Custom Parameter Class and Custom Attack Types

Last updated on 2016-11-30 23:02:40

Custom Parameter Class

Custom Parameter Class defines acceptable values for parameters. A created custom parameter class can be associated with the parameter profile to refine the validation for parameters in a request. You can associate the custom parameter class either by adding a new parameter profile or editing an existing parameter profile on the WEBSITES > Website Profiles > Parameter Profile section.

To Add a Custom Parameter Class

Parameter Name	Data Type	Mandatory	Description
URL: /v1/custom_parameter_class
Method: POST
Description: Creates a parameter class with the specified values.
Input Parameters:
name	Alphanumeric	Yes	A name for the custom parameter class.
input_type_validation	Enumeration	Yes	The expected type of value for the parameter configured on the WEBSITES > Website Profiles page. The enumerated values include: numeric hex_number alpha alphanumeric credit_cards date string name custom none
custom_input_type_validation	Enumeration	Optional	The expected custom input data type for the configured parameter. The values are displayed if Input Types pattern is added in the ADVANCED > Libraries page.
denied_metacharacters	String	Optional	The meta-characters to be denied in the parameter value,
blocked_attack_types	Enumeration	Optional	The Attack Types to be matched in a request. The enumerated values include: http_specific_injection ldap_injection apache_struts_attacks python_php_attacks directory_traversal directory_traversal_strict cross_site_scripting remote_file_inclusion sql_injection_strict sql_injection os_command_injection remote_file_inclusion_strict os_command_injection_strict cross_site_scripting_strict
custom_blocked_attack_types	Enumeration	Optional	The custom attack types defined on the ADVANCED > Libraries page (if any).

Example

Request:

curl http://10.11.26.77:8000/restapi/v1/custom_parameter_class -u 'eyJldCI6IjE0NzA5OTY5MzMiLCJwYXNzd29yZCI6IjUwMWY2ZjQ5ODkzYmM2ZGUzMzk1Nzc2NzVl\nNzU1OTFmIiwidXNlciI6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d'{"name":"pc4","input_type_validation":"name","denied_metacharacters":"%00%01%7d%20%18%30%47%29","custom_input_type_validation":"cust_input","blocked_attack_types":["os_command_injection","http_specific_injection","remote_file_inclusion_strict","remote_file_inclusion","ldap_injection","sql_injection","apache_struts_attacks","os_command_injection_strict","sql_injection_strict","cross_site_scripting","cross_site_scripting_strict","python_php_attacks","directory_traversal","directory_traversal_strict"],"custom_blocked_attack_types":["attack1","def-xyz2"]}'

Response:

{"id":"pc4","token":"eyJldCI6IjE0NzA5OTgwNTEiLCJwYXNzd29yZCI6ImQ4YWIzYjY2Y2ZlNzNmZDk3ZTBlNThmMmQz\nZmNmZTUzIiwidXNlciI6ImFkbWluIn0=\n"}

To Update a Custom Parameter Class

Parameter Name	Data Type	Mandatory	Description
URL: /v1/custom_parameter_class/{custom_parameter_class_name}
Method: PUT
Description: Updates the values of given parameters in the given parameter class.
Input Parameters:
input_type_validation	Enumeration	Optional	The expected type of value for the parameter configured on the WEBSITES > Website Profiles page. The enumerated values include: numeric hex_number alpha alphanumeric credit_cards date string name custom none
custom_input_type_validation	Enumeration	Optional	The expected custom input data type for the configured parameter. The values are displayed if Input Types pattern is added in the ADVANCED > Libraries page.
denied_metacharacters	String	Optional	The meta-characters to be denied in the parameter value,
blocked_attack_types	Enumeration	Optional	The Attack Types to be matched in a request. The enumerated values include: http_specific_injection ldap_injection apache_struts_attacks python_php_attacks directory_traversal directory_traversal_strict cross_site_scripting remote_file_inclusion sql_injection_strict sql_injection os_command_injection remote_file_inclusion_strict os_command_injection_strict cross_site_scripting_strict
custom_blocked_attack_types	Enumeration	Optional	The custom attack types defined on the ADVANCED > Libraries page (if any).

Example

Request

curl http://10.11.26.77:8000/restapi/v1/custom_parameter_class/pc4 -u 'eyJldCI6IjE0NzA5OTk1ODUiLCJwYXNzd29yZCI6ImExMDJiNGQxOTcxMWJlZTllNjBhMTRjNWQ1\nY2M1MDFkIiwidXNlciI6ImFkbWluIn0=\n: ' -X PUT -H Content-Type:application/json -d'{"input_type_validation":"hex_number","denied_metachars":"%00%01","custom_input_type_validation":"type1","blocked_attack_types":["os_command_injection","http_specific_injection","remote_file_inclusion_strict","remote_file_inclusion","ldap_injection","sql_injection","apache_struts_attacks","os_command_injection_strict","sql_injection_strict","cross-site_scripting","cross-site_scripting_strict","python-php_attacks"],"custom_blocked_attack_types":["cust_attack","cust_attack_2"]}'

Response

{"id":"pc10","token":"eyJldCI6IjE0NzA5OTk1ODUiLCJwYXNzd29yZCI6ImExMDJiNGQxOTcxMWJlZTllNjBhMTRjNWQ1\nY2M1MDFkIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete a Custom Parameter Class

URL: /v1/custom_parameter_class/{custom_parameter_class_name}

Method: DELETE

Description: Deletes the given parameter class.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/custom_parameter_class/pc4 -u 'eyJldCI6IjE0NzA5OTg3MjkiLCJwYXNzd29yZCI6IjU3ZTliN2U2NWMwNzY2NTk3OWNiY2M4Mjcz\nNDAzY2JmIiwidXNlciI6ImFkbWluIn0=\n: ' -X DELETE

Response

{"msg":"Successfully deleted","token":"eyJldCI6IjE0NzA5OTg3NDQiLCJwYXNzd29yZCI6IjhiZjdiY2RhNTllN2U3MzQ4NzVmNGNjZDQ4\nYTg4YzU2IiwidXNlciI6ImFkbWluIn0=\n"}

Attack Types

An attack is a technique used to exploit vulnerabilities in web applications. Attacks can insert or modify code in requests. If a request contains an attack pattern, it is dropped. The attack data type container includes patterns for identifying Cross-site Scripting, Remote-file Inclusion, SQL Injection, Directory Traversal, and OS Command Injection attacks. In addition customized attack data types can be created and used.

To Create an Attack Type Group

Parameter Name	Data Type	Mandatory	Description
URL: /v1/attack_types
Method: POST
Description: Creates an attack type group.
Input Parameters:
name	Alphanumeric	Yes	Name for the attack type group.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types -u 'eyJldCI6IjE0NzA5OTQ3ODgiLCJwYXNzd29yZCI6ImUyMzk1MWQ4ZGVmODY3YWI3YTg4NjFhMmFj\nNmE3YWJhIiwidXNlciI6ImFkbWluIn0=\n: ' -X POST -H Content-Type:application/json -d'{"name":"attack1"}'

Response

{"id":"attack1","token":"eyJldCI6IjE0NzA5OTQ4MzMiLCJwYXNzd29yZCI6IjEzMDc4ZTc3MGY2ZGMzMzVmNDZiOWJlYzYx\nMTYxZTVlIiwidXNlciI6ImFkbWluIn0=\n"}

To Create an Attack Type Pattern

Parameter Name	Data Type	Mandatory	Description
URL: /v1/attack_types/(attack_type_group_name}/attacktype_pattern
Method: POST
Description: Creates an attack type pattern with the specified values.
Input Parameters:
name	Alphanumeric	Yes	A name for the attack type pattern.
operating_mode	String	Yes	Operating mode for the attack pattern. The values include: active: The request matching the attack pattern is blocked and logged on the BASIC > Web Firewall Logs page. passive: The request matching the attack pattern is allowed to pass through and logged on the BASIC > Web Firewall Logs page. off: The attack pattern is exempted from being matched with the requests.
pattern_regex	String	Yes	Defines the regular expression of the pattern. It recognizes the lexical patterns in text. This reads the given input for a specified description pattern. The patterns in the input are written using an extended set of regular expressions. Refer to Regular Expression Notation.
pattern_algorithm	Enumerated	Yes	Defines the algorithm for the pattern. The enumerated values include: credit_card_check_digit korean_resident_registration_number_check_digit none
case_sensitive	String	Optional	Defines whether the pattern regular expression is to be treated as case sensitive or case insensitive. The values include: yes no
pattern_description	Alphanumeric	Optional	Description about the pattern.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1/attacktype_pattern -u 'eyJldCI6IjE0NzA5OTQ4MzMiLCJwYXNzd29yZCI6IjEzMDc4ZTc3MGY2ZGMzMzVmNDZiOWJlYzYx\nMTYxZTVlIiwidXNlciI6ImFkbWluIn0=\n: ' -X POST -H Content-Type:application/json -d'{"name":"pattern1","pattern_regex":"[a-zA-Z]","pattern_algorithm":"credit_card_check_digit","operating_mode":"passive","case_sensitive":"no","pattern_description":"Created via rest api"}'

Response

{"id":"pattern1","token":"eyJldCI6IjE0NzA5OTQ5MjciLCJwYXNzd29yZCI6IjEwODg5MTJjNDlhOTY5YzgzYWU1N2YxYWY1\nM2VjYzM4IiwidXNlciI6ImFkbWluIn0=\n"}

To Update an Attack Type Pattern

Parameter Name	Data Type	Mandatory	Description
URL: /v1/attack_types/(attack_type_group_name}/attacktype_pattern/{attack_type_pattern}
Method: PUT
Description: Updates the attack type pattern with the specified values.
Input Parameters:
operating_mode	String	Optional	Operating mode for the attack pattern. The values include: active: The request matching the attack pattern is blocked and logged on the BASIC > Web Firewall Logs page. passive: The request matching the attack pattern is allowed to pass through and logged on the BASIC > Web Firewall Logs page. off: The attack pattern is exempted from being matched with the requests.
pattern_regex	String	Optional	Defines the regular expression of the pattern. It recognizes the lexical patterns in text. This reads the given input for a specified description pattern. The patterns in the input are written using an extended set of regular expressions. Refer to Regular Expression Notation.
pattern_algorithm	Enumerated	Optional	Defines the algorithm for the pattern. The enumerated values include: credit_card_check_digit korean_resident_registration_number_check_digit none
case_sensitive	String	Optional	Defines whether the pattern regular expression is to be treated as case sensitive or case insensitive. The values include: yes no
pattern_description	Alphanumeric	Optional	Description about the pattern.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1/attacktype_pattern/pattern1 -u 'eyJldCI6IjE0NzA5OTQ4MzMiLCJwYXNzd29yZCI6IjEzMDc4ZTc3MGY2ZGMzMzVmNDZiOWJlYzYx\nMTYxZTVlIiwidXNlciI6ImFkbWluIn0=\n: ' -X PUT -H Content-Type:application/json -d '{"pattern_regex":"12[a-zA-Z][0-8]","pattern_algorithm":"korean_resident_registration_number_check_digit","operating_mode":"off","case_sensitive":"yes","pattern_description":"Created via rest api"}'

Response

{"id":"pattern1","token":"eyJldCI6IjE0NzA5OTU4NTYiLCJwYXNzd29yZCI6Ijg4ODVlZjM1OTAxMjg4ODUzZjljNGNkOGRi\nYzU1YWExIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete an Attack Type Pattern

URL: /v1/attack_types/(attack_type_group_name}/attacktype_pattern/{attack_type_pattern}

Method: DELETE

Description: Deletes the given attack type pattern.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1/attacktype_pattern/pattern1 -u 'eyJldCI6IjE0NzA5OTYzMDgiLCJwYXNzd29yZCI6IjVjNzU5MWI2MTY5ODQ1ZDc2OGFkMjcwMDcx\nNWJkMzU2IiwidXNlciI6ImFkbWluIn0=\n: ' -X DELETE

Response

{"msg":"Successfully deleted","token":"eyJldCI6IjE0NzA5OTYzMzAiLCJwYXNzd29yZCI6IjQxOTRiMDZjN2U1MDI1ZThhN2U3NzQ4YmJl\nYWY4NDNlIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete an Attack Type Group

URL: /v1/attack_types/(attack_type_group_name}

Method: DELETE

Description: Deletes the given attack type group.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1 -u 'eyJldCI6IjE0NzEwMDAyMTAiLCJwYXNzd29yZCI6Ijg4YWNlYjhlODUzNGZhMmEyNDEwNzM0MWUx\nYzkxNDMzIiwidXNlciI6ImFkbWluIn0=\n: ' -X DELETE

Response

{"msg":"Successfully deleted","token":"eyJldCI6IjE0NzEwMDAzNTciLCJwYXNzd29yZCI6ImQ4MGYwZDYzYmQwODM0YjM2NDBjMDU2MmRh\nNTM1NzA1IiwidXNlciI6ImFkbWluIn0=\n"}