Documentation
¶
Overview ¶
Package waf provides an API for managing Web Application Firewall for the EdgeCast CDN. WAF provides a layer of security between security threats and your external web infrastructure.
The Web Application Firewall (WAF) service provides a layer of security between many security threats and your external web infrastructure. Our WAF increases security by monitoring, detecting, and preventing application layer attacks. It inspects inbound HTTP/HTTPS traffic against reactive and proactive security policies and blocks malicious activity in-band and on a real-time basis.
For more information about WAF, refer to: https://docs.edgecast.com/cdn/index.html#HTTP_and_HTTPS_Data_Delivery/WAF/Introduction.htm
For API documentation, refer to: https://developer.edgecast.com/cdn/api/index.html#Media_Management/Web-Security/Web-Security.htm
Index ¶
- func CheckRetryScopes(ctx context.Context, resp *http.Response, err error) (bool, error)
- type AccessControls
- type AccessRule
- type AccessRuleByID
- type AccessRuleLight
- type Action
- type AddCustomRuleSetResponse
- type AddManagedRuleRequest
- type AddManagedRuleResponse
- type AddRateRuleResponse
- type AddRuleResponse
- type AuditAction
- type ChainedRule
- type Condition
- type ConditionGroup
- type CustomRuleSetDetail
- type CustomRuleSetLight
- type DeleteCustomRuleSetResponse
- type DeleteManagedRuleResponse
- type DeleteRuleResponse
- type Directive
- type DisabledRule
- type GeneralSettings
- type GetAllManagedRulesResponse
- type GetCustomRuleSetResponse
- type GetManagedRuleResponse
- type GetRateRuleResponse
- type Limit
- type LimitAction
- type ManagedRule
- type ManagedRuleGet
- type ManagedRules
- type Match
- type MatchCondition
- type ModifyAllScopesResponse
- type OP
- type Operator
- type ProdAction
- type RateRule
- type RateRuleLight
- type Rule
- type RuleTargetUpdate
- type Scope
- type Scopes
- type SecRule
- type Target
- type UpdateCustomRuleSetRequest
- type UpdateCustomRuleSetResponse
- type UpdateManagedRuleRequest
- type UpdateManagedRuleResponse
- type UpdateRuleResponse
- type Variable
- type WAFError
- type WAFResponse
- type WAFService
- func (svc *WAFService) AddAccessRule(accessRule AccessRule) (*AddRuleResponse, error)
- func (svc *WAFService) AddCustomRuleSet(customRuleSet CustomRuleSetDetail, accountNumber string) (*AddCustomRuleSetResponse, error)
- func (svc *WAFService) AddManagedRule(managedRule AddManagedRuleRequest, accountNumber string) (*AddManagedRuleResponse, error)
- func (svc *WAFService) AddRateRule(rule RateRule) (*AddRateRuleResponse, error)
- func (svc *WAFService) DeleteAccessRuleByID(accountNumber string, ID string) (*DeleteRuleResponse, error)
- func (svc *WAFService) DeleteCustomRuleSet(accountNumber string, customRuleID string) (*DeleteCustomRuleSetResponse, error)
- func (svc *WAFService) DeleteManagedRule(accountNumber string, managedRuleID string) (*DeleteManagedRuleResponse, error)
- func (svc *WAFService) DeleteRateRuleByID(accountNumber string, ID string) (*DeleteRuleResponse, error)
- func (svc *WAFService) GetAccessRuleByID(accountNumber string, ID string) (*AccessRuleByID, error)
- func (svc *WAFService) GetAllAccessRules(accountNumber string) ([]AccessRuleLight, error)
- func (svc *WAFService) GetAllCustomRuleSets(accountNumber string) ([]CustomRuleSetLight, error)
- func (svc *WAFService) GetAllManagedRules(accountNumber string) ([]GetAllManagedRulesResponse, error)
- func (svc *WAFService) GetAllRateRules(accountNumber string) ([]RateRuleLight, error)
- func (svc *WAFService) GetAllScopes(accountNumber string) (*Scopes, error)
- func (svc *WAFService) GetCustomRuleSet(accountNumber string, customRuleID string) (*GetCustomRuleSetResponse, error)
- func (svc *WAFService) GetManagedRule(accountNumber string, managedRuleID string) (*GetManagedRuleResponse, error)
- func (svc *WAFService) GetRateRule(customerID string, ruleID string) (*GetRateRuleResponse, error)
- func (svc *WAFService) ModifyAllScopes(scopes Scopes) (*ModifyAllScopesResponse, error)
- func (svc *WAFService) UpdateAccessRule(accessRule AccessRule, ID string) (*UpdateRuleResponse, error)
- func (svc *WAFService) UpdateCustomRuleSet(accountNumber string, ID string, customRuleSet UpdateCustomRuleSetRequest) (*UpdateCustomRuleSetResponse, error)
- func (svc *WAFService) UpdateManagedRule(accountNumber string, managedRuleID string, ...) (*UpdateManagedRuleResponse, error)
- func (svc *WAFService) UpdateRateRule(rule RateRule, ruleID string) (*UpdateRuleResponse, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AccessControls ¶
type AccessControls struct {
// Contains entries that identify traffic that may access your content upon passing a threat assessment.
Accesslist []interface{} `json:"accesslist"`
// Contains entries that identify traffic that will be blocked or for which an alert will be generated.
Blacklist []interface{} `json:"blacklist"`
// Contains entries that identify traffic that may access your content without undergoing threat assessment.
Whitelist []interface{} `json:"whitelist"`
}
AccessControls contains lists that identify traffic for access control
type AccessRule ¶
type AccessRule struct {
// Identifies each allowed HTTP method (e.g., GET).
AllowedHTTPMethods []string `json:"allowed_http_methods,omitempty"`
// Identifies each allowed media type (e.g., application/json).
AllowedRequestContentTypes []string `json:"allowed_request_content_types,omitempty"`
// Contains access controls for autonomous system numbers (ASNs).
// All entries are integer values.
ASNAccessControls *AccessControls `json:"asn,omitempty"`
// Contains access controls for cookies.
// All entries are regular expressions.
CookieAccessControls *AccessControls `json:"cookie,omitempty"`
// Contains access controls for countries.
// Specify each desired country using its country code.
CountryAccessControls *AccessControls `json:"country,omitempty"`
// Identifies an account by its customer account number.
CustomerID string `json:"customer_id"`
// Indicates each file extension for which WAF will send an alert or block the request.
DisallowedExtensions []string `json:"disallowed_extensions,omitempty"`
// Indicates each request header for which WAF will send an alert or block the request.
DisallowedHeaders []string `json:"disallowed_headers,omitempty"`
// Contains access controls for IPv4 and/or IPv6 addresses.
// Specify each desired IP address using standard IPv4/IPv6 and CIDR notation.
IPAccessControls *AccessControls `json:"ip,omitempty"`
// MaxFileSize Indicates the maximum file size, in bytes, for a POST request body.
MaxFileSize int `json:"max_file_size,omitempty"`
// Assigns a name to this access rule.
Name string `json:"name,omitempty"`
// Contains access controls for referrers.
// All entries are regular expressions.
RefererAccessControls *AccessControls `json:"referer,omitempty"`
// Determines the name of the response header that will be included with blocked requests.
ResponseHeaderName string `json:"response_header_name,omitempty"`
// Contains access controls for URL paths.
// All entries are regular expressions.
URLAccessControls *AccessControls `json:"url,omitempty"`
// Contains access controls for user agents.
// All entries are regular expressions.
UserAgentAccessControls *AccessControls `json:"user_agent,omitempty"`
}
AccessRule (ACL) identifies valid or malicious requests via whitelists, accesslists, and blacklists.
type AccessRuleByID ¶ added in v0.1.6
type AccessRuleByID struct {
ID string `json:"id"`
AccessRule
LastModifiedBy string `json:"last_modified_by"`
LastModifiedDate string `json:"last_modified_date"`
Version string `json:"version"`
}
AccessRuleByID contains detail of rules that identify traffic for access control.
type AccessRuleLight ¶ added in v0.1.6
type AccessRuleLight struct {
// Indicates the system-defined ID for the access rule.
ID string `json:"id"`
// Indicates the name of the access rule.
Name string `json:"name"`
// Indicates the date and time at which the access rule was last modified. TODO: Convert to time.Time .
LastModifiedDate string `json:"last_modified_date"`
}
AccessRuleLight contains basic information about an access rule
type Action ¶ added in v0.1.5
type Action struct {
/*
Determines the custom ID that will be assigned to this custom rule.
This custom ID is exposed via the Threats Dashboard.
Valid values fall within this range: 66000000 - 66999999
Note: This field is only applicable for the action object that
resides in the root of the sec_rule object.
Default Value: Random number
*/
ID string `json:"id,omitempty"`
/*
Determines the rule message that will be assigned to this custom rule.
This message is exposed via the Threats Dashboard.
Note: This field is only applicable for the action object that resides
in the root of the sec_rule object.
Default Value: Blank
*/
Message string `json:"msg,omitempty"`
/*
Determines the set of transformations that will be applied to the value
derived from the request element identified in a variable object
(i.e., source value).
Transformations are always applied to the source value, regardless of
the number of transformations that have been defined.
Valid values are:
NONE: Indicates that the source value should not be modified.
LOWERCASE: Indicates that the source value should be converted to
lowercase characters.
URLDECODE: Indicates that the source value should be URL decoded.
This transformation is useful when the source value has
been URL encoded twice.
REMOVENULLS: Indicates that null values should be removed from
the source value.
Note: A criterion is satisfied if the source value or any of the
modified string values meet the conditions defined by the operator object.
*/
Transformations []string `json:"t,omitempty"`
}
Action determines whether the value derived from the request element identified in a variable object will be transformed and the metadata that will be used to identify malicious traffic.
type AddCustomRuleSetResponse ¶ added in v0.1.7
type AddCustomRuleSetResponse struct {
AddRuleResponse
}
AddCustomRuleSetResponse represents the response from the WAF API when adding a new custom rule
type AddManagedRuleRequest ¶ added in v0.1.6
type AddManagedRuleRequest struct {
ManagedRule
}
Creates a managed rule that identifies a rule set configuration and describes a valid request.
type AddManagedRuleResponse ¶ added in v0.1.6
type AddManagedRuleResponse struct {
AddRuleResponse
}
Contains the response from the WAF API when adding a managed rule
type AddRateRuleResponse ¶ added in v0.1.6
type AddRateRuleResponse struct {
AddRuleResponse
}
type AddRuleResponse ¶
type AddRuleResponse struct {
// ID indicates the generated ID for the newly created Rule
ID string
WAFResponse
}
AddRuleResponse contains the response from the WAF API when adding a new rule
type AuditAction ¶ added in v0.1.7
type AuditAction struct {
// Reserved for future use. Leave blank for new AuditActions.
ID string `json:"id,omitempty"`
// Indicates the name assigned to this enforcement action configuration.
Name string `json:"name,omitempty"`
// Returns ALERT. This indicates that malicious traffic will be audited.
Type string `json:"enf_type"`
}
AuditAction describes the enforcement action that will be taken when a request violates the configuration defined by an Access, Managed, or Custom Rule.
type ChainedRule ¶ added in v0.1.5
type ChainedRule struct {
// Determines whether the string value derived from the request element
// identified in a variable object will be transformed and the metadata
// that will be used to identify malicious traffic.
Action Action `json:"action"`
// Indicates the comparison that will be performed on the string value(s)
// derived from the request element(s) defined within the variable array.
Operator Operator `json:"operator"`
// Identifies each request element for which a comparison will be made.
Variables []Variable `json:"variable"`
}
Each object within the chained_rule array describes an additional set of criteria that must be satisfied in order to identify a malicious request.
type Condition ¶
type Condition struct {
// Target describes the type of match condition
Target Target `json:"target"`
// OP describes a match condition
OP OP `json:"op"`
}
Condition to be associated with a Rate Rule
type ConditionGroup ¶
type ConditionGroup struct {
// Contains a list of match conditions
Conditions []Condition `json:"conditions"`
/*
Indicates the system-defined alphanumeric ID of a condition group.
Note: This is a read-only field that will be ignored by AddRateRule and UpdateRateRule
Example: 12345678-90ab-cdef-ghij-klmnopqrstuvwxyz1
*/
ID string `json:"id,omitempty"`
// Indicates the name of a condition group
Name string `json:"name,omitempty"`
}
ConditionGroup describes a set of conditions to be associated with a rule
func (ConditionGroup) MarshalJSON ¶ added in v0.1.6
func (cg ConditionGroup) MarshalJSON() ([]byte, error)
MarshalJSON marshals a ConditionGroup to JSON bytes while excluding read-only fields
type CustomRuleSetDetail ¶ added in v0.1.7
type CustomRuleSetDetail struct {
// Contains custom rules.
// Each directive object defines a custom rule via the sec_rule object.
// You may create up to 10 custom rules.
Directives []Directive `json:"directive"`
// Indicates the name of the custom rule.
Name string `json:"name,omitempty"`
}
CustomRuleSetDetail is a detailed representation of a custom rule set. A custom rule set defines custom threat assessment criteria.
type CustomRuleSetLight ¶ added in v0.1.7
type CustomRuleSetLight struct {
// Indicates the system-defined ID for the custom rule set.
ID string `json:"id"`
// Indicates the date and time at which the custom rule was last modified.
// Syntax:
// MM/DD/YYYYhh:mm:ss [AM|PM]
LastModifiedDate string `json:"last_modified_date"`
// Indicates the name of the custom rule set.
Name string `json:"name"`
}
CustomRuleSetLight is a lightweight representation of a Custom Rule Set
type DeleteCustomRuleSetResponse ¶ added in v0.1.7
type DeleteCustomRuleSetResponse struct {
// ID indicates the generated ID for the newly deleted Rule
ID string
WAFResponse
}
DeleteCustomRuleSetResponse represents the response from the WAF API when deleting a custom rule set
type DeleteManagedRuleResponse ¶ added in v0.1.8
type DeleteManagedRuleResponse struct {
DeleteRuleResponse
}
Contains the response from the WAF API when deleting a managed rule
type DeleteRuleResponse ¶ added in v0.1.6
type DeleteRuleResponse struct {
// ID indicates the generated ID for the newly created Rule
ID string
WAFResponse
}
DeleteRuleResponse contains the response from the WAF API when deleting a rule
type Directive ¶ added in v0.1.5
type Directive struct {
// Defines a custom rule
SecRule SecRule `json:"sec_rule"`
}
Contains custom rules. Each directive object defines a custom rule via the sec_rule object.
type DisabledRule ¶ added in v0.1.7
type DisabledRule struct {
// Identifies a policy from which a rule will be disabled by its system-defined ID.
PolicyID string `json:"policy_id"`
// Identifies a rule that will be disabled by its system-defined ID.
RuleID string `json:"rule_id"`
}
The DisabledRule object identifies a rule that has been disabled using the following properties
type GeneralSettings ¶ added in v0.1.6
type GeneralSettings struct {
// Indicates the anomaly score threshold.
AnomalyThreshold int `json:"anomaly_threshold"`
// Indicates the maximum number of characters for any single query string parameter value.
ArgLength int `json:"arg_length"`
// Indicates the maximum number of characters for any single query string parameter name.
ArgNameLength int `json:"arg_name_length"`
// Indicates the total file size for multipart message lengths.
CombinedFileSizes int `json:"combined_file_sizes"`
// Identifies each cookie that will be ignored for the purpose of determining whether a request is malicious traffic.
// Each element in this array defines a regular expression.
IgnoreCookie []string `json:"ignore_cookie"`
// Identifies each request header that will be ignored for the purpose of determining whether a request is malicious traffic.
// Each element in this array defines a regular expression.
IgnoreHeader []string `json:"ignore_header"`
// Identifies each query string argument that will be ignored for the purpose of determining whether a request is malicious traffic.
// Each element in this array defines a regular expression.
IgnoreQueryArgs []string `json:"ignore_query_args"`
// Determines whether JSON payloads will be inspected.
JsonParser bool `json:"json_parser"`
/* Indicates the maximum file size, in bytes, for a POST request body.
This property, which has undergone end-of-life, does not affect your security configuration.
Use the Add Access Rule (ACL) and the Update Access Rule (ACL) endpoints to manage this setting. */
MaxFileSize int `json:"max_file_size"`
// Indicates the maximum number of query string parameters.
MaxNumArgs int `json:"max_num_args"`
// Indicates the balance between the level of protection and false positives. Valid values are: 1 | 2 | 3 | 4
// Learn more at https://docs.edgecast.com/cdn/index.html#Web-Security/Managed-Rules.htm#RuleSet
ParanoiaLevel int `json:"paranoia_level"`
// Indicates whether WAF will inspect a POST request body.
ProcessRequestBody bool `json:"process_request_body"`
// Determines the name of the response header that will be included with blocked requests.
ResponseHeaderName string `json:"response_header_name"`
// Indicates the maximum number of characters for the query string value.
TotalArgLength int `json:"total_arg_length"`
// Indicates whether WAF may check whether a request variable (e.g., ARGS, ARGS_NAMES, and REQUEST_FILENAME) is a valid UTF-8 string.
// This validation includes checking for missing bytes, invalid characters, and ASCII to UTF-8 character mapping.
ValidateUtf8Encoding bool `json:"validate_utf8_encoding"`
// Determines whether XML payloads will be inspected.
XmlParser bool `json:"xml_parser"`
}
The GeneralSettings object describes a valid request using the below properties
type GetAllManagedRulesResponse ¶ added in v0.1.6
type GetAllManagedRulesResponse struct {
ManagedRules
}
Retrieves a list of managed rules (Profiles). A managed rule identifies a rule set configuration and describes a valid request.
type GetCustomRuleSetResponse ¶ added in v0.1.7
type GetCustomRuleSetResponse struct {
// ID indicates the generated ID for the newly deleted Rule
ID string
CustomRuleSetDetail
// Indicates the date and time at which the custom rule was last modified.
// Syntax:
// MM/DD/YYYYhh:mm:ss [AM|PM]
LastModifiedDate string `json:"last_modified_date"`
}
GetCustomRuleSetResponse represents the response from the WAF API when retrieving a custom rule set
type GetManagedRuleResponse ¶ added in v0.1.6
type GetManagedRuleResponse struct {
ManagedRuleGet
}
Retrieves a managed rule that identifies a rule set configuration and describes a valid request.
type GetRateRuleResponse ¶ added in v0.1.6
type GetRateRuleResponse struct {
RateRule
/*
Indicates the system-defined ID for the rate rule.
*/
ID string `json:"id"`
/*
Indicates the timestamp at which the rate rule was last modified.
Syntax:
YYYY-MM-DDThh:mm:ss:ffffffZ
*/
LastModifiedDate string `json:"last_modified_date"`
// LastModifiedBy is reserved for future use.
LastModifiedBy string `json:"last_modified_by,omitempty"`
// Version is reserved for future use.
Version string `json:"version,omitempty"`
}
type Limit ¶ added in v0.1.7
type Limit struct {
/*
Indicates the system-defined ID for the rate limit configuration
that will be applied to this Security Application Manager configuration.
*/
ID string `json:"id,omitempty"`
/*
Describes the action that will take place when the
rate rule identified by the id property is enforced.
*/
Action LimitAction `json:"action"`
}
Identifies a rate rule that will be enforced for a Security Application Manager configuration and the enforcement action that will be applied to rate limited requests.
type LimitAction ¶ added in v0.1.7
type LimitAction struct {
/*
Indicates the length of time, in seconds, that the action
defined within this object will be applied to a client that
violates the rate rule identified by the id property.
Valid values are:
10 | 60 | 300
*/
DurationSec int `json:"duration_sec"`
/*
Indicates the type of action that will be applied to rate limited
requests.
Valid values are:
ALERT: Alert Only
REDIRECT_302: Redirect (HTTP 302)
CUSTOM_RESPONSE: Custom Response
DROP_REQUEST: Drop Request (503 Service Unavailable response with a
retry-after of 10 seconds)
*/
ENFType string `json:"enf_type"`
/*
Indicates the name assigned to this enforcement action.
*/
Name string `json:"name"`
/*
Note: Only valid when ENFType is set to CUSTOM_RESPONSE
Indicates the response body that will be sent
to rate limited requests. This value is Base64 encoded.
*/
ResponseBodyBase64 *string `json:"response_body_base64,omitempty"`
/*
Note: Only valid when ENFType is set to CUSTOM_RESPONSE
Contains the set of headers that will be included in the response sent
to rate limited requests.
*/
ResponseHeaders *map[string]string `json:"response_headers,omitempty"`
/*
Note: Only valid when ENFType is set to CUSTOM_RESPONSE
Indicates the HTTP status code (e.g., 404) for the custom response sent
to rate limited requests.
*/
Status *int `json:"status,omitempty"`
/*
Note: Only valid when ENFType is set to REDIRECT_302
Indicates the URL to which rate limited requests will be redirected.
*/
URL *string `json:"url,omitempty"`
}
type ManagedRule ¶
type ManagedRule struct {
// Indicates the name of the managed rule.
Name string `json:"name"`
// Indicates the ID for the rule set associated with this managed rule.
RulesetID string `json:"ruleset_id"`
// Indicates the version of the rule set associated with this managed rule.
RulesetVersion string `json:"ruleset_version"`
// Contains all disabled rules.
DisabledRules []DisabledRule `json:"disabled_rules"`
// Contains settings that define the profile for a valid request.
GeneralSettings GeneralSettings `json:"general_settings"`
// Contains a list of policies that have been enabled on this managed rule.
// Available policies https://developer.edgecast.com/cdn/api/Content/Media_Management/WAF/Get-Available-Policies.htm
Policies []string `json:"policies"`
// Defines one or more targets that will be ignored and/or replaced. A maximum of 25 target configurations may be created.
RuleTargetUpdates []RuleTargetUpdate `json:"rule_target_updates"`
}
Base collection for Create, Get, Update actions on a single Managed Rule
type ManagedRuleGet ¶ added in v0.1.6
type ManagedRuleGet struct {
ManagedRule
// Indicates the date and time at which the managed rule was created. TODO: Convert to time.Time
CreatedDate string `json:"created_date"`
// Identifies your account by its customer account number.
CustomerID string `json:"customer_id"`
// Indicates the system-defined ID for the managed rule.
ID string `json:"id"`
// Indicates the date and time at which the managed rule was last modified. TODO: Convert to time.Time
LastModifiedDate string `json:"last_modified_date"`
// Reserved for future use.
LastModifiedBy string `json:"last_modified_by"`
// Reserved for future use.
Version string `json:"version"`
}
Collection used when retrieving a single Managed Rule
type ManagedRules ¶ added in v0.1.6
type ManagedRules struct {
// Indicates the name of the managed rule.
Name string `json:"name"`
// Indicates the ID for the rule set associated with this managed rule.
RulesetID string `json:"ruleset_id"`
// Indicates the version of the rule set associated with this managed rule.
RulesetVersion string `json:"ruleset_version"`
// Indicates the date and time at which the managed rule was created. TODO: Convert to time.Time .
CreatedDate string `json:"created_date"`
// Indicates the system-defined ID for the managed rule.
ID string `json:"id"`
// Indicates the date and time at which the managed rule was last modified. TODO: Convert to time.Time .
LastModifiedDate string `json:"last_modified_date"`
}
Used specifically for Get All Managed Rules
type Match ¶ added in v0.1.5
type Match struct {
/*
Determines whether this condition is satisfied when the request element
identified by the variable object is found or not found.
True: Not found
False: Found
*/
IsNegated bool `json:"is_negated,omitempty"`
/*
Determines whether the value property will be interpreted as a
regular expression. Valid values are:
True: Regular expression
False: Default value. Literal value.
*/
IsRegex bool `json:"is_regex,omitempty"`
/*
Restricts the match condition defined by the type property to
the specified value.
Example:
If the type property is set to REQUEST_HEADERS and this property is
set to User-Agent, then this match condition is restricted to the
User-Agent request header.
If the value property is omitted, then this match condition applies
to all request headers.
*/
Value string `json:"value,omitempty"`
}
The match array determines the comparison conditions for the request element identified by the type property.
type MatchCondition ¶ added in v0.1.7
type MatchCondition struct {
/*
Note: Only valid when Type is set to EM
Indicates whether the comparison between the requested hostname or URL
Path and the values property is case-sensitive.
Valid values are:
True: Case-insensitive
False: Case-sensitive
*/
IsCaseInsensitive *bool `json:"is_case_insensitive,omitempty"`
/*
Indicates whether this match condition will be satisfied when
the requested hostname or URL Path matches or does not match the Value
defined by the Value/Values property.
Valid values are:
True: Does not match
False: Matches
*/
IsNegated *bool `json:"is_negated,omitempty"`
/*
Indicates how the system will interpret the comparison between the
request's hostname or the URL Path and the value defined within the
Value/Values property.
Valid values are:
EM: Indicates that request hostname or URL Path must be an exact match
to one of the case-sensitive values specified in the values property.
GLOB: Indicates that the request hostname or URL Path must be an exact
match to the wildcard pattern defined in the value property.
RX: Indicates that the request hostname or URL Path must be an exact
match to the regular expression defined in the value property.
Note: Apply this Security Application Manager configuration across
all hostnames or URLs by setting this property to "GLOB" and setting
the Value property to "*." This type of configuration is also known as
"Default."
*/
Type string `json:"type"`
/*
Note: Only valid when Type is set to GLOB or RX
Identifies a value that will be used to identify requests that are
eligible for this Security Application Manager configuration.
*/
Value *string `json:"value,omitempty"`
/*
Note: Only valid when Type is set to EM
Identifies one or more values used to identify requests that
are eligible for this Security Application Manager configuration.
*/
Values *[]string `json:"values,omitempty"`
}
Describes a match condition for hostnames or URL paths
type ModifyAllScopesResponse ¶ added in v0.1.9
type ModifyAllScopesResponse struct {
// The ID of the Scopes Configuration
ID string
WAFResponse
}
ModifyAllScopesResponse contains the response when calling ModifyAllScopes
type OP ¶
type OP struct {
// IsCaseInsensitive indicates whether the comparison between the request and
// the Values property is case-sensitive.
IsCaseInsensitive *bool `json:"is_case_insensitive,omitempty"`
// IsNegated indicates whether this match condition will be satisfied when
// the request matches or does not match the value defined by the Values property.
IsNegated *bool `json:"is_negated,omitempty"`
/*
Indicates how the system will interpret the comparison between the request and the Values property.
Valid values are:
EM | IPMATCH | RX
EM: Requires that the request attribute be set to one of the value(s) defined in the Values property.
IPMATCH: Requires that the request IP address either be contained by an IP block or be an exact match to an IP address defined in the Values property.
RX: Requires that the request attribute be an exact match to the regular expression defined in the value property.
*/
Type string `json:"type"`
/*
Identifies a regular expression used to identify requests that are eligible for rate limiting.
Note: valid only if Type is RX
*/
Value string `json:"value,omitempty"`
/*
Identifies one or more values used to identify requests that are eligible for rate limiting.
Note: Valid only if Type is EM or IPMATCH
*/
Values []string `json:"values,omitempty"`
}
OP describes a match condition
type Operator ¶ added in v0.1.5
type Operator struct {
/*
Indicates whether a condition will be satisfied when the value derived
from the request element defined within a variable object matches or
does not match the value property.
Valid values are:
True: Does not match
False: Matches
*/
IsNegated bool `json:"is_negated,omitempty"`
/*
Indicates how the system will interpret the comparison between the value
property and the value derived from the request element defined within
a variable object.
Valid values are:
RX:Indicates that the string value derived from the request element
must satisfy the regular expression defined in the value property.
STREQ: Indicates that the string value derived from the request
element must be an exact match to the value property.
CONTAINS: Indicates that the value property must contain the string
value derived from the request element.
BEGINSWITH: Indicates that the value property must start with the
string value derived from the request element.
ENDSWITH: Indicates that the value property must end with the string
value derived from the request element.
EQ: Indicates that the number derived from the variable object must
be an exact match to the value property.
Note: You should only use EQ when the is_count property
has been enabled.
IPMATCH: Requires that the request's IP address either be contained
by an IP block or be an exact match to an IP address defined in
the values property. Only use IPMATCH with the
REMOTE_ADDR variable.
*/
Type string `json:"type"`
/*
Indicates a value that will be compared against the string or number
value derived from the request element defined within a variable object.
Note: If you are identifying traffic via a URL path (REQUEST_URI),
then you should specify a URL path pattern that starts directly after
the hostname. Exclude a protocol or a hostname when defining this property.
Sample values:
/marketing
/800001/mycustomerorigin
*/
Value string `json:"value,omitempty"`
}
Operator describes the comparison that will be performed on the request element(s) defined within a variable object using its properties:
type ProdAction ¶ added in v0.1.7
type ProdAction struct {
/*
Reserved for future use. Leave blank for new ProdActions.
*/
ID string `json:"id,omitempty"`
/*
Indicates the name assigned to this enforcement action configuration.
*/
Name string `json:"name,omitempty"`
/*
Indicates the enforcement action that will be applied to malicious
traffic.
Valid values are:
BLOCK_REQUEST: Block Request
ALERT: Alert Only
REDIRECT_302: Redirect (HTTP 302)
CUSTOM_RESPONSE: Custom Response
BROWSER_CHALLENGE: Browser Challenge (only valid for Bot Rules)
*/
ENFType string `json:"enf_type"`
/*
Note: Only valid when ENFType is set to CUSTOM_RESPONSE
Indicates the response body that will be sent to malicious traffic.
This value is Base64 encoded.
*/
ResponseBodyBase64 *string `json:"response_body_base64,omitempty"`
/*
Note: Only valid when ENFType is set to CUSTOM_RESPONSE
Indicates the set of response headers that will be sent to malicious
traffic.
*/
ResponseHeaders *map[string]string `json:"response_headers,omitempty"`
/*
Note: Only valid when ENFType is set to CUSTOM_RESPONSE or
BROWSER_CHALLENGE
Indicates the HTTP status code (e.g., 404) for the custom response that
will be sent to malicious traffic.
*/
Status *int `json:"status,omitempty"`
/*
Note: Only valid when ENFType is set to REDIRECT_302
Indicates the URL to which malicious requests will be redirected.
*/
URL *string `json:"url,omitempty"`
/*
Note: Only valid when ENFType is set to BROWSER_CHALLENGE
Indicates the length of time in seconds that a browser challenge success
cookie remains valid. This cookie is assigned when the user solves the
challenge and prevents further challenges.
*/
ValidForSec *int `json:"valid_for_sec,omitempty"`
}
ProdAction describes the enforcement action that will be taken when a request violates the configuration defined by an Access, Managed, or Custom Rule.
type RateRule ¶
type RateRule struct {
// ConditionGroups contains the set of condition groups for this rate rule
ConditionGroups []ConditionGroup `json:"condition_groups"`
// CustomerID identifies your account by its customer account number.
CustomerID string `json:"customer_id"`
// Disabled indicates whether this rate rule will be enforced.
Disabled bool `json:"disabled"`
/*
DurationSec indicates the length, in seconds, of the rolling window that
tracks the number of requests eligible for rate limiting.
The rate limit formula is calculated through the Num and DurationSec properties as indicated below.
Num requests per DurationSec
Valid values are:
1 | 5 | 10 | 30 | 60 | 120 | 300
*/
DurationSec int `json:"duration_sec"`
/*
Indicates the method by requests will be grouped for the purposes of this rate rule.
Valid values are:
[empty array] | IP | USER_AGENT
Missing / Empty Array: If the keys property is not defined or set to an empty array,
all requests will be treated as a single group for the purpose of rate limiting.
IP: Indicates that requests will be grouped by IP address.
Each unique IP address is considered a separate group.
USER_AGENT: Indicates that requests will be grouped by a client's user agent.
Each unique combination of IP address and user agent is considered a separate group.
*/
Keys []string `json:"keys,omitempty"`
// Indicates the name of the rate rule.
Name string `json:"name,omitempty"`
/*
Indicates the rate limit value. This value identifies the number of requests that will trigger rate limiting.
The rate limit formula is calculated through the Num and DurationSec properties as indicated below.
Num requests per DurationSec
*/
Num int `json:"num"`
}
A RateRule restricts the flow of site traffic
type RateRuleLight ¶ added in v0.1.8
type RateRuleLight struct {
RateRule
/*
Indicates the system-defined ID for the rate rule.
*/
ID string `json:"id"`
/*
Indicates the timestamp at which the rate rule was last modified.
Syntax:
YYYY-MM-DDThh:mm:ss:ffffffZ
*/
LastModifiedDate string `json:"last_modified_date"`
// Indicates the name of the rate rule.
Name string `json:"name,omitempty"`
}
type RuleTargetUpdate ¶ added in v0.1.7
type RuleTargetUpdate struct {
/* Determines whether the current target, as defined within this object, will be ignored when identifying threats. Valid values are:
True: Ignore this target.
False: Default value. Allow this target to identify threats. */
IsNegated bool `json:"is_negated"`
/* Determines whether the target_match parameter may leverage regular expressions. Valid values are:
True: Interprets the target_match parameter as a regular expression.
False: Default value. Interprets the target_match parameter as a literal value. */
IsRegex bool `json:"is_regex"`
/* Defines the data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) that will be used instead of the one defined in the target parameter.
This parameter should be a blank value unless you are configuring a rule to identify threats based on a different data source.
This parameter replaces an existing threat identification criterion. For example, this capability may be used to identify threats based on
a cookie value instead of a query string argument. */
ReplaceTarget string `json:"replace_target"`
// Identifies a rule by its system-defined ID.
// The configuration defined within this object will alter the behavior of the rule identified by this parameter.
RuleID string `json:"rule_id"`
// Identifies the type of data source (e.g., REQUEST_COOKIES, ARGS, GEO, etc.) for which a target will be created.
// The maximum size of this value is 256 characters.
Target string `json:"target"`
/* Identifies a name or category (e.g., cookie name, query string name, country code, etc.) for the data source defined in the target parameter.
The category defined by this parameter will be analyzed when identifying threats.
The maximum size of this value is 256 characters. */
TargetMatch string `json:"target_match"`
}
The RuleTargetUpdate object describes each target using the below properties
type Scope ¶ added in v0.1.7
type Scope struct {
/*
Identifies the current Security Application Manager configuration by its
system-defined ID
Note: leave blank for new Scopes
*/
ID string `json:"id,omitempty"`
/*
Indicates the name assigned to the Security Application Manager
configuration.
Default Value: "name"
*/
Name string `json:"name"`
/*
Describes a hostname match condition.
*/
Host MatchCondition `json:"host"`
/*
Identifies the set of rate rules that will be enforced for this Security
Application Manager configuration and the enforcement action that will
be applied to rate limited requests.
*/
Limits *[]Limit `json:"limits,omitempty"`
/*
Describes a URL match condition.
*/
Path MatchCondition `json:"path"`
/*
Describe the type of action that will take place when the access rule
defined within the ACLAuditID property is violated.
*/
ACLAuditAction *AuditAction `json:"acl_audit_action,omitempty"`
/*
Indicates the system-defined ID for the access rule that will audit
production traffic for this Security Application Manager configuration.
Note: Use WAFService.GetAllAccessRules to retrieve a list of access
rules and their IDs.
*/
ACLAuditID *string `json:"acl_audit_id,omitempty"`
/*
Describes the type of action that will take place when the access rule
defined within the ACLProdID property is violated.
*/
ACLProdAction *ProdAction `json:"acl_prod_action,omitempty"`
/*
Indicates the system-defined ID for the access rule that will be applied
to production traffic for this Security Application Manager
configuration.
Note: Use WAFService.GetAllAccessRules to retrieve a list of access
rules and their IDs.
*/
ACLProdID *string `json:"acl_prod_id,omitempty"`
/*
Indicates the system-defined ID for the bots rule that will be applied
to production traffic for this Security Application Manager
configuration.
*/
BotsProdID *string `json:"bots_prod_id,omitempty"`
/*
Describes the type of action that will take place when the bots rule
defined within the BotsProdID property is violated.
*/
BotsProdAction *ProdAction `json:"bots_prod_action,omitempty"`
/*
Describes the type of action that will take place when the managed rule
defined within the ProfileAuditID property is violated.
*/
ProfileAuditAction *AuditAction `json:"profile_audit_action,omitempty"`
/*
Indicates the system-defined ID for the managed rule that will audit
production traffic for this Security Application Manager configuration.
Note: Use WAFService.GetAllManagedRules to retrieve a list of managed
rules and their IDs.
*/
ProfileAuditID *string `json:"profile_audit_id,omitempty"`
/*
Describes the type of action that will take place when the managed rule
defined within the ProfileProdID property is violated.
*/
ProfileProdAction *ProdAction `json:"profile_prod_action,omitempty"`
/*
Indicates the system-defined ID for the managed rule that will be
applied to production traffic for this Security Application Manager
configuration.
Note: Use WAFService.GetAllManagedRules to retrieve a list of access rules and their IDs.
*/
ProfileProdID *string `json:"profile_prod_id,omitempty"`
/*
Describes the type of action that will take place when the custom rule
set defined within the RuleAuditID property is violated.
*/
RuleAuditAction *AuditAction `json:"rules_audit_action,omitempty"`
/*
Indicates the system-defined ID for the custom rule set that will audit
production traffic for this Security Application Manager configuration.
Note: Use WAFService.GetAllCustomRuleSets to retrieve a list of custom
rule sets and their IDs.
*/
RuleAuditID *string `json:"rules_audit_id,omitempty"`
/*
Describes the type of action that will take place when the custom rule
set defined within the RuleProdID property is violated.
*/
RuleProdAction *ProdAction `json:"rules_prod_action,omitempty"`
/*
Indicates the system-defined ID for the custom rule set that will be
applied to production traffic for this Security Application Manager
configuration.
Note: Use WAFService.GetAllCustomRuleSets to retrieve a list of custom
rule sets and their IDs.
*/
RuleProdID *string `json:"rules_prod_id,omitempty"`
}
Describes a Security Application Manager configuration (Scope)
type Scopes ¶ added in v0.1.8
type Scopes struct {
/*
Identifies your account by its customer account number.
This value is case-sensitive.
*/
CustomerID string `json:"customer_id,omitempty"`
/*
Indicates the system-defined ID for the set of Security Application
Manager configurations defined within the scopes array.
*/
ID string `json:"id,omitempty"`
/*
Reserved for future use.
*/
LastModifiedBy string `json:"last_modified_by,omitempty"`
/*
Indicates the timestamp at which the Security Application Manager
configuration returned by the scopes array was last modified.
Syntax:
YYYY-MM-DDThh:mm:ss:ffffffZ
Learn more: https://developer.edgecast.com/cdn/api/Content/References/Report_Date_Time_Format.htm
*/
LastModifiedDate string `json:"last_modified_date,omitempty"`
/*
Reserved for future use.
*/
Name string `json:"name,omitempty"`
/*
Contains a list of Security Application Manager configurations (Scopes)
and their properties.
*/
Scopes []Scope `json:"scopes"`
/*
Reserved for future use.
*/
Version string `json:"version,omitempty"`
}
Contains the set of Security Application Manager configurations (Scopes) for a customer
type SecRule ¶ added in v0.1.5
type SecRule struct {
// Determines whether the string identified in a variable object will be
// transformed and the metadata that will be assigned to malicious traffic.
Action Action `json:"action"`
// Contains additional criteria that must be satisfied to
// identify a malicious request.
ChainedRules []ChainedRule `json:"chained_rule,omitempty"`
// Indicates the name assigned to this custom rule.
Name string `json:"name,omitempty"`
// Indicates the comparison that will be performed against the request
// element(s) identified within a variable object.
Operator Operator `json:"operator"`
// Contains criteria that identifies a request element.
Variables []Variable `json:"variable"`
}
Defines a custom rule
type Target ¶
type Target struct {
/*
Determines how requests will be identified.
Valid values are:
FILE_EXT | REMOTE_ADDR | REQUEST_HEADERS | REQUEST_METHOD | REQUEST_URI
*/
Type string `json:"type"`
/*
Indicates the name of the request header through which requests will be identified. Valid values are:
Note: Required if Type is REQUEST_HEADERS
*/
Value string `json:"value,omitempty"`
}
Target describes the type of match condition
type UpdateCustomRuleSetRequest ¶ added in v0.1.10
type UpdateCustomRuleSetRequest struct {
CustomRuleSetDetail
}
Updates a custom rule set that identifies a rule set configuration and describes a valid request.
type UpdateCustomRuleSetResponse ¶ added in v0.1.10
type UpdateCustomRuleSetResponse struct {
UpdateRuleResponse
}
Contains the response from the WAF API when updating a custom rule set
type UpdateManagedRuleRequest ¶ added in v0.1.8
type UpdateManagedRuleRequest struct {
ManagedRule
}
Updates a managed rule that identifies a rule set configuration and describes a valid request.
type UpdateManagedRuleResponse ¶ added in v0.1.8
type UpdateManagedRuleResponse struct {
UpdateRuleResponse
}
Contains the response from the WAF API when updating a managed rule
type UpdateRuleResponse ¶ added in v0.1.6
type UpdateRuleResponse struct {
// ID indicates the generated ID for the newly created Rule
ID string
WAFResponse
}
UpdateRuleResponse contains the response from the WAF API when updating a rule
type Variable ¶ added in v0.1.5
type Variable struct {
/*
Determines the request element that will be assessed.
Valid values are:
ARGS_POST |
GEO |
QUERY_STRING |
REMOTE_ADDR |
REQUEST_BODY |
REQUEST_COOKIES |
REQUEST_HEADERS |
REQUEST_METHOD |
REQUEST_URI
Note: If a request element consists of one or more key-value pairs,
then you may identify a key via a match object.
If is_count has been disabled, then you may identify a specific
value via the operator object.
*/
Type string `json:"type"`
// Contains comparison settings for the request element identified by the
// type property.
Matches []Match `json:"match,omitempty"`
/*
Determines whether a comparison will be performed between the operator
object and a string value or the number of matches found.
Valid values are:
true: A counter will increment whenever the request element defined by
this variable object is found. The operator object will perform a
comparison against this number.
** Note: If you enable is_count, then you must also set the type
property to EQ.**
false: The operator object will perform a comparison against the string
value derived from the request element defined by this variable object.
*/
IsCount bool `json:"is_count,omitempty"`
}
The variable array identifies each request element for which a comparison will be made using its properties
type WAFError ¶
type WAFError struct {
// Code indicates the HTTP status code for the error.
Code string
// Message indicates the description for the error that occurred.
Message string
}
WAFError contains errors encountered during a WAF operation
type WAFResponse ¶ added in v0.1.6
type WAFResponse struct {
// Success indicates whether the operation completed successfully
Success bool
// Status indicates whether this request was successful.
Status string
// Errors contains one or more errors if the request was not successful
Errors []WAFError
}
WAF response contains the response from the WAF API
type WAFService ¶
WAF service interacts with the EdgeCast API for WAF
func (*WAFService) AddAccessRule ¶
func (svc *WAFService) AddAccessRule(accessRule AccessRule) (*AddRuleResponse, error)
AddAccessRule creates an access rule that identifies valid or malicious requests via whitelists, accesslists, and blacklists.
func (*WAFService) AddCustomRuleSet ¶ added in v0.1.5
func (svc *WAFService) AddCustomRuleSet( customRuleSet CustomRuleSetDetail, accountNumber string, ) (*AddCustomRuleSetResponse, error)
Creates a custom rule set that defines custom threat assessment criteria.
func (*WAFService) AddManagedRule ¶ added in v0.1.6
func (svc *WAFService) AddManagedRule(managedRule AddManagedRuleRequest, accountNumber string) (*AddManagedRuleResponse, error)
Add a Managed Rule to the provided account number.
func (*WAFService) AddRateRule ¶
func (svc *WAFService) AddRateRule(rule RateRule) (*AddRateRuleResponse, error)
AddRateRule creates a rate rule that determines the maximum number of requests that will be allowed within a given time period.
func (*WAFService) DeleteAccessRuleByID ¶ added in v0.1.6
func (svc *WAFService) DeleteAccessRuleByID(accountNumber string, ID string) (*DeleteRuleResponse, error)
DeleteAccessRuleByID delete access rule.
func (*WAFService) DeleteCustomRuleSet ¶ added in v0.1.6
func (svc *WAFService) DeleteCustomRuleSet( accountNumber string, customRuleID string, ) (*DeleteCustomRuleSetResponse, error)
Deletes a custom rule.
func (*WAFService) DeleteManagedRule ¶ added in v0.1.8
func (svc *WAFService) DeleteManagedRule(accountNumber string, managedRuleID string) (*DeleteManagedRuleResponse, error)
Delete a Managed Rule for the provided account number and Managed Rule ID.
func (*WAFService) DeleteRateRuleByID ¶ added in v0.1.8
func (svc *WAFService) DeleteRateRuleByID(accountNumber string, ID string) (*DeleteRuleResponse, error)
DeleteRateRuleByID delete rate rule.
func (*WAFService) GetAccessRuleByID ¶ added in v0.1.6
func (svc *WAFService) GetAccessRuleByID(accountNumber string, ID string) (*AccessRuleByID, error)
GetAccessRuleByID provide access rule details.
func (*WAFService) GetAllAccessRules ¶ added in v0.1.7
func (svc *WAFService) GetAllAccessRules(accountNumber string) ([]AccessRuleLight, error)
GetAccessRules associated with the provided account number.
func (*WAFService) GetAllCustomRuleSets ¶
func (svc *WAFService) GetAllCustomRuleSets( accountNumber string, ) ([]CustomRuleSetLight, error)
Retrieves a list of custom rule sets. A custom rule set allows you to define custom threat assessment criterion.
func (*WAFService) GetAllManagedRules ¶
func (svc *WAFService) GetAllManagedRules(accountNumber string) ([]GetAllManagedRulesResponse, error)
Get all Managed Rules associcated with the provided account number.
func (*WAFService) GetAllRateRules ¶ added in v0.1.8
func (svc *WAFService) GetAllRateRules(accountNumber string) ([]RateRuleLight, error)
GetRateRules associated with the provided account number.
func (*WAFService) GetAllScopes ¶ added in v0.1.7
func (svc *WAFService) GetAllScopes(accountNumber string) (*Scopes, error)
Retrieves the set of Security Application Manager configurations (Scopes) and their properties for a customer
func (*WAFService) GetCustomRuleSet ¶ added in v0.1.7
func (svc *WAFService) GetCustomRuleSet( accountNumber string, customRuleID string, ) (*GetCustomRuleSetResponse, error)
GetCustomRuleSet retrieves a custom rule.
func (*WAFService) GetManagedRule ¶ added in v0.1.6
func (svc *WAFService) GetManagedRule(accountNumber string, managedRuleID string) (*GetManagedRuleResponse, error)
Get a single Managed Rule associcated with the provided account number and Managed Rule id.
func (*WAFService) GetRateRule ¶ added in v0.1.6
func (svc *WAFService) GetRateRule(customerID string, ruleID string) (*GetRateRuleResponse, error)
GetRateRule retrieves a rate rule
func (*WAFService) ModifyAllScopes ¶ added in v0.1.8
func (svc *WAFService) ModifyAllScopes( scopes Scopes, ) (*ModifyAllScopesResponse, error)
Create, update, or delete one or more Security Application Manager configurations (Scopes) for a customer
- Create a Security Application Manager configuration by adding a Scope object.
- Update a Security Application Manager configuration by modifying an existing Scope. The id property identifies the Security Application Manager configuration that will be updated.
- Delete a Security Application Manager configuration by excluding a Scope.
*** NOTE *** Rules must be fully processed by the CDN in order to be usable in a Scope. You may receive an error stating that a rule has not been processed. If this occurs, try again.
func (*WAFService) UpdateAccessRule ¶ added in v0.1.6
func (svc *WAFService) UpdateAccessRule(accessRule AccessRule, ID string) (*UpdateRuleResponse, error)
UpdateAccessRule an access rule that identifies valid or malicious requests via whitelists, accesslists, and blacklists.
func (*WAFService) UpdateCustomRuleSet ¶ added in v0.1.8
func (svc *WAFService) UpdateCustomRuleSet( accountNumber string, ID string, customRuleSet UpdateCustomRuleSetRequest, ) (*UpdateCustomRuleSetResponse, error)
UpdateCustomRuleSet that defines custom threat assessment criteria.
func (*WAFService) UpdateManagedRule ¶ added in v0.1.8
func (svc *WAFService) UpdateManagedRule(accountNumber string, managedRuleID string, managedRule UpdateManagedRuleRequest) (*UpdateManagedRuleResponse, error)
Update a Managed Rule for the provided account number and Managed Rule ID.
func (*WAFService) UpdateRateRule ¶ added in v0.1.6
func (svc *WAFService) UpdateRateRule(rule RateRule, ruleID string) (*UpdateRuleResponse, error)
UpdateRateRule updates a rate rule that determines the maximum number of requests that will be allowed within a given time period.
Source Files
Click to show internal directories.
Click to hide internal directories.