It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Website Profiles

  • Last updated on

The learned structure of an application is called a profile of the website. Website profiles are made up of profiles for URLs and profiles for parameters of those URLs. A URL profile lists allowed fields like HTTP methods, names and types of each parameter, query strings, length based restrictions, etc. A Parameter profile defines the allowed format for each parameter using either a negative or positive security model and includes length restrictions.

Website Profiles allow you to create specific rules to fine tune the security settings of a Service. They do not modify the default security policy settings, but fine tune security settings specific to a Service. For more information, see Configuring Website Profiles.

The following diagram shows the location of enforcement of Website Profiles in the Request/Response evaluation flow:

04 - Stage 2 with Positive Security.jpg

 

For more information on the complete evaluation flow for requests and responses, refer to Evaluation Policy and Flow.

To Update a Website Profile

URL: /v1/virtual_services/{virtual_service_id}
Method: PUT
Description: Updates the values of given parameters in the given website profile.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
use_profileStringOptional

Specifies whether or not to validate the incoming requests against the URL profiles and parameter profiles. The values include:

  • yes
  • no
strict_profile_checkStringOptional

Specifies whether or not to enforce strict profile checks for the requests coming for the specified service. The values include:

  • yes
  • no
modeEnumerationOptional

Specifies the mode of the website profile for the specified service. The enumerated values include:

  • active - allows or blocks the requests coming to the web application by validating against the URL profiles.
  • passive - validates the requests against the URL profiles and logs the request errors.
  • learning - starts learning the selected web application.
allowed_domainsAlphanumericOptionalSpecify the domain or IP address of the Service whose requests/responses should be validated against the URL and parameter profiles. 
exclude_url_patternsAlphanumericOptionalSpecify the URL patterns to be excluded in the URL profile validations.
include_url_patternsAlphanumericOptionalSpecify the URL patterns to be included in the URL profile validations in spite of being listed in the exclude_url_patterns parameter.
Example: Updating a Website Profile

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/service_4 -u 'eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n:' -X PUT -H Content-Type:application/json -d '{"website_profiles":{"use_profile":"yes","strict_profile_check":"no","mode":"passive","allowed_domains": ["*","www.abc.com","99.99.1.119"],"exclude_url_patterns":["*.jpg","*.txt"],"include_url_patterns":["*.jpeg "]}}'

Response:

{"id":"service_4","token":"eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n"}

To Create a URL Profile

URL: /v1/virtual_services/{virtual_service_id}/url_profiles
Method: POST
Description: Creates a URL profile with the given values.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
nameAlphanumericYesName of the URL profile.
statusStringOptional

Specify whether or not to validate the requests coming to the specified service using this URL profile. The values include:

  • on
  • off
urlURLYesA URL to be matched to the URL in the request.
extended_matchStringYes
extended_match_sequenceNumericYesA number to indicate the order in which the extended match rule must be evaluated in the requests.
modeStringOptional

The mode of the website profile for this service.

  • passive - Validates the requests against the URL Profile and logs the request errors.
  • active - Allows or blocks the requests coming to this Web application by validating against this URL profile.
  • learning - starts learning the selected web application if Adaptive Profiling 'Status' is set to 'On'.
allow_query_stringStringOptional

Specify whether or not to allow query string in the URL. The values include:

  • yes
  • no
hidden_parameter_protectionEnumerationOptional

Specify whether or not to protect hidden parameters in the forms and URLs. The enumerated values include:

  • none
  • forms
  • forms_and_urls
csrf_preventionEnumerationOptional

Specify whether or not to prevent cross-site request forgery attack on the forms and URLs. The enumerated values include:

  • none
  • forms
  • forms_and_urls
max_content_lengthNumericOptional

Specify the maximum allowable length of the content, that is, the request body. The Content-Length indicates the size of the content in the request body.

Note: Only requests with the Content-Length: headers are validated. Requests encoded using "Chunked Encoding" DO NOT have a Content-Length: header, and therefore are not subject to the Content Length check.

maximum_parameter_name_lengthNumericOptionalSpecify the maximum length of the parameter name in the request.
maximum_upload_filesNumericOptionalSpecify the maximum number of files that can be uploaded in one request.
blocked_attack_typesStringOptional

Specify the attack types that needs to be matched in the requests/responses. The values include:

  • os_command_injection
  • http_specific_injection
  • remote_file_inclusion_strict
  • remote_file_inclusion
  • ldap_injection
  • sql_injection
  • apache_struts_attacks
  • os_command_injection_strict
  • sql_injection_strict
  • python_php_attacks
  • cross_site_scripting
  • cross_site_scripting_strict
custom_blocked_attack_typesStringOptionalSpecify the custom attack types that needs to be matched in the requests/responses.
Example: Creating a URL Profile

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/service_4/url_profiles -u 'eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d '{"name": "url_test","url":"/index.html","status":"on”,"extended_match_sequence":"2","extended_match":"*","mode":"learning","allow_query_string":"yes","hidden_parameter_protection":"none","csrf_prevention":"none","max_content_length":"1073741823","maximum_parameter_name_length":"1023","maximum_upload_files":"100","comment":"URL Profile"}'

Response:

{"id":"url_test","token":"eyJldCI6IjI2NTk5MzgyMjAiLCJwYXNzd29yZCI6IjNiM2QzZDExYzE5NjhkY2QyYjNhMTMxM2Jm\nNTE5YzczIiwidXNlciI6ImFkbWluIn0=\n"}

To Retrieve a URL Profile

URL: /v1/virtual_services/{virtual_service_id}/url_profiles

         /v1/virtual_services/{virtual_service_id}/url_profiles/{url_profile_id}
Method: GET
Description: Lists all URL profiles if “url_profile_id” is not specified.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
parametersAlphanumericOptionalAny specific parameter name that needs to be retrieved.
Example: Retrieving a URL Profile

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/service_4/url_profiles/url_test -u 'eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n:' -X GET

Response:

{"extended_match_sequence":"2","maximum_parameter_name_length":"10","status":"on","mode":"active","extended_match":"*","blocked_attack_types":["os_command_injection","http_specific_injection","remote_file_inclusion_strict","remote_file_inclusion","ldap_injection","sql_injection","apache_struts_attacks","os_command_injection_strict","sql_injection_strict","python_php_attacks"],"custom_blocked_attack_types":["abcd"],"csrf_prevention":"forms","url":"/index.html","read":"1","id":"url_test","token":"eyJldCI6IjI2NTk5MzgyMjAiLCJwYXNzd29yZCI6IjNiM2QzZDExYzE5NjhkY2QyYjNhMTMxM2Jm\nNTE5YzczIiwidXNlciI6ImFkbWluIn0=\n","max_content_length":"100","allowed_content_types":["text/xml","application/x-www-form-urlencoded"],"hidden_parameter_protection":"forms","name":"url_test","allow_query_string":"yes","display_name":null,"maximum_upload_files":"10","comment":"Test-urlprofile","allowed_methods":["GET","POST"],"referrers_for_the_url_profile": ["http://abcd","http://xyz"],"created_by":"Manual","exception_patterns":["sql-quote","script-tag "]}

To Update a URL Profile

URL: /v1/virtual_services/{virtual_service_id}/url_profiles/{url_profile_id}
Method: PUT
Description: Updates the values of given parameters in the given URL profile.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
statusStringOptional

Specifies whether or not to validate the requests coming to the specified service using this URL profile. The values include:

  • on
  • off
urlURLOptionalSpecifies the URL to be matched to the URL in the request.
extended_matchStringOptional

An expression that consists of a combination of HTTP headers and/or query string parameters.

For information on how to write extended match expressions, refer Extended Match Syntax Help.

extended_match_sequenceNumericOptionalSpecifies the number to indicate the order in which the extended match rule must be evaluated in the requests.
modeStringOptional

Specifies the mode of the website profile for the service.

  • passive - Validates the requests against the URL Profile and logs the request errors.
  • active - Allows or blocks the requests coming to this Web application by validating against this URL profile.
  • learning - starts learning the selected web application if Adaptive Profiling 'Status' is set to 'On'.
allowed_methodsAlphabeticOptionalSpecify the methods to be allowed in the request.
allow_query_stringStringOptional

Specifies whether or not to allow query string in the URL. The values include:

  • yes
  • no
allowed_content_typesAlphabeticOptionalSpecify the content-types to be allowed in the POST body of a URL.
hidden_parameter_protectionEnumerationOptional

Specifies whether or not to protect hidden parameters in the forms and URLs. The enumerated values include:

  • none
  • forms
  • forms_and_urls
csrf_preventionEnumerationOptional

Specifies whether or not to prevent cross-site request forgery attack on the forms and URLs. The enumerated values include:

  • none
  • forms
  • forms_and_urls
max_content_lengthNumericOptional

Specifies the maximum allowable length of the content, that is, the request body. The Content-Length indicates the size of the content in the request body.

Note: Only requests with the Content-Length: headers are validated. Requests encoded using "Chunked Encoding" DO NOT have a Content-Length: header, and therefore are not subject to the Content Length check.

maximum_parameter_name_lengthNumericOptionalSpecifies the maximum length of the parameter name in the request.
referrers_for_the_url_profileAlphanumericOptionalSpecify the address (URI) of the resource from which the Request URI was obtained. In case of adaptive profiling, the referrers are learned as the profile sources. This referrer is not same as the Referrer in CSRF protection.
maximum_upload_filesNumericOptionalSpecifies the maximum number of files that can be uploaded in one request.
exception_patternsAlphanumericOptionalSpecify the patterns to be allowed as exceptions in spite of them being part of a malicious pattern group. The configuration should be the exact "Pattern Name" as found on the ADVANCED > View Internal Patterns page or as defined during the creation of a "New Group" through the ADVANCED > Libraries page.
blocked_attack_typesStringOptional

Specifies the attack types that needs to be matched in the requests/responses. The values include:

  • os_command_injection
  • http_specific_injection
  • remote_file_inclusion_strict
  • remote_file_inclusion
  • ldap_injection
  • sql_injection
  • apache_struts_attacks
  • os_command_injection_strict
  • sql_injection_strict
  • python_php_attacks
  • cross_site_scripting
  • cross_site_scripting_strict
custom_blocked_attack_typesStringOptionalSpecifies the custom attack types that needs to be matched in the requests/responses.
Example: Updating a URL Profile

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/url_encryption/url_profiles/url_test -u 'eyJldCI6IjE0NjU4Mzg3NjMiLCJwYXNzd29yZCI6IjJmNDM2ZjQxOTdkN2IyZGEwNzBkNTUzMWU1\nY2UzNDUxIiwidXNlciI6ImFkbWluIn0=\n:' -X PUT -H Content-Type:application/json -d '{"url":"/index.html","extended_match_sequence":"2","status":"on","extended_match":"*","mode":"active","allow_query_string":"yes","hidden_parameter_protection":"forms","csrf_prevention":"forms","max_content_length":"100","maximum_parameter_name_length":"10","maximum_upload_files":"10","blocked_attack_types":["os_command_injection","http_specific_injection","remote_file_inclusion_strict","remote_file_inclusion","ldap_injection","sql_injection","apache_struts_attacks","os_command_injection_strict","sql_injection_strict"],"comment":"Test-urlprofile","allowed_methods":["GET","POST"],"allowed_content_types":["text/xml","application/x-www-form-urlencoded"],"referrers_for_the_url_profile":["http://abcd","http://xyz"],"exception_patterns":["sql-quote","script-tag"],"custom_blocked_attack_types":["abcd"]}

Response:

{"id":"url_test","token":"eyJldCI6IjE0NjU4NDA0NDYiLCJwYXNzd29yZCI6IjUxZWZlOTI2ZWZhMTVmNTUxZjYxYzM2ZTI3\nNTRkMjg5IiwidXNlciI6ImFkbWluIn0=\n"}

To Delete a URL Profile

URL: /v1/virtual_services/{virtual_service_id}/url_profiles/{url_profile_id}
Method: DELETE
Description: Deletes the given URL profile.
Example: Deleting a URL Profile

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/service_4/url_profiles/url_test -u 'eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n:' -X DELETE

Response:

{"msg":"Successfully deleted","token":"eyJldCI6IjI2NTk5MzgyMjAiLCJwYXNzd29yZCI6IjNiM2QzZDExYzE5NjhkY2QyYjNhMTMxM2Jm\nNTE5YzczIiwidXNlciI6ImFkbWluIn0=\n"}

To Create a Parameter Profile

URL: /v1/virtual_services/{virtual_service_id}/url_profiles/{url_profile_id}/parameter_profiles
Method: POST
Description: Creates a parameter profile with the given values.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
nameAlphanumericYesSpecify a name for the parameter profile.
statusStringOptional

Specify whether or not to validate the requests coming to the specified service using this parameter profile. The values include:

  • on
  • off
typeEnumerationYes

Specify the type of parameter to be validated in the requests/responses. The enumerated values include:

  • input
  • read_only
  • session_choice
  • global_choice
  • session_invariant
  • file_upload
valuesAlphanumericConditional

Specify a fixed set of strings to be matched against the parameter's value,

 

Note: This is required only when type is set to Global Choice.
parameter_classEnumerationYes

Specify the parameter class that needs to be compared to the parameters sent in the requests/responses. The enumerated values include:

  • custom
  • login
  • search
  • password
  • comments
  • integer
  • hex_number
  • alpha
  • alphanumeric
  • string
  • generic
  • no_validation
custom_parameter_classEnumerationConditional

Specify the custom parameter class that needs to be compared to the parameters sent in the requests/responses.

 

Note: Required only when parameter_class is set to custom.
max_value_lengthNumericOptionalSpecify the maximum allowable length for the value of the parameter
requiredStringOptional

Specify whether or not the parameter should always be present in the request. The values include:

  • yes
  • no
ignoreStringOptional

Specify whether or not to ignore the parameter completely from validation. The values include:

  • yes
  • no
validate_parameter_nameStringOptional

Specify whether or not to validate the parameter names in the request against the attack types specified in blocked_attack_types and custom_blocked_attack_types in the associated URL profile. The values include:

  • yes
  • no
maximum_instancesNumericOptionalSpecify the maximum number of times the parameter should be allowed in the request/response.
allowed_file_upload_typeStringOptional

Specify the file upload type. The values include:

  • extensions - to allow the files uploaded with extensions specified in file_upload_extensions.
  • mime_types - to identify the content in the files before allowing to be uploaded with the mime types specified in file_upload_mime_types.
file_upload_extensionsAlphanumericConditional

Specify the extensions to be allowed in file uploads.

 

Note: Required only when allowed_file_upload_type is set to extensions.
file_upload_mime_typesAlphanumericConditional

Specify the Mime types to be allowed as uploaded files.

 

Note: Required only when allowed_file_upload_type is set to mime_types.
Example: Creating a Parameter Profile

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/service_4/url_profiles/url_test1/parameter_profiles -u 'eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d '{"name":"param1","parameter":"index1","status":"on","comments":"test_param_profiles","ignore":"yes","allowed_metacharacters":"%00","base64_decode_parameter_value":"yes","required":"yes","maximum_instances":"10","validate_parameter_name":"yes","max_value_length":"1000","parameter_class":"generic","type":"input"}'

Response:

{"id":"param1","token":"eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n"}

To Retrieve a Parameter Profile

URL: /v1/virtual_services/{virtual_service_id}/url_profiles/{url_profile_id}/parameter_profiles

         /v1/virtual_services/{virtual_service_id}/url_profiles/{url_profile_id}/parameter_profiles/{parameter_profile_id}
Method: GET
Description: Lists all parameter profiles if “parameter_profile_id” is not specified.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
parametersAlphanumericOptionalAny specific parameter name that needs to be retrieved.
Example 1: Retrieving all parameter profiles

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/service_4/url_profiles/url_test1/parameter_profiles -u 'eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n:' -X GET

Response:

{"parameters":null,"object":"ParameterProfiles","data":[{"status":"on","comments":"test_param_profiles","ignore":"no","allowed_metacharacters":"%00","base64_decode_parameter_value":"no","required":"no","id":"param1","maximum_instances":"10","validate_parameter_name":"no","max_value_length":"1000","custom_parameter_class":"","file_upload_extensions":["html","txt"],"parameter_class":"generic","name":"param1","values":["aaaaa","ddddd","zzzzz"],"parameter":"index1","allowed_file_upload_type":"mime_types","file_upload_mime_types":["text/html"],"type":"file_upload","created_by":"Manual","exception_patterns":["sql-quote","script-tag"]}],"limit":null,"service_id":"service_4","token":"eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n","offset":null}

Example 2: Retrieving a specific parameter profile

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/service_4/url_profiles/url_test1/parameter_profiles/param1 -u 'eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n:' -X GET

Response:

{"status":"on","comments":"test_param_profiles","ignore":"no","allowed_metacharacters":"%00","base64_decode_parameter_value":"no","required":"no","id":"param1","maximum_instances":"10","token":"eyJldCI6IjYyNjIxODcxMDUiLCJwYXNzd29yZCI6ImQ2Y2IyNWEyZmU2MjMwNjY5MWU4ZWYxMTUz\nYWM0MDM3IiwidXNlciI6ImFkbWluIn0=\n","validate_parameter_name":"no","max_value_length":"1000","custom_parameter_class":"","file_upload_extensions":["html","txt"],"parameter_class":"generic","name":"param1","values":["aaaaa","ddddd","zzzzz"],"parameter":"index1","allowed_file_upload_type":"mime_types","file_upload_mime_types":["text/html"],"type":"file_upload","created_by":"Manual","exception_patterns":["sql-quote","script-tag"]}

To Update a Parameter Profile

URL: /v1/virtual_services/{virtual_service_id}/url_profiles/{url_profile_id}/parameter_profiles/{parameter_profile_id}
Method: PUT
Description: Updates the values of given parameters in the given parameter profile.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
statusStringOptional

Specifies whether or not to validate the requests coming to the specified service using this parameter profile. The values include:

  • yes
  • no
typeEnumerationOptional

Specifies the type of parameter to be validated in the requests/responses. The enumerated values include:

  • input
  • read_only
  • session_choice
  • global_choice
  • session_invariant
  • file_upload
valuesAlphanumericConditional

Specifies a fixed set of strings to be matched against the parameter's value.

 

Note: This is required only when type is set to Global Choice.
parameter_classEnumerationOptional

Specifies the parameter class that needs to be compared to the parameters sent in the requests/responses. The enumerated values include:

  • custom
  • login
  • search
  • password
  • comments
  • integer
  • hex_number
  • alpha
  • alphanumeric
  • string
  • generic
  • no_validation
custom_parameter_classEnumerationConditional

Specifies the custom parameter class that needs to be compared to the parameters sent in the requests/responses.

 

Note: Required only when parameter_class is set to custom.
max_value_lengthNumericOptionalSpecify the maximum allowable length for the value of the parameter
requiredStringOptional

Specify whether or not the parameter should always be present in the request. The values include:

  • yes
  • no
ignoreStringOptional

Specify whether or not to ignore the parameter completely from validation. The values include:

  • yes
  • no
validate_parameter_nameStringOptional

Specify whether or not to validate the parameter names in the request against the attack types specified in blocked_attack_types and custom_blocked_attack_types in the associated URL profile. The values include:

  • yes
  • no
maximum_instancesNumericOptionalSpecify the maximum number of times the parameter should be allowed in the request/response.
base64_decode_parameter_valueStringOptional

Specify whether or not to apply base64 decoding to the parameter values. The values include:

  • yes
  • no
allowed_file_upload_typeStringOptional

Specify the file upload type. The values include:

  • extensions - to allow the files uploaded with extensions specified in file_upload_extensions.
  • mime_types - to identify the content in the files before allowing to be uploaded with the mime types specified in file_upload_mime_types.
file_upload_extensionsAlphanumericOptional

Specify the extensions to be allowed in file uploads.

 

Note: Required only when allowed_file_upload_type is set to extensions.
file_upload_mime_typesAlphanumericOptional

Specify the Mime types to be allowed as uploaded files.

 

Note: Required only when allowed_file_upload_type is set to mime_types.
allowed_metacharactersAlphanumericOptionalSpecify the meta-characters to be allowed in spite of being marked as denied in the parameter class.
exception_patternsAlphanumericOptionalSpecify the patterns to be allowed as exceptions in spite of them being part of a malicious pattern group. The configuration should be the exact "Pattern Name" as found on the ADVANCED > View Internal Patterns page or as defined during the creation of a "New Group" through the ADVANCED > Libraries page.
Example: Updating a Parameter Profile

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/service_4/url_profiles/url_test1/parameter_profiles/param1 -u 'eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n:' -X PUT -H Content-Type:application/json -d '{"parameter":"index1","allowed_file_upload_type":"mime_types","status":"on","comments":"test_param_profiles","ignore":"no","allowed_metacharacters":"%00","base64_decode_parameter_value":"no","required":"no","maximum_instances":"10","validate_parameter_name":"no","max_value_length":"1000","parameter_class":"generic","type":"file_upload","file_upload_extensions":["html","txt"],"file_upload_mime_types":["text/html"],"values":["aaaaa","ddddd","zzzzz"],"exception_patterns":["sql-quote","script-tag"]}'

Response:

{"id":"param1","token":"eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n"}

To Delete a Parameter Profile

URL: /v1/virtual_services/{virtual_service_id}/url_profiles/{url_profile_id}/parameter_profiles/{parameter_profile_id}
Method: DELETE
Description: Deletes the given parameter profile.
Example: Deleting a Parameter Profile

Request:

curl http://10.11.26.132:8000/restapi/v1/virtual_services/service_4/url_profiles/url_test1/parameter_profiles/param1 -u 'eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n:' -X DELETE

Response:

{"msg":"Successfully deleted","token":"eyJldCI6IjI2NTk5MzYzMDUiLCJwYXNzd29yZCI6IjBjMjZlNjRiNTFhYTUxMWE0YzhhN2ZkNzQy\nMTllZTg5IiwidXNlciI6ImFkbWluIn0=\n"}