration", "description": "Updates the adapter configuration file with the provided changes", "input": [ { "name": "configFile", "type": "string", "info": "The name of the file to change", "required": true, "schema": { "title": "configFile", "type": "string" } }, { "name": "changes", "type": "object", "info": "JSON object containing the configuration changes", "required": true, "schema": { "title": "changes", "type": "object" } }, { "name": "entity", "type": "string", "info": "The entity in which the changes are being made", "required": false, "schema": { "title": "entity", "type": "string" } }, { "name": "type", "type": "string", "info": "The type of file to change - action, schema, or mock", "required": false, "schema": { "title": "type", "type": "string" } }, { "name": "action", "type": "string", "info": "The action to be changed", "required": false, "schema": { "title": "action", "type": "string" } }, { "name": "replace", "type": "boolean", "info": "True to replace entire mock data, false to merge/append", "required": false, "schema": { "title": "replace", "type": "boolean" } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapUpdateAdapterConfiguration" }, "task": true }, { "name": "iapSuspendAdapter", "summary": "Suspends the adapter", "description": "Suspends the adapter", "input": [ { "name": "mode", "type": "enum", "enumerals": [ "pause", "error" ], "info": "How incoming requests are handled. Defaults to 'pause'", "description": "How incoming requests are handled. Defaults to 'pause'", "schema": { "title": "mode", "type": "string" }, "required": false } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing the adapter suspended status", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapSuspendAdapter" }, "task": true }, { "name": "iapUnsuspendAdapter", "summary": "Unsuspends the adapter", "description": "Unsuspends the adapter", "input": [], "output": { "name": "result", "type": "object", "description": "A JSON Object containing the adapter suspended status", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapUnsuspendAdapter" }, "task": true }, { "name": "iapGetAdapterQueue", "summary": "Return the requests that are waiting in the queue if throttling is enabled", "description": "Return the requests that are waiting in the queue if throttling is enabled", "input": [], "output": { "name": "result", "type": "object", "description": "A JSON Object containing the adapter queue", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapGetAdapterQueue" }, "task": true }, { "name": "iapFindAdapterPath", "summary": "Provides the ability to see if a particular API path is supported by the adapter", "description": "Provides the ability to see if a particular API path is supported by the adapter", "input": [ { "name": "apiPath", "type": "string", "info": "The API Path you want to check - make sure to not include base path and version", "description": "The API Path you want to check - make sure to not include base path and version", "schema": { "title": "apiPath", "type": "string" }, "required": true } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapFindAdapterPath" }, "task": true }, { "name": "iapTroubleshootAdapter", "summary": "Runs troubleshoot script for adapter", "description": "Runs troubleshoot script for adapter", "input": [ { "name": "props", "type": "object", "info": "Object containing configuration, healthcheck and auth properties {'connProps':{'host': 'api.service.com', 'base_path': '/', 'protocol': 'http', 'port': 443, 'version': 'v1'},'healthCheckEndpoint': '/healthcheck', 'auth': {'auth_method': 'no authentication', 'username': 'username', 'password': 'password'}}", "required": true, "schema": { "title": "props", "type": "object" } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing the test results", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapTroubleshootAdapter" }, "task": true }, { "name": "iapRunAdapterHealthcheck", "summary": "Runs healthcheck script for adapter", "description": "Runs healthcheck script for adapter", "input": [], "output": { "name": "result", "type": "boolean", "description": "Whether healthcheck passed or failed", "schema": { "title": "result", "type": "boolean" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapRunAdapterHealthcheck" }, "task": true }, { "name": "iapRunAdapterConnectivity", "summary": "Runs connectivity check script for adapter", "description": "Runs connectivity check script for adapter", "input": [], "output": { "name": "result", "type": "object", "description": "A JSON Object containing the test results", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapRunAdapterConnectivity" }, "task": true }, { "name": "iapRunAdapterBasicGet", "summary": "Runs basicGet script for adapter", "description": "Runs basicGet script for adapter", "input": [ { "name": "maxCalls", "required": false, "type": "number", "info": "How many GET endpoints to test (defaults to 5)", "schema": { "title": "maxCalls", "type": "number", "default": 5 } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing the test results", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapRunAdapterBasicGet" }, "task": true }, { "name": "iapMoveAdapterEntitiesToDB", "summary": "Moves entities from an adapter into the Itential Platform database", "description": "Moves entities from an adapter into the Itential Platform database", "input": [], "output": { "name": "res", "type": "object", "description": "A JSON Object containing status, code and the response from the mongo transaction", "schema": { "title": "res", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapMoveAdapterEntitiesToDB" }, "task": true }, { "name": "iapDeactivateTasks", "summary": "Deactivate the inputted tasks", "description": "Deactivate the inputted tasks", "input": [ { "name": "tasks", "type": "array", "description": "Tasks to deactivate", "schema": { "title": "tasks", "type": "array" } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing success status", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapDeactivateTasks" }, "task": true }, { "name": "iapActivateTasks", "summary": "Activate the inputted tasks", "description": "activate the inputted tasks", "input": [ { "name": "tasks", "type": "array", "description": "Tasks to activate", "schema": { "title": "tasks", "type": "array" } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing success status", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapActivateTasks" }, "task": true }, { "name": "iapPopulateEntityCache", "summary": "Populate the cache for the given entities", "description": "Populate the cache for the given entities", "input": [ { "name": "entityTypes", "type": "array", "info": "the entity type(s) to populate", "required": true, "schema": { "title": "entityTypes", "type": "array" } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapPopulateEntityCache" }, "task": true }, { "name": "iapRetrieveEntitiesCache", "summary": "Retrieves data from cache for specified entity type", "description": "Retrieves data from cache for specified entity type", "input": [ { "name": "entityType", "type": "string", "info": "entity of which to retrieve", "required": true, "schema": { "title": "entityType", "type": "string" } }, { "name": "options", "type": "object", "info": "settings of which data to return and how to return it", "required": false, "schema": { "title": "options", "type": "object" } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapRetrieveEntitiesCache" }, "task": true }, { "name": "getDevice", "summary": "Get the Appliance", "description": "Get the Appliance", "input": [ { "name": "deviceName", "type": "string", "info": "An Appliance Device Name", "required": true, "schema": { "title": "deviceName", "type": "string" } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/getDevice" }, "task": false }, { "name": "getDevicesFiltered", "summary": "Get Appliances that match the filter", "description": "Get Appliances that match the filter", "input": [ { "name": "options", "type": "object", "info": "options - e.g. { 'start': 1, 'limit': 20, 'filter': { 'name': 'abc123' } }", "required": true, "schema": { "title": "options", "type": "object" } } ], "output": { "name": "result", "type": "array", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "array" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/getDevicesFiltered" }, "task": false }, { "name": "isAlive", "summary": "Checks the status for the provided Appliance", "description": "Checks the status for the provided Appliance", "input": [ { "name": "deviceName", "type": "string", "info": "An Appliance Device Name", "required": true, "schema": { "title": "deviceName", "type": "string" } } ], "output": { "name": "result", "type": "boolean", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "boolean" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/isAlive" }, "task": false }, { "name": "getConfig", "summary": "Gets a config for the provided Appliance", "description": "Gets a config for the provided Appliance", "input": [ { "name": "deviceName", "type": "string", "info": "An Appliance Device Name", "required": true, "schema": { "title": "deviceName", "type": "string" } }, { "name": "format", "type": "string", "info": "The format to be returned - this is ignored as we always return json", "required": false, "schema": { "title": "format", "type": "string" } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/getConfig" }, "task": false }, { "name": "iapGetDeviceCount", "summary": "Gets a device count from the system", "description": "Gets a device count from the system", "input": [], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapGetDeviceCount" }, "task": false }, { "name": "iapExpandedGenericAdapterRequest", "summary": "Makes the requested generic call with additional options", "description": "Makes the requested generic call with additional options via metadata", "input": [ { "name": "metadata", "type": "object", "info": "metadata for the call (optional)", "description": "metadata for the call - allows for many enhancements (optional)", "schema": { "title": "metadata", "type": "object" }, "required": false }, { "name": "uriPath", "type": "string", "info": "the path of the api call - do not include the host, port, base path or version", "description": "the path of the api call", "schema": { "title": "uriPath", "type": "string" }, "required": false }, { "name": "restMethod", "type": "string", "info": "the rest method (GET, POST, PUT, PATCH, DELETE)", "description": "the rest method (GET, POST, PUT, PATCH, DELETE)", "schema": { "title": "restMethod", "type": "string" }, "required": false }, { "name": "pathVars", "type": "object", "info": "the parameters to be put within the url path (optional)", "description": "the parameters to be put within the url path (optional)", "schema": { "title": "pathVars", "type": "object" }, "required": false }, { "name": "queryData", "type": "object", "info": "the query parameters to be put on the url (optional)", "description": "the query parameters to be put on the url (optional)", "schema": { "title": "queryData", "type": "object" }, "required": false }, { "name": "requestBody", "type": "object", "info": "the payload to be sent with the request (optional)", "description": "the payload to be sent with the request (optional)", "schema": { "title": "requestBody", "type": "object" }, "required": false }, { "name": "addlHeaders", "type": "object", "info": "additional headers to be put on the call (optional)", "description": "additional headers to be put on the call (optional)", "schema": { "title": "addlHeaders", "type": "object" }, "required": false } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/iapExpandedGenericAdapterRequest" }, "task": true }, { "name": "genericAdapterRequest", "summary": "Makes the requested generic call", "description": "Makes the requested generic call", "input": [ { "name": "uriPath", "type": "string", "info": "the path of the api call - do not include the host, port, base path or version", "description": "the path of the api call", "schema": { "title": "uriPath", "type": "string" }, "required": true }, { "name": "restMethod", "type": "string", "info": "the rest method (GET, POST, PUT, PATCH, DELETE)", "description": "the rest method (GET, POST, PUT, PATCH, DELETE)", "schema": { "title": "restMethod", "type": "string" }, "required": true }, { "name": "queryData", "type": "object", "info": "the query parameters to be put on the url (optional)", "description": "the query parameters to be put on the url (optional)", "schema": { "title": "queryData", "type": "object" }, "required": false }, { "name": "requestBody", "type": "object", "info": "the payload to be sent with the request (optional)", "description": "the payload to be sent with the request (optional)", "schema": { "title": "requestBody", "type": "object" }, "required": false }, { "name": "addlHeaders", "type": "object", "info": "additional headers to be put on the call (optional)", "description": "additional headers to be put on the call (optional)", "schema": { "title": "addlHeaders", "type": "object" }, "required": false } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/genericAdapterRequest" }, "task": true }, { "name": "genericAdapterRequestNoBasePath", "summary": "Makes the requested generic call", "description": "Makes the requested generic call", "input": [ { "name": "uriPath", "type": "string", "info": "the path of the api call - do not include the host, port, base path or version", "description": "the path of the api call", "schema": { "title": "uriPath", "type": "string" }, "required": true }, { "name": "restMethod", "type": "string", "info": "the rest method (GET, POST, PUT, PATCH, DELETE)", "description": "the rest method (GET, POST, PUT, PATCH, DELETE)", "schema": { "title": "restMethod", "type": "string" }, "required": true }, { "name": "queryData", "type": "object", "info": "the query parameters to be put on the url (optional)", "description": "the query parameters to be put on the url (optional)", "schema": { "title": "queryData", "type": "object" }, "required": false }, { "name": "requestBody", "type": "object", "info": "the payload to be sent with the request (optional)", "description": "the payload to be sent with the request (optional)", "schema": { "title": "requestBody", "type": "object" }, "required": false }, { "name": "addlHeaders", "type": "object", "info": "additional headers to be put on the call (optional)", "description": "additional headers to be put on the call (optional)", "schema": { "title": "addlHeaders", "type": "object" }, "required": false } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/genericAdapterRequestNoBasePath" }, "task": true }, { "name": "iapRunAdapterLint", "summary": "Run the adapter lint script to return the results", "description": "Run the adapter lint script to return the results", "input": [], "output": { "name": "result", "type": "string", "description": "A string containing the run results", "schema": { "title": "result", "type": "string" } }, "roles": [ "admin" ], "route": { "verb": "GET", "path": "/iapRunAdapterLint" }, "task": true }, { "name": "iapRunAdapterTests", "summary": "Run the adapter test scripts (baseunit and unit) to return the results", "description": "Run the adapter test scripts (baseunit and unit) to return the results", "input": [], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "GET", "path": "/iapRunAdapterTests" }, "task": true }, { "name": "iapGetAdapterInventory", "summary": "Provide inventory information abbout the adapter", "description": "Provide inventory information abbout the adapter", "input": [], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "GET", "path": "/iapGetAdapterInventory" }, "task": true }, { "name": "postSitesSiteIdRules", "summary": "Create rule", "description": "Create rule", "input": [ { "name": "siteId", "type": "number", "info": "Site id: 123", "required": true, "schema": { "title": "siteId", "type": "number" } }, { "name": "rule", "type": "object", "info": "The rule to create: {\"rule_id\": 123, \"name\": \"string\", \"action\": \"Must be one of [RULE_ACTION_REDIRECT, RULE_ACTION_SIMPLIFIED_REDIRECT, RULE_ACTION_REWRITE_URL, RULE_ACTION_REWRITE_HEADER, RULE_ACTION_REWRITE_COOKIE, RULE_ACTION_DELETE_HEADER, RULE_ACTION_DELETE_COOKIE, RULE_ACTION_RESPONSE_REWRITE_HEADER, RULE_ACTION_RESPONSE_DELETE_HEADER, RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE, RULE_ACTION_FORWARD_TO_DC, RULE_ACTION_FORWARD_TO_PORT, RULE_ACTION_ALERT, RULE_ACTION_BLOCK, RULE_ACTION_BLOCK_USER, RULE_ACTION_BLOCK_IP, RULE_ACTION_RETRY, RULE_ACTION_INTRUSIVE_HTML, RULE_ACTION_CAPTCHA, RULE_ACTION_RATE, RULE_ACTION_CUSTOM_ERROR_RESPONSE, RULE_ACTION_WAF_OVERRIDE]\", \"filter\": \"string\", \"response_code\": 123, \"add_missing\": \"boolean\", \"from\": \"string\", \"to\": \"string\", \"rewrite_name\": \"string\", \"dc_id\": 123, \"port_forwarding_context\": \"string\", \"port_forwarding_value\": \"string\", \"rate_context\": \"Must be one of [IP, Session]\", \"rate_interval\": 123, \"error_type\": \"Must be one of [error.type.all, error.type.connection_timeout, error.type.access_denied, error.type.parse_req_error, error.type.parse_resp_error, error.type.connection_failed, error.type.deny_and_retry, error.type.ssl_failed, error.type.deny_and_captcha, error.type.2fa_required, error.type.no_ssl_config, error.type.no_ipv6_config]\", \"error_response_format\": \"Must be one of [json, xml]\", \"error_response_data\": \"string\", \"multiple_deletions\": \"boolean\", \"overrideWafRule\": \"string\", \"overrideWafAction\": \"string\"}", "required": true, "schema": { "type": "object", "properties": { "rule_id": { "type": "integer", "description": "Numeric identifier of the rule to operate on" }, "name": { "type": "string", "description": "Rule name" }, "action": { "type": "string", "enum": [ "RULE_ACTION_REDIRECT", "RULE_ACTION_SIMPLIFIED_REDIRECT", "RULE_ACTION_REWRITE_URL", "RULE_ACTION_REWRITE_HEADER", "RULE_ACTION_REWRITE_COOKIE", "RULE_ACTION_DELETE_HEADER", "RULE_ACTION_DELETE_COOKIE", "RULE_ACTION_RESPONSE_REWRITE_HEADER", "RULE_ACTION_RESPONSE_DELETE_HEADER", "RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE", "RULE_ACTION_FORWARD_TO_DC", "RULE_ACTION_FORWARD_TO_PORT", "RULE_ACTION_ALERT", "RULE_ACTION_BLOCK", "RULE_ACTION_BLOCK_USER", "RULE_ACTION_BLOCK_IP", "RULE_ACTION_RETRY", "RULE_ACTION_INTRUSIVE_HTML", "RULE_ACTION_CAPTCHA", "RULE_ACTION_RATE", "RULE_ACTION_CUSTOM_ERROR_RESPONSE", "RULE_ACTION_WAF_OVERRIDE" ], "description": "Rule action.\n * RULE_ACTION_REDIRECT - Redirect rule. Redirect the client to a different URL, responding with a 30X response.\n * RULE_ACTION_SIMPLIFIED_REDIRECT - Redirect the client to a different URL using restricted redirect settings.\n * RULE_ACTION_REWRITE_URL - Redirect rule. Modify the path to which a specific request is targeted.\n * RULE_ACTION_REWRITE_HEADER - Redirect rule. Modify or add a request header before passing traffic to the origin server.\n * RULE_ACTION_REWRITE_COOKIE - Redirect rule. Allows the modification and addition of cookies that are sent by the client to the origin server. The cookie name and value should be indicated.\n * RULE_ACTION_DELETE_HEADER - Redirect rule. Remove a specific request header, which means that it won’t be sent to the origin server.\n * RULE_ACTION_DELETE_COOKIE - Redirect rule. Allows the removal a specific cookie set on the client, which means that it won’t be sent to the origin server.\n * RULE_ACTION_RESPONSE_REWRITE_HEADER - Redirect rule. Modify or add a response header before passing traffic by the origin server to the client.\n * RULE_ACTION_RESPONSE_DELETE_HEADER - Redirect rule. Remove a specific response header, which means that it won’t be sent to the client.\n * RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE - Redirect rule. Modify the response status code before passing traffic by the origin server to the client.\n * RULE_ACTION_FORWARD_TO_DC - Redirect rule. Used to define the data center to which a specific request will be sent.\n * RULE_ACTION_FORWARD_TO_PORT - Redirect rule. Used to define the port to which a specific request will be sent.\n * RULE_ACTION_ALERT - Security rule. Generate a non blocking alert for this event.\n * RULE_ACTION_BLOCK - Security rule. Block the current request and generate an alert for this event.\n * RULE_ACTION_BLOCK_USER - Security rule. Block the current session and generate an alert for this event. Any subsequent request from the same Session will be blocked.\n * RULE_ACTION_BLOCK_IP - Security rule. Block the current IP and generate an alert for this event. Any subsequent request from the same IP will be blocked for a period of 10 minutes.\n * RULE_ACTION_RETRY - Security rule. Require any client matching the rule filters to support cookies in order to complete the request.\n * RULE_ACTION_INTRUSIVE_HTML - Security rule. Require any client matching the rule filters to support javascript in order to complete the request. Since the Javascript test is embedded in an HTML page, this action should only be enabled for HTML resources.\n * RULE_ACTION_CAPTCHA - Security rule. Require any client matching the rule filters to pass a CAPTCHA test in order to complete the request. Since the CAPTCHA test is embedded in an HTML page, this action should only be enabled for HTML resources.\n * RULE_ACTION_RATE - Count the number of requests received that match the rule filter.\n * RULE_ACTION_CUSTOM_ERROR_RESPONSE - Replace default error response & error code with custom ones. Once blocked a rule that matches the provided filter & error type will return a custom error & error code.\n * RULE_ACTION_WAF_OVERRIDE - Overrides the global WAF setting for a specific threat type.\n" }, "filter": { "type": "string", "description": "The filter defines the conditions that trigger the rule action. For action RULE_ACTION_SIMPLIFIED_REDIRECT filter is not relevant. For other actions, if left empty, the rule is always run." }, "response_code": { "type": "integer", "description": "For RULE_ACTION_REDIRECT or RULE_ACTION_SIMPLIFIED_REDIRECT rule's response code, valid values are 302, 301, 303, 307, 308. For RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE rule's response code, valid values are all 3-digits numbers. For RULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are [ 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 419, 420, 422, 423, 424, 500, 501, 502, 503, 504, 505, 507 ]" }, "add_missing": { "type": "boolean", "description": "Add cookie or header if it doesn't exist (Rewrite cookie rule only)" }, "from": { "type": "string", "description": "Pattern to rewrite. For RULE_ACTION_REWRITE_URL - Url to rewrite. For RULE_ACTION_REWRITE_HEADER/RULE_ACTION_RESPONSE_REWRITE_HEADER - Header value to rewrite. For RULE_ACTION_REWRITE_COOKIE - Cookie value to rewrite" }, "to": { "type": "string", "description": "Pattern to change to. RULE_ACTION_REWRITE_URL - Url to change to. RULE_ACTION_REWRITE_HEADER/RULE_ACTION_RESPONSE_REWRITE_HEADER - Header value to change to. RULE_ACTION_REWRITE_COOKIE - Cookie value to change to" }, "rewrite_name": { "type": "string", "description": "Name of cookie or header to rewrite. Applies only for RULE_ACTION_REWRITE_COOKIE, RULE_ACTION_REWRITE_HEADER and RULE_ACTION_RESPONSE_REWRITE_HEADER" }, "dc_id": { "type": "integer", "description": "Data center to forward request to. Applies only for RULE_ACTION_FORWARD_TO_DC" }, "port_forwarding_context": { "type": "string", "description": "Context for port forwarding. \"Use Port Value\" or \"Use Header Name\". Applies only for RULE_ACTION_FORWARD_TO_PORT" }, "port_forwarding_value": { "type": "string", "description": "Port number or header name for port forwarding. Applies only for RULE_ACTION_FORWARD_TO_PORT" }, "rate_context": { "type": "string", "description": "The context of the rate counter. Possible values IP or Session. Applies only to rules using RULE_ACTION_RATE.", "enum": [ "IP", "Session" ] }, "rate_interval": { "type": "integer", "description": "The interval in seconds of the rate counter. Possible values is a multiple of 10 minimum 10 maximum 300. Applies only to rules using RULE_ACTION_RATE." }, "error_type": { "type": "string", "description": "The error that triggers the rule. error.type.all triggers the rule regardless of the error type. Applies only for RULE_ACTION_CUSTOM_ERROR_RESPONSE", "enum": [ "error.type.all", "error.type.connection_timeout", "error.type.access_denied", "error.type.parse_req_error", "error.type.parse_resp_error", "error.type.connection_failed", "error.type.deny_and_retry", "error.type.ssl_failed", "error.type.deny_and_captcha", "error.type.2fa_required", "error.type.no_ssl_config", "error.type.no_ipv6_config" ] }, "error_response_format": { "type": "string", "description": "The format of the given error response in the error_response_data field. Applies only for RULE_ACTION_CUSTOM_ERROR_RESPONSE", "enum": [ "json", "xml" ] }, "error_response_data": { "type": "string", "description": "The response returned when the request matches the filter and is blocked. Applies only for RULE_ACTION_CUSTOM_ERROR_RESPONSE", "example": { "incidentId": "$INCIDENT_ID$", "hostName": "$HOST_NAME$", "errorCode": "$RR_CODE$", "description": "$RR_DESCRIPTION$", "timeUtc": "$TIME_UTC$", "clientIp": "$CLIENT_IP$", "proxyId": "$PROXY_ID$", "proxyIp": "$PROXY_IP$" } }, "multiple_deletions": { "type": "boolean", "description": "Delete multiple header occurrences. Applies only to rules using RULE_ACTION_DELETE_HEADER and RULE_ACTION_RESPONSE_DELETE_HEADER" }, "overrideWafRule": { "type": "string", "description": "The setting to override. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access" }, "overrideWafAction": { "type": "string", "description": "The action for the override rule. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore" } }, "example": { "name": "rule name", "action": "RULE_ACTION_ALERT", "filter": "ASN == 1" } } } ], "output": { "name": "result", "type": "object", "description": "A JSON Object containing status, code and the result", "schema": { "title": "result", "type": "object" } }, "roles": [ "admin" ], "route": { "verb": "POST", "path": "/postSitesSiteIdRules" }, "task": true }, { "name": "putSitesSiteIdRulesRuleId", "summary": "Overwrite rule - must contain valid rule id", "description": "Overwrite rule", "input": [ { "name": "siteId", "type": "number", "info": "Numeric identifier of the site to operate on: 123", "required": true, "schema": { "title": "siteId", "type": "number" } }, { "name": "ruleId", "type": "number", "info": "Numeric identifier of the rule to operate on: 123", "required": true, "schema": { "title": "ruleId", "type": "number" } }, { "name": "rule", "type": "object", "info": "The rule to overwrite: {\"rule_id\": 123, \"name\": \"string\", \"action\": \"Must be one of [RULE_ACTION_REDIRECT, RULE_ACTION_SIMPLIFIED_REDIRECT, RULE_ACTION_REWRITE_URL, RULE_ACTION_REWRITE_HEADER, RULE_ACTION_REWRITE_COOKIE, RULE_ACTION_DELETE_HEADER, RULE_ACTION_DELETE_COOKIE, RULE_ACTION_RESPONSE_REWRITE_HEADER, RULE_ACTION_RESPONSE_DELETE_HEADER, RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE, RULE_ACTION_FORWARD_TO_DC, RULE_ACTION_FORWARD_TO_PORT, RULE_ACTION_ALERT, RULE_ACTION_BLOCK, RULE_ACTION_BLOCK_USER, RULE_ACTION_BLOCK_IP, RULE_ACTION_RETRY, RULE_ACTION_INTRUSIVE_HTML, RULE_ACTION_CAPTCHA, RULE_ACTION_RATE, RULE_ACTION_CUSTOM_ERROR_RESPONSE, RULE_ACTION_WAF_OVERRIDE]\", \"filter\": \"string\", \"response_code\": 123, \"add_missing\": \"boolean\", \"from\": \"string\", \"to\": \"string\", \"rewrite_name\": \"string\", \"dc_id\": 123, \"port_forwarding_context\": \"string\", \"port_forwarding_value\": \"string\", \"rate_context\": \"Must be one of [IP, Session]\", \"rate_interval\": 123, \"error_type\": \"Must be one of [error.type.all, error.type.connection_timeout, error.type.access_denied, error.type.parse_req_error, error.type.parse_resp_error, error.type.connection_failed, error.type.deny_and_retry, error.type.ssl_failed, error.type.deny_and_captcha, error.type.2fa_required, error.type.no_ssl_config, error.type.no_ipv6_config]\", \"error_response_format\": \"Must be one of [json, xml]\", \"error_response_data\": \"string\", \"multiple_deletions\": \"boolean\", \"overrideWafRule\": \"string\", \"overrideWafAction\": \"string\"}", "required": true, "schema": { "type": "object", "properties": { "rule_id": { "type": "integer", "description": "Numeric identifier of the rule to operate on" }, "name": { "type": "string", "description": "Rule name" }, "action": { "type": "string", "enum": [ "RULE_ACTION_REDIRECT", "RULE_ACTION_SIMPLIFIED_REDIRECT", "RULE_ACTION_REWRITE_URL", "RULE_ACTION_REWRITE_HEADER", "RULE_ACTION_REWRITE_COOKIE", "RULE_ACTION_DELETE_HEADER", "RULE_ACTION_DELETE_COOKIE", "RULE_ACTION_RESPONSE_REWRITE_HEADER", "RULE_ACTION_RESPONSE_DELETE_HEADER", "RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE", "RULE_ACTION_FORWARD_TO_DC", "RULE_ACTION_FORWARD_TO_PORT", "RULE_ACTION_ALERT", "RULE_ACTION_BLOCK", "RULE_ACTION_BLOCK_USER", "RULE_ACTION_BLOCK_IP", "RULE_ACTION_RETRY", "RULE_ACTION_INTRUSIVE_HTML", "RULE_ACTION_CAPTCHA", "RULE_ACTION_RATE", "RULE_ACTION_CUSTOM_ERROR_RESPONSE", "RULE_ACTION_WAF_OVERRIDE" ], "description": "Rule action.\n * RULE_ACTION_REDIRECT - Redirect rule. Redirect the client to a different URL, responding with a 30X response.\n * RULE_ACTION_SIMPLIFIED_REDIRECT - Redirect the client to a different URL using restricted redirect settings.\n * RULE_ACTION_REWRITE_URL - Redirect rule. Modify the path to which a specific request is targeted.\n * RULE_ACTION_REWRITE_HEADER - Redirect rule. Modify or add a request header before passing traffic to the origin server.\n * RULE_ACTION_REWRITE_COOKIE - Redirect rule. Allows the modification and addition of cookies that are sent by the client to the origin server. The cookie name and value should be indicated.\n * RULE_ACTION_DELETE_HEADER - Redirect rule. Remove a specific request header, which means that it won’t be sent to the origin server.\n * RULE_ACTION_DELETE_COOKIE - Redirect rule. Allows the removal a specific cookie set on the client, which means that it won’t be sent to the origin server.\n * RULE_ACTION_RESPONSE_REWRITE_HEADER - Redirect rule. Modify or add a response header before passing traffic by the origin server to the client.\n * RULE_ACTION_RESPONSE_DELETE_HEADER - Redirect rule. Remove a specific response header, which means that it won’t be sent to the client.\n * RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE - Redirect rule. Modify the response status code before passing traffic by the origin server to the client.\n * RULE_ACTION_FORWARD_TO_DC - Redirect rule. Used to define the data center to which a specific request will be sent.\n * RULE_ACTION_FORWARD_TO_PORT - Redirect rule. Used to define the port to which a specific request will be sent.\n * RULE_ACTION_ALERT - Security rule. Generate a non blocking alert for this event.\n * RULE_ACTION_BLOCK - Security rule. Block the current request and generate an alert for this event.\n * RULE_ACTION_BLOCK_USER - Security rule. Block the current session and generate an alert for this event. Any subsequent request from the same Session will be blocked.\n * RULE_ACTION_BLOCK_IP - Security rule. Block the current IP and generate an alert for this event. Any subsequent request from the same IP will be blocked for a period of 10 minutes.\n * RULE_ACTION_RETRY - Security rule. Require any client matching the rule filters to support cookies in order to complete the request.\n * RULE_ACTION_INTRUSIVE_HTML - Security rule. Require any client matching the rule filters to support javascript in order to complete the request. Since the Javascript test is embedded in an HTML page, this action should only be enabled for HTML resources.\n * RULE_ACTION_CAPTCHA - Security rule. Require any client matching the rule filters to pass a CAPTCHA test in order to complete the request. Since the CAPTCHA test is embedded in an HTML page, this action should only be enabled for HTML resources.\n * RULE_ACTION_RATE - Count the number of requests received that match the rule filter.\n * RULE_ACTION_CUSTOM_ERROR_RESPONSE - Replace default error response & error code with custom ones. Once blocked a rule that matches the provided filter & error type will return a custom error & error code.\n * RULE_ACTION_WAF_OVERRIDE - Overrides the global WAF setting for a specific threat type.\n" }, "filter": { "type": "string", "description": "The filter defines the conditions that trigger the rule action. For action RULE_ACTION_SIMPLIFIED_REDIRECT filter is not relevant. For other actions, if left empty, the rule is always run." }, "response_code": { "type": "integer", "description": "For RULE_ACTION_REDIRECT or RULE_ACTION_SIMPLIFIED_REDIRECT rule's response code, valid values are 302, 301, 303, 307, 308. For RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE rule's response code, valid values are all 3-digits numbers. For RULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are [ 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 419, 420, 422, 423, 424, 500, 501, 502, 503, 504, 505, 507 ]" }, "add_missing": { "type": "boolean", "description": "Add cookie or header if it doesn't exist (Rewrite cookie rule only)" }, "from": { "type": "string", "description": "Pattern to rewrite. For RULE_ACTION_REWRITE_URL - Url to rewrite. For RULE_ACTION_REWRITE_HEADER/RULE_ACTION_RESPONSE_REWRITE_HEADER - Header value to rewrite. For RULE_ACTION_REWRITE_COOKIE - Cookie value to rewrite" }, "to": { "type": "string", "description": "Pattern to change to. RULE_ACTION_REWRITE_URL - Url to change to. RULE_ACTION_REWRITE_HEADER/RULE_ACTION_RESPONSE_REWRITE_HEADER - Header value to change to. RULE_ACTION_REWRITE_COOKIE - Cookie value to change to" }, "rewrite_name": { "type": "string", "description": "Name of cookie or header to rewrite. Applies only for RULE_ACTION_REWRITE_COOKIE, RULE_ACTION_REWRITE_HEADER and RULE_ACTION_RESPONSE_REWRITE_HEADER" }, "dc_id": { "type": "integer", "description": "Data center to forward request to. Applies only for RULE_ACTION_FORWARD_TO_DC" }, "port_forwarding_context": { "type": "string", "description": "Context for port forwarding. \"Use Port Value\" or \"Use Header Name\". Applies only for RULE_ACTION_FORWARD_TO_PORT" }, "port_forwarding_value": { "type": "string", "description": "Port number or header name for port forwarding. Applies only for RULE_ACTION_FORWARD_TO_PORT" }, "rate_context": { "