It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Custom Parameter Class and Custom Attack Types

  • Last updated on

Custom Parameter Class

Custom Parameter Class defines acceptable values for parameters. A created custom parameter class can be associated with the parameter profile to refine the validation for parameters in a request. You can associate the custom parameter class either by adding a new parameter profile or editing an existing parameter profile on the WEBSITES > Website Profiles > Parameter Profile section.

To Add a Custom Parameter Class

URL: /v1/custom_parameter_class

Method: POST

Description: Creates a parameter class with the specified values.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

name

Alphanumeric

Yes

A name for the custom parameter class.

input_type_validation

Enumeration

Yes

The expected type of value for the parameter configured on the WEBSITES > Website Profiles page. The enumerated values include:

  • numeric
  • hex_number
  • alpha
  • alphanumeric
  • credit_cards
  • date
  • string
  • name
  • custom
  • none

custom_input_type_validation

Enumeration

Optional

The expected custom input data type for the configured parameter. The values are displayed if Input Types pattern is added in the ADVANCED > Libraries page.

denied_metacharacters

String

Optional

The meta-characters to be denied in the parameter value,

blocked_attack_types

Enumeration

Optional

The Attack Types to be matched in a request. The enumerated values include:

  • http_specific_injection
  • ldap_injection
  • apache_struts_attacks
  • python_php_attacks
  • directory_traversal
  • directory_traversal_strict
  • cross_site_scripting
  • remote_file_inclusion
  • sql_injection_strict
  • sql_injection
  • os_command_injection
  • remote_file_inclusion_strict
  • os_command_injection_strict
  • cross_site_scripting_strict

custom_blocked_attack_types

Enumeration

Optional

The custom attack types defined on the ADVANCED > Libraries page (if any).

Example

Request:

curl http://10.11.26.77:8000/restapi/v1/custom_parameter_class -u 'eyJldCI6IjE0NzA5OTY5MzMiLCJwYXNzd29yZCI6IjUwMWY2ZjQ5ODkzYmM2ZGUzMzk1Nzc2NzVl\nNzU1OTFmIiwidXNlciI6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d'{"name":"pc4","input_type_validation":"name","denied_metacharacters":"%00%01%7d%20%18%30%47%29","custom_input_type_validation":"cust_input","blocked_attack_types":["os_command_injection","http_specific_injection","remote_file_inclusion_strict","remote_file_inclusion","ldap_injection","sql_injection","apache_struts_attacks","os_command_injection_strict","sql_injection_strict","cross_site_scripting","cross_site_scripting_strict","python_php_attacks","directory_traversal","directory_traversal_strict"],"custom_blocked_attack_types":["attack1","def-xyz2"]}'

Response:

{"id":"pc4","token":"eyJldCI6IjE0NzA5OTgwNTEiLCJwYXNzd29yZCI6ImQ4YWIzYjY2Y2ZlNzNmZDk3ZTBlNThmMmQz\nZmNmZTUzIiwidXNlciI6ImFkbWluIn0=\n"}

To Update a Custom Parameter Class

 

URL: /v1/custom_parameter_class/{custom_parameter_class_name}

Method: PUT

Description: Updates the values of given parameters in the given parameter class.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

input_type_validation

Enumeration

Optional

The expected type of value for the parameter configured on the WEBSITES > Website Profiles page. The enumerated values include:

  • numeric
  • hex_number
  • alpha
  • alphanumeric
  • credit_cards
  • date
  • string
  • name
  • custom
  • none

custom_input_type_validation

Enumeration

Optional

The expected custom input data type for the configured parameter. The values are displayed if Input Types pattern is added in the ADVANCED > Libraries page.

denied_metacharacters

String

Optional

The meta-characters to be denied in the parameter value,

blocked_attack_types

Enumeration

Optional

The Attack Types to be matched in a request. The enumerated values include:

  • http_specific_injection
  • ldap_injection
  • apache_struts_attacks
  • python_php_attacks
  • directory_traversal
  • directory_traversal_strict
  • cross_site_scripting
  • remote_file_inclusion
  • sql_injection_strict
  • sql_injection
  • os_command_injection
  • remote_file_inclusion_strict
  • os_command_injection_strict
  • cross_site_scripting_strict

custom_blocked_attack_types

Enumeration

Optional

The custom attack types defined on the ADVANCED > Libraries page (if any).

Example

Request

curl http://10.11.26.77:8000/restapi/v1/custom_parameter_class/pc4 -u 'eyJldCI6IjE0NzA5OTk1ODUiLCJwYXNzd29yZCI6ImExMDJiNGQxOTcxMWJlZTllNjBhMTRjNWQ1\nY2M1MDFkIiwidXNlciI6ImFkbWluIn0=\n: ' -X PUT -H Content-Type:application/json -d'{"input_type_validation":"hex_number","denied_metachars":"%00%01","custom_input_type_validation":"type1","blocked_attack_types":["os_command_injection","http_specific_injection","remote_file_inclusion_strict","remote_file_inclusion","ldap_injection","sql_injection","apache_struts_attacks","os_command_injection_strict","sql_injection_strict","cross-site_scripting","cross-site_scripting_strict","python-php_attacks"],"custom_blocked_attack_types":["cust_attack","cust_attack_2"]}'

Response

{"id":"pc10","token":"eyJldCI6IjE0NzA5OTk1ODUiLCJwYXNzd29yZCI6ImExMDJiNGQxOTcxMWJlZTllNjBhMTRjNWQ1\nY2M1MDFkIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete a Custom Parameter Class

URL: /v1/custom_parameter_class/{custom_parameter_class_name}

Method: DELETE

Description: Deletes the given parameter class.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/custom_parameter_class/pc4 -u 'eyJldCI6IjE0NzA5OTg3MjkiLCJwYXNzd29yZCI6IjU3ZTliN2U2NWMwNzY2NTk3OWNiY2M4Mjcz\nNDAzY2JmIiwidXNlciI6ImFkbWluIn0=\n: ' -X DELETE

Response

{"msg":"Successfully deleted","token":"eyJldCI6IjE0NzA5OTg3NDQiLCJwYXNzd29yZCI6IjhiZjdiY2RhNTllN2U3MzQ4NzVmNGNjZDQ4\nYTg4YzU2IiwidXNlciI6ImFkbWluIn0=\n"}

Attack Types

An attack is a technique used to exploit vulnerabilities in web applications. Attacks can insert or modify code in requests. If a request contains an attack pattern, it is dropped. The attack data type container includes patterns for identifying Cross-site Scripting, Remote-file Inclusion, SQL Injection, Directory Traversal, and OS Command Injection attacks. In addition customized attack data types can be created and used.

To Create an Attack Type Group

URL: /v1/attack_types

Method: POST

Description: Creates an attack type group.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

name

Alphanumeric

Yes

Name for the attack type group.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types -u 'eyJldCI6IjE0NzA5OTQ3ODgiLCJwYXNzd29yZCI6ImUyMzk1MWQ4ZGVmODY3YWI3YTg4NjFhMmFj\nNmE3YWJhIiwidXNlciI6ImFkbWluIn0=\n: ' -X POST -H Content-Type:application/json -d'{"name":"attack1"}'

Response

{"id":"attack1","token":"eyJldCI6IjE0NzA5OTQ4MzMiLCJwYXNzd29yZCI6IjEzMDc4ZTc3MGY2ZGMzMzVmNDZiOWJlYzYx\nMTYxZTVlIiwidXNlciI6ImFkbWluIn0=\n"}

To Create an Attack Type Pattern

URL: /v1/attack_types/(attack_type_group_name}/attacktype_pattern

Method: POST

Description: Creates an attack type pattern with the specified values.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

name

Alphanumeric

Yes

A name for the attack type pattern.

operating_mode

String

Yes

Operating mode for the attack pattern. The values include:

  • active: The request matching the attack pattern is blocked and logged on the BASIC > Web Firewall Logs page.
  • passive: The request matching the attack pattern is allowed to pass through and logged on the BASIC > Web Firewall Logs page.
  • off: The attack pattern is exempted from being matched with the requests.

pattern_regex

String

Yes

Defines the regular expression of the pattern. It recognizes the lexical patterns in text. This reads the given input for a specified description pattern. The patterns in the input are written using an extended set of regular expressions. Refer to Regular Expression Notation.

pattern_algorithm

Enumerated

Yes

Defines the algorithm for the pattern. The enumerated values include:

  • credit_card_check_digit
  • korean_resident_registration_number_check_digit
  • none

case_sensitive

String

Optional

Defines whether the pattern regular expression is to be treated as case sensitive or case insensitive. The values include:

  • yes
  • no

pattern_description

Alphanumeric

Optional

Description about the pattern.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1/attacktype_pattern -u 'eyJldCI6IjE0NzA5OTQ4MzMiLCJwYXNzd29yZCI6IjEzMDc4ZTc3MGY2ZGMzMzVmNDZiOWJlYzYx\nMTYxZTVlIiwidXNlciI6ImFkbWluIn0=\n: ' -X POST -H Content-Type:application/json -d'{"name":"pattern1","pattern_regex":"[a-zA-Z]","pattern_algorithm":"credit_card_check_digit","operating_mode":"passive","case_sensitive":"no","pattern_description":"Created via rest api"}'

Response

{"id":"pattern1","token":"eyJldCI6IjE0NzA5OTQ5MjciLCJwYXNzd29yZCI6IjEwODg5MTJjNDlhOTY5YzgzYWU1N2YxYWY1\nM2VjYzM4IiwidXNlciI6ImFkbWluIn0=\n"}

To Update an Attack Type Pattern

URL: /v1/attack_types/(attack_type_group_name}/attacktype_pattern/{attack_type_pattern}

Method: PUT

Description: Updates the attack type pattern with the specified values.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

operating_mode

String

Optional

Operating mode for the attack pattern. The values include:

  • active: The request matching the attack pattern is blocked and logged on the BASIC > Web Firewall Logs page.
  • passive: The request matching the attack pattern is allowed to pass through and logged on the BASIC > Web Firewall Logs page.
  • off: The attack pattern is exempted from being matched with the requests.

pattern_regex

String

Optional

Defines the regular expression of the pattern. It recognizes the lexical patterns in text. This reads the given input for a specified description pattern. The patterns in the input are written using an extended set of regular expressions. Refer to Regular Expression Notation.

pattern_algorithm

Enumerated

Optional

Defines the algorithm for the pattern. The enumerated values include:

  • credit_card_check_digit
  • korean_resident_registration_number_check_digit
  • none

case_sensitive

String

Optional

Defines whether the pattern regular expression is to be treated as case sensitive or case insensitive. The values include:

  • yes
  • no

pattern_description

Alphanumeric

Optional

Description about the pattern.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1/attacktype_pattern/pattern1 -u 'eyJldCI6IjE0NzA5OTQ4MzMiLCJwYXNzd29yZCI6IjEzMDc4ZTc3MGY2ZGMzMzVmNDZiOWJlYzYx\nMTYxZTVlIiwidXNlciI6ImFkbWluIn0=\n: ' -X PUT -H Content-Type:application/json -d '{"pattern_regex":"12[a-zA-Z][0-8]","pattern_algorithm":"korean_resident_registration_number_check_digit","operating_mode":"off","case_sensitive":"yes","pattern_description":"Created via rest api"}'

Response

{"id":"pattern1","token":"eyJldCI6IjE0NzA5OTU4NTYiLCJwYXNzd29yZCI6Ijg4ODVlZjM1OTAxMjg4ODUzZjljNGNkOGRi\nYzU1YWExIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete an Attack Type Pattern

URL: /v1/attack_types/(attack_type_group_name}/attacktype_pattern/{attack_type_pattern}

Method: DELETE

Description: Deletes the given attack type pattern.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1/attacktype_pattern/pattern1 -u 'eyJldCI6IjE0NzA5OTYzMDgiLCJwYXNzd29yZCI6IjVjNzU5MWI2MTY5ODQ1ZDc2OGFkMjcwMDcx\nNWJkMzU2IiwidXNlciI6ImFkbWluIn0=\n: ' -X DELETE

Response

{"msg":"Successfully deleted","token":"eyJldCI6IjE0NzA5OTYzMzAiLCJwYXNzd29yZCI6IjQxOTRiMDZjN2U1MDI1ZThhN2U3NzQ4YmJl\nYWY4NDNlIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete an Attack Type Group

URL: /v1/attack_types/(attack_type_group_name}

Method: DELETE

Description: Deletes the given attack type group.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1 -u 'eyJldCI6IjE0NzEwMDAyMTAiLCJwYXNzd29yZCI6Ijg4YWNlYjhlODUzNGZhMmEyNDEwNzM0MWUx\nYzkxNDMzIiwidXNlciI6ImFkbWluIn0=\n: ' -X DELETE

Response

{"msg":"Successfully deleted","token":"eyJldCI6IjE0NzEwMDAzNTciLCJwYXNzd29yZCI6ImQ4MGYwZDYzYmQwODM0YjM2NDBjMDU2MmRh\nNTM1NzA1IiwidXNlciI6ImFkbWluIn0=\n"}