It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Content Rule

  • Last updated on

Rules are used to configure content-aware switching over incoming web traffic. Rules help analyze an HTTP request headers to make load balancing and caching policy decisions.

To Create a Content Rule

URL: /v1/virtual_services/{virtual_service_id}/content_rules
Method: POST
Description: Creates a content rule for the given service.
Parameter Name Data Type Mandatory Description
Input Parameters:      
name Alphanumeric Yes A name for the content rule.
status String Optional

The status of the content rule. The values include:

  • on
  • off
web_firewall_policy Enumeration Optional

A web firewall policy to be associated with the content rule..

The enumerated values include:

  • default
  • sharepoint
  • sharepoint2013
  • owa
  • owa2010
  • owa2013 
  • oracle
host_match Alphanumeric Yes A host name to be matched against the host in the request header.
url_match URL Yes A URL to be matched to the URL in the request header.
extended_match String Yes An expression that consists of a combination of HTTP headers and/or query string parameters.

For information on how to write extended match expressions, refer to Extended Match Syntax Help
extended_match_sequence Numeric Yes A number to indicate the order in which the extended match rule must be evaluated in the requests.
Example:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules -u 'eyJldCI6IjEzODAwNzQ0NjgiLCJwYXNzd29yZCI6IjY4MjdkMmNmY2MxYzI4ODY3ODU2NTM3NGQ1\nOTIxM2FlIiwidXNlciI6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d '{"name":"rule1","host_match":"www.barracuda.com","url_match":"/index.html","extended_match":"*", "extended_match_sequence":5}'

Response:

{"id":"rule1","token":"eyJldCI6IjEzODAwNzY4NTgiLCJwYXNzd29yZCI6IjIyZThiZjhkYWFiYTY3MWQ2YzcyNzhhNGI4\nZWE1YWYwIiwidXNlciI6ImFkbWluIn0=\n"}

To Retrieve Content Rules

URL:  /v1/virtual_services/{virtual_service_id}/content_rules

          /v1/virtual_services/{virtual_service_id}/content_rules/{rule_id}
Method: GET
Description: Lists all content rules if “rule_id” is not specified.
Parameter Name Data Type Mandatory Description
Input Parameters:      
parameters Alphanumeric Optional Any specific parameter name that needs to be retrieved. See Example 2.
Example 1:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules/rule1 -u 'eyJldCI6IjEzODAwNzQ0NjgiLCJwYXNzd29yZCI6IjY4MjdkMmNmY2MxYzI4ODY3ODU2NTM3NGQ1\nOTIxM2FlIiwidXNlciI6ImFkbWluIn0=\n:' -X GET

Response:

{"lb_algorithm":"round_robin","extended_match_sequence":"5","name":"rule1","host_match":"www.barracuda.com","comments":"","extended_match":"*","service_name":"demo_service","url_match":"/index.html","id":"rule1","servers":[],"token":"eyJldCI6IjEzODAwNzc0NjkiLCJwYXNzd29yZCI6ImFkYzdlZDVlZDkxNzc5Mjc1ZDA1OGQ0ZjM3\nZjk4NWMwIiwidXNlciI6ImFkbWluIn0=\n","persistence_method":"NONE"}

Example 2:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules/rule1 -u 'eyJldCI6IjE1MDE4NDAxMTciLCJwYXNzd29yZCI6IjdhNDQyN2I1ODAxMGM2MTBiYWM5NGRiNGVj\nNTY3ZDFlIiwidXNlciI6ImFkbWluIn0=\n:' -X GET -G -d parameters=host_match,url_match

Response:

{"url_match":"/index.html","id":"rule1","token":"eyJldCI6IjE1MDQ0MDk2ODEiLCJwYXNzd29yZCI6IjRkYmZlZjAyMDhjMzBlMDY1ODU3NGRlMTY0\nNTE2MDY4IiwidXNlciI6ImFkbWluIn0=\n","host_match":"www.barracuda.com"}

To Update a Content Rule

URL: /v1/virtual_services/{virtual_service_id}/content_rules/{rule_id}
Method: PUT
Description: Updates the values of given parameters in the given content rule.
Parameter Name Data Type Mandatory Description
Input Parameters:      
status String Optional

The status of the content rule. The values include:

  • on
  • off
web_firewall_policy Enumeration Optional

A web firewall policy to be associated with the content rule.

The enumerated values include:

  • default
  • sharepoint
  • sharepoint2013
  • owa
  • owa2010
  • owa2013 
  • oracle
host_match Alphanumeric Optional The host name to be matched against the host in the request header. 
url_match URL Optional The URL to be matched to the URL in the request header.
extended_match String Optional

The expression that consists of a combination of HTTP headers and/or query string parameters.

Updating extended match parameters value is shown in the example below. See Example 2.
 

For information on how to write extended match expressions, refer to Extended Match Syntax Help.
extended_match_sequence Numeric Optional The number to indicate the order in which the extended match rule must be evaluated in the requests.
load_balance.algorithm Enumeration Optional

The algorithm to be used for load balancing. The enumerated values include:

  • round_robin
  • weighted_round_robin
  • least_requests
load_balance.persistence_method Enumeration Optional

The Persistence Method to be used to maintain the connection between a client and the first server that it connects to, even when the system is load balancing traffic.

The enumerated values include:

  • none
  • source_ip
    • source_ip_netmask
  • cookie_insert
    • persistence_cookie_name
    • persistence_cookie_domain
    • persistence_cookie_path
    • cookie_age
  • cookie_passive
    • persistence_cookie_name
    • persistence_cookie_domain
    • persistence_cookie_path
    • cookie_age
  • http_header
    • header_name
  • url_parameter
    • parameter_name
load_balance.failover_method Enumeration Optional

The failover method to be used when responding to a request which is persistent, but the server that must serve the request is failed or set to "Out-of-Service".

The enumerated values include:

  • load_balance - The requests to be load balanced between the "alive" servers.
  • error - Sends "503 service unavailable" error message. This method is not supported for the persistence method "Source IP".
load_balance. persistence_idle_timeout Numeric Optional The maximum idle time (in seconds) for a persistent connection. A client is directed to the same Real Server unless the connection is inactive for more than the specified number of seconds.
source_ip_netmask Numeric Conditional

A subnet mask to make subsequent connections from clients, from the same subnet go to the same Real Server.

 

Note: This is required ONLY when Persistence Method is source_ip.
persistence_cookie_name Alphanumeric Conditional

The name of the cookie that will be used for persistence.

 

Note: This is required ONLY when Persistence Method is cookie_insert or cookle_passive.
persistence_cookie_path URL Optional

The path property of the persistency cookie.

 

Note: This is required ONLY when Persistence Method is cookie_insert or cookle_passive.
persistence_cookie_domain Alphanumeric Optional

The domain name of the server of a persistency cookie.

 

Note: This is required ONLY when Persistence Method is cookie_insert or cookle_passive.
cookie_age Numeric Conditional The expiry age of the persistence cookie in minutes.
header_name Alphanumeric Conditional

The name of the header for which the value needs to be checked in the HTTP requests.

 

Note: This is required ONLY when Persistence Method is http_header.
parameter_name Alphanumeric Conditional

The name of the parameter for which the value needs to be checked in the URL.

 

Note: This is required ONLY when Persistence Method is url_parameter.
Comments Alphanumeric   Description about the content rule.
Example 1:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules/rule1 -u 'eyJldCI6IjEzODAwNzQ0NjgiLCJwYXNzd29yZCI6IjY4MjdkMmNmY2MxYzI4ODY3ODU2NTM3NGQ1\nOTIxM2FlIiwidXNlciI6ImFkbWluIn0=\n:' -X PUT -H Content-Type:application/json -d '{"url_match":"/barracuda.html"}'

Response:

{"id":"rule1","token":"eyJldCI6IjEzODAwNzc1ODkiLCJwYXNzd29yZCI6IjcwNTlhMmNjNjlmOTI2NjA1OWY2YmU1ZDc2\nOTI5OTg5IiwidXNlciI6ImFkbWluIn0=\n"}

Example 2:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules/rule1 -u 'eyJldCI6IjEzODAwNzQ0NjgiLCJwYXNzd29yZCI6IjY4MjdkMmNmY2MxYzI4ODY3ODU2NTM3NGQ1\nOTIxM2FlIiwidXNlciI6ImFkbWluIn0=\n:' -X PUT -H Content-Type:application/json -d '{"url_match":"/*","extended_match":"(Method eq GET) && (HTTP-Version eq HTTP/0.9) && (Header  User-Agent eq mozilla)"}'

Response:

{"id":"rule1","token":"eyJldCI6IjEzODAwNzQ0NjgiLCJwYXNzd29yZCI6IjY4MjdkMmNmY2MxYzI4ODY3ODU2NTM3NGQ1\nOTIxM2FlIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete a Content Rule

URL: /v1/virtual_services/{virtual_service_id}/content_rules/{rule_id}
Method: DELETE
Description: Deletes the given content rule.
Example:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules/rule1 -u  'eyJldCI6IjEzODAyMzczMDciLCJwYXNzd29yZCI6IjM1MGM0MDQxYzA1NTEwZTcwNmYwZDBmNmE5\nNWMyN2U5IiwidXNlciI6ImFkbWluIn0=\n:' -X DELETE

Response:

{"msg":"Successfully deleted","token":"eyJldCI6IjEzODAyMzk5NjciLCJwYXNzd29yZCI6ImNmNGUzYmM4OTUwMzI0NTg4OWEzMzM0ZjYz\nZmQ3MDZmIiwidXNlciI6ImFkbWluIn0=\n"}