waf

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 16, 2021 License: Apache-2.0 Imports: 5 Imported by: 6

Documentation

Overview

Package waf provides an API for managing Web Application Firewall for the EdgeCast CDN. WAF provides a layer of security between security threats and your external web infrastructure.

The Web Application Firewall (WAF) service provides a layer of security between many security threats and your external web infrastructure. Our WAF increases security by monitoring, detecting, and preventing application layer attacks. It inspects inbound HTTP/HTTPS traffic against reactive and proactive security policies and blocks malicious activity in-band and on a real-time basis.

For more information about WAF, refer to: https://docs.vdms.com/cdn/index.html#HTTP_and_HTTPS_Data_Delivery/WAF/Introduction.htm

For API documentation, refer to: https://dev.vdms.com/cdn/api/index.html#Media_Management/Web-Security/Web-Security.htm

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessControls 

type AccessControls struct {
	// Contains entries that identify traffic that may access your content upon passing a threat assessment.
	Accesslist []interface{} `json:"accesslist"`

	// Contains entries that identify traffic that will be blocked or for which an alert will be generated.
	Blacklist []interface{} `json:"blacklist"`

	// Contains entries that identify traffic that may access your content without undergoing threat assessment.
	Whitelist []interface{} `json:"whitelist"`
}

AccessControls contains lists that identify traffic for access control

type AccessRule 

type AccessRule struct {
	// Identifies each allowed HTTP method (e.g., GET).
	AllowedHTTPMethods []string `json:"allowed_http_methods"`

	// Identifies each allowed media type (e.g., application/json).
	AllowedRequestContentTypes []string `json:"allowed_request_content_types"`

	// Contains access controls for autonomous system numbers (ASNs).
	// All entries are integer values.
	ASNAccessControls *AccessControls `json:"asn"`

	// Contains access controls for cookies.
	// All entries are regular expressions.
	CookieAccessControls *AccessControls `json:"cookie"`

	// Contains access controls for countries.
	// Specify each desired country using its country code.
	CountryAccessControls *AccessControls `json:"country"`

	// Identifies an account by its customer account number.
	CustomerID string `json:"customer_id"`

	// Indicates each file extension for which WAF will send an alert or block the request.
	DisallowedExtensions []string `json:"disallowed_extensions"`

	// Indicates each request header for which WAF will send an alert or block the request.
	DisallowedHeaders []string `json:"disallowed_headers"`

	// Contains access controls for IPv4 and/or IPv6 addresses.
	// Specify each desired IP address using standard IPv4/IPv6 and CIDR notation.
	IPAccessControls *AccessControls `json:"ip"`

	// Assigns a name to this access rule.
	Name string `json:"name"`

	// Contains access controls for referrers.
	// All entries are regular expressions.
	RefererAccessControls *AccessControls `json:"referer"`

	// Determines the name of the response header that will be included with blocked requests.
	ResponseHeaderName string `json:"response_header_name"`

	// Contains access controls for URL paths.
	// All entries are regular expressions.
	URLAccessControls *AccessControls `json:"url"`

	// Contains access controls for user agents.
	// All entries are regular expressions.
	UserAgentAccessControls *AccessControls `json:"user_agent"`
}

AccessRule (ACL) identifies valid or malicious requests via whitelists, accesslists, and blacklists.

type AddRuleResponse 

type AddRuleResponse struct {
	// ID indicates the generated ID for the newly created Rule
	ID string

	// Success indicates whether the operation completed successfully
	Success bool

	// Status indicates whether this request was successful.
	Status string

	// Errors contains one or more errors if the request was not successful
	Errors []WAFError
}

AddRuleResponse contains the response from the WAF API when adding a new rule

type Condition 

type Condition struct {
	// Target describes the type of match condition
	Target Target `json:"target"`

	// OP describes a match condition
	OP OP `json:"op"`
}

Condition to be associated with a Rate Rule

type ConditionGroup 

type ConditionGroup struct {
	// Contains a list of match conditions
	Conditions []Condition `json:"conditions"`

	/*
		Indicates the system-defined alphanumeric ID of a condition group.

		Example: 12345678-90ab-cdef-ghij-klmnopqrstuvwxyz1
	*/
	ID string `json:"id,omitempty"`

	// Indicates the name of a condition group
	Name string `json:"name,omitempty"`
}

ConditionGroup describes a set of conditions to be associated with a rule

type CustomRuleSet 

type CustomRuleSet struct {
	//Indicates the system-defined ID for the custom rule set.
	Id string `json:"id"`

	//Indicates the date and time at which the custom rule was last modified.
	//Syntax:
	//MM/DD/YYYYhh:mm:ss [AM|PM]
	LastModifiedDate string `json:"last_modified_date"`

	//Indicates the name of the custom rule set.
	Name string `json:"name"`
}

type ManagedRule 

type ManagedRule struct {
	// Indicates the date and time at which the managed rule was created. TODO: Convert to time.Time .
	CreatedDate string `json:"created_date"`

	// Indicates the system-defined ID for the managed rule.
	Id string `json:"id"`

	// Indicates the date and time at which the managed rule was last modified. TODO: Convert to time.Time .
	LastModifiedDate string `json:"last_modified_date"`

	// Indicates the name of the managed rule.
	Name string `json:"name"`

	// Indicates the ID for the rule set associated with this managed rule.
	RulesetId string `json:"ruleset_id"`

	// Indicates the version of the rule set associated with this managed rule.
	RulesetVersion string `json:"ruleset_version"`
}

Retrieves a list of managed rules (Profiles). A managed rule identifies a rule set configuration and describes a valid request.

type OP 

type OP struct {
	// IsCaseSensitive indicates whether the comparison between the request and
	// the Values property is case-sensitive.
	IsCaseSensitive *bool `json:"is_case_sensitive,omitempty"`

	// IsNegated indicates whether this match condition will be satisfied when
	// the request matches or does not match the value defined by the Values property.
	IsNegated *bool `json:"is_negated,omitempty"`

	/*
		Indicates how the system will interpret the comparison between the request and the Values property.

		Valid values are:
			EM | IPMATCH | RX

		EM: Requires that the request attribute be set to one of the value(s) defined in the Values property.

		IPMATCH: Requires that the request IP address either be contained by an IP block or be an exact match to an IP address defined in the Values property.

		RX: Requires that the request attribute be an exact match to the regular expression defined in the value property.
	*/
	Type string `json:"type"`

	/*
		Identifies a regular expression used to identify requests that are eligible for rate limiting.

		Note: valid only if Type is RX
	*/
	Value string `json:"value,omitempty"`

	/*
		Identifies one or more values used to identify requests that are eligible for rate limiting.

		Note: Valid only if Type is EM or IPMATCH
	*/
	Values []string `json:"values,omitempty"`
}

OP describes a match condition

type RateRule 

type RateRule struct {
	// ConditionGroups contains the set of condition groups for this rate rule
	ConditionGroups []ConditionGroup `json:"condition_groups"`

	// CustomerID identifies your account by its customer account number.
	CustomerID string `json:"customer_id"`

	// Disabled indicates whether this rate rule will be enforced.
	Disabled bool `json:"disabled"`

	/*
		DurationSec indicates the length, in seconds, of the rolling window that
		tracks the number of requests eligible for rate limiting.

		The rate limit formula is calculated through the Num and DurationSec properties as indicated below.
			Num requests per DurationSec
		Valid values are:
			1 | 5 | 10 | 30 | 60 | 120 | 300
	*/
	DurationSec int `json:"duration_sec"`

	/*
		Indicates the method by requests will be grouped for the purposes of this rate rule.

		Valid values are:
			[empty array] | IP | USER_AGENT

		Missing / Empty Array: If the keys property is not defined or set to an empty array,
		all requests will be treated as a single group for the purpose of rate limiting.

		IP: Indicates that requests will be grouped by IP address.
		Each unique IP address is considered a separate group.

		USER_AGENT: Indicates that requests will be grouped by a client's user agent.
		Each unique combination of IP address and user agent is considered a separate group.
	*/
	Keys []string `json:"keys,omitempty"`

	// Indicates the name of the rate rule.
	Name string `json:"name,omitempty"`

	/*
		Indicates the rate limit value. This value identifies the number of requests that will trigger rate limiting.

		The rate limit formula is calculated through the Num and DurationSec properties as indicated below.
			Num requests per DurationSec
	*/
	Num int `json:"num"`
}

A RateRule restricts the flow of site traffic

type Target 

type Target struct {
	/*
		Determines how requests will be identified.

		Valid values are:
			FILE_EXT | REMOTE_ADDR |  REQUEST_HEADERS | REQUEST_METHOD | REQUEST_URI
	*/
	Type string `json:"type"`

	/*
		Indicates the name of the request header through which requests will be identified. Valid values are:

		Note: Required if Type is REQUEST_HEADERS
	*/
	Value string `json:"value,omitempty"`
}

Target describes the type of match condition

type WAFConfig 

type WAFConfig struct {
	Logger   edgecast.Logger
	APIToken string
}

Config holds the configuration for the WAF service

func NewConfig 

func NewConfig(apiToken string) WAFConfig

NewConfig creates the default configuration for the WAF service

type WAFError 

type WAFError struct {
	// Code indicates the HTTP status code for the error.
	Code string

	// Message indicates the description for the error that occurred.
	Message string
}

WAFError contains errors encountered during a WAF operation

type WAFService 

type WAFService struct {
	*client.Client
	Logger edgecast.Logger
}

WAF service interacts with the EdgeCast API for WAF

func New 

func New(config WAFConfig) (*WAFService, error)

New creates a new WAF service

func (*WAFService) AddAccessRule 

func (svc *WAFService) AddAccessRule(accessRule AccessRule) (*AddRuleResponse, error)

AddAccessRule creates an access rule that identifies valid or malicious requests via whitelists, accesslists, and blacklists.

func (*WAFService) AddRateRule 

func (svc *WAFService) AddRateRule(rateRule RateRule) (*AddRuleResponse, error)

AddRateRule creates a rate rule that determines the maximum number of requests that will be allowed within a given time period.

func (*WAFService) GetAllCustomRuleSets 

func (svc *WAFService) GetAllCustomRuleSets(accountNumber string) ([]CustomRuleSet, error)

Retrieves a list of custom rule sets. A custom rule set allows you to define custom threat assessment criterion.

func (*WAFService) GetAllManagedRules 

func (svc *WAFService) GetAllManagedRules(accountNumber string) ([]ManagedRule, error)

Get all Managed Rules associcated with the provided account number.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.