We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Custom Parameter Class and Custom Attack Types

  • Last updated on

Custom Parameter Class

Custom Parameter Class defines acceptable values for parameters. A created custom parameter class can be associated with the parameter profile to refine the validation for parameters in a request. You can associate the custom parameter class either by adding a new parameter profile or editing an existing parameter profile on the WEBSITES > Website Profiles > Parameter Profile section.

To Add a Custom Parameter Class

URL: /v1/custom_parameter_class

Method: POST

Description: Creates a parameter class with the specified values.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

name

Alphanumeric

Yes

A name for the custom parameter class.

input_type_validation

Enumeration

Yes

The expected type of value for the parameter configured on the WEBSITES > Website Profiles page. The enumerated values include:

  • numeric
  • hex_number
  • alpha
  • alphanumeric
  • credit_cards
  • date
  • string
  • name
  • custom
  • none

custom_input_type_validation

Enumeration

Optional

The expected custom input data type for the configured parameter. The values are displayed if Input Types pattern is added in the ADVANCED > Libraries page.

denied_metacharacters

String

Optional

The meta-characters to be denied in the parameter value,

blocked_attack_types

Enumeration

Optional

The Attack Types to be matched in a request. The enumerated values include:

  • http_specific_injection
  • ldap_injection
  • apache_struts_attacks
  • python_php_attacks
  • directory_traversal
  • directory_traversal_strict
  • cross_site_scripting
  • remote_file_inclusion
  • sql_injection_strict
  • sql_injection
  • os_command_injection
  • remote_file_inclusion_strict
  • os_command_injection_strict
  • cross_site_scripting_strict

custom_blocked_attack_types

Enumeration

Optional

The custom attack types defined on the ADVANCED > Libraries page (if any).

Example

Request:

curl http://10.11.26.77:8000/restapi/v1/custom_parameter_class -u 'eyJldCI6IjE0NzA5OTY5MzMiLCJwYXNzd29yZCI6IjUwMWY2ZjQ5ODkzYmM2ZGUzMzk1Nzc2NzVl\nNzU1OTFmIiwidXNlciI6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d'{"name":"pc4","input_type_validation":"name","denied_metacharacters":"%00%01%7d%20%18%30%47%29","custom_input_type_validation":"cust_input","blocked_attack_types":["os_command_injection","http_specific_injection","remote_file_inclusion_strict","remote_file_inclusion","ldap_injection","sql_injection","apache_struts_attacks","os_command_injection_strict","sql_injection_strict","cross_site_scripting","cross_site_scripting_strict","python_php_attacks","directory_traversal","directory_traversal_strict"],"custom_blocked_attack_types":["attack1","def-xyz2"]}'

Response:

{"id":"pc4","token":"eyJldCI6IjE0NzA5OTgwNTEiLCJwYXNzd29yZCI6ImQ4YWIzYjY2Y2ZlNzNmZDk3ZTBlNThmMmQz\nZmNmZTUzIiwidXNlciI6ImFkbWluIn0=\n"}

To Update a Custom Parameter Class

 

URL: /v1/custom_parameter_class/{custom_parameter_class_name}

Method: PUT

Description: Updates the values of given parameters in the given parameter class.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

input_type_validation

Enumeration

Optional

The expected type of value for the parameter configured on the WEBSITES > Website Profiles page. The enumerated values include:

  • numeric
  • hex_number
  • alpha
  • alphanumeric
  • credit_cards
  • date
  • string
  • name
  • custom
  • none

custom_input_type_validation

Enumeration

Optional

The expected custom input data type for the configured parameter. The values are displayed if Input Types pattern is added in the ADVANCED > Libraries page.

denied_metacharacters

String

Optional

The meta-characters to be denied in the parameter value,

blocked_attack_types

Enumeration

Optional

The Attack Types to be matched in a request. The enumerated values include:

  • http_specific_injection
  • ldap_injection
  • apache_struts_attacks
  • python_php_attacks
  • directory_traversal
  • directory_traversal_strict
  • cross_site_scripting
  • remote_file_inclusion
  • sql_injection_strict
  • sql_injection
  • os_command_injection
  • remote_file_inclusion_strict
  • os_command_injection_strict
  • cross_site_scripting_strict

custom_blocked_attack_types

Enumeration

Optional

The custom attack types defined on the ADVANCED > Libraries page (if any).

Example

Request

curl http://10.11.26.77:8000/restapi/v1/custom_parameter_class/pc4 -u 'eyJldCI6IjE0NzA5OTk1ODUiLCJwYXNzd29yZCI6ImExMDJiNGQxOTcxMWJlZTllNjBhMTRjNWQ1\nY2M1MDFkIiwidXNlciI6ImFkbWluIn0=\n: ' -X PUT -H Content-Type:application/json -d'{"input_type_validation":"hex_number","denied_metachars":"%00%01","custom_input_type_validation":"type1","blocked_attack_types":["os_command_injection","http_specific_injection","remote_file_inclusion_strict","remote_file_inclusion","ldap_injection","sql_injection","apache_struts_attacks","os_command_injection_strict","sql_injection_strict","cross-site_scripting","cross-site_scripting_strict","python-php_attacks"],"custom_blocked_attack_types":["cust_attack","cust_attack_2"]}'

Response

{"id":"pc10","token":"eyJldCI6IjE0NzA5OTk1ODUiLCJwYXNzd29yZCI6ImExMDJiNGQxOTcxMWJlZTllNjBhMTRjNWQ1\nY2M1MDFkIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete a Custom Parameter Class

URL: /v1/custom_parameter_class/{custom_parameter_class_name}

Method: DELETE

Description: Deletes the given parameter class.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/custom_parameter_class/pc4 -u 'eyJldCI6IjE0NzA5OTg3MjkiLCJwYXNzd29yZCI6IjU3ZTliN2U2NWMwNzY2NTk3OWNiY2M4Mjcz\nNDAzY2JmIiwidXNlciI6ImFkbWluIn0=\n: ' -X DELETE

Response

{"msg":"Successfully deleted","token":"eyJldCI6IjE0NzA5OTg3NDQiLCJwYXNzd29yZCI6IjhiZjdiY2RhNTllN2U3MzQ4NzVmNGNjZDQ4\nYTg4YzU2IiwidXNlciI6ImFkbWluIn0=\n"}

Attack Types

An attack is a technique used to exploit vulnerabilities in web applications. Attacks can insert or modify code in requests. If a request contains an attack pattern, it is dropped. The attack data type container includes patterns for identifying Cross-site Scripting, Remote-file Inclusion, SQL Injection, Directory Traversal, and OS Command Injection attacks. In addition customized attack data types can be created and used.

To Create an Attack Type Group

URL: /v1/attack_types

Method: POST

Description: Creates an attack type group.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

name

Alphanumeric

Yes

Name for the attack type group.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types -u 'eyJldCI6IjE0NzA5OTQ3ODgiLCJwYXNzd29yZCI6ImUyMzk1MWQ4ZGVmODY3YWI3YTg4NjFhMmFj\nNmE3YWJhIiwidXNlciI6ImFkbWluIn0=\n: ' -X POST -H Content-Type:application/json -d'{"name":"attack1"}'

Response

{"id":"attack1","token":"eyJldCI6IjE0NzA5OTQ4MzMiLCJwYXNzd29yZCI6IjEzMDc4ZTc3MGY2ZGMzMzVmNDZiOWJlYzYx\nMTYxZTVlIiwidXNlciI6ImFkbWluIn0=\n"}

To Create an Attack Type Pattern

URL: /v1/attack_types/(attack_type_group_name}/attacktype_pattern

Method: POST

Description: Creates an attack type pattern with the specified values.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

name

Alphanumeric

Yes

A name for the attack type pattern.

operating_mode

String

Yes

Operating mode for the attack pattern. The values include:

  • active: The request matching the attack pattern is blocked and logged on the BASIC > Web Firewall Logs page.
  • passive: The request matching the attack pattern is allowed to pass through and logged on the BASIC > Web Firewall Logs page.
  • off: The attack pattern is exempted from being matched with the requests.

pattern_regex

String

Yes

Defines the regular expression of the pattern. It recognizes the lexical patterns in text. This reads the given input for a specified description pattern. The patterns in the input are written using an extended set of regular expressions. Refer to Regular Expression Notation.

pattern_algorithm

Enumerated

Yes

Defines the algorithm for the pattern. The enumerated values include:

  • credit_card_check_digit
  • korean_resident_registration_number_check_digit
  • none

case_sensitive

String

Optional

Defines whether the pattern regular expression is to be treated as case sensitive or case insensitive. The values include:

  • yes
  • no

pattern_description

Alphanumeric

Optional

Description about the pattern.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1/attacktype_pattern -u 'eyJldCI6IjE0NzA5OTQ4MzMiLCJwYXNzd29yZCI6IjEzMDc4ZTc3MGY2ZGMzMzVmNDZiOWJlYzYx\nMTYxZTVlIiwidXNlciI6ImFkbWluIn0=\n: ' -X POST -H Content-Type:application/json -d'{"name":"pattern1","pattern_regex":"[a-zA-Z]","pattern_algorithm":"credit_card_check_digit","operating_mode":"passive","case_sensitive":"no","pattern_description":"Created via rest api"}'

Response

{"id":"pattern1","token":"eyJldCI6IjE0NzA5OTQ5MjciLCJwYXNzd29yZCI6IjEwODg5MTJjNDlhOTY5YzgzYWU1N2YxYWY1\nM2VjYzM4IiwidXNlciI6ImFkbWluIn0=\n"}

To Update an Attack Type Pattern

URL: /v1/attack_types/(attack_type_group_name}/attacktype_pattern/{attack_type_pattern}

Method: PUT

Description: Updates the attack type pattern with the specified values.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

operating_mode

String

Optional

Operating mode for the attack pattern. The values include:

  • active: The request matching the attack pattern is blocked and logged on the BASIC > Web Firewall Logs page.
  • passive: The request matching the attack pattern is allowed to pass through and logged on the BASIC > Web Firewall Logs page.
  • off: The attack pattern is exempted from being matched with the requests.

pattern_regex

String

Optional

Defines the regular expression of the pattern. It recognizes the lexical patterns in text. This reads the given input for a specified description pattern. The patterns in the input are written using an extended set of regular expressions. Refer to Regular Expression Notation.

pattern_algorithm

Enumerated

Optional

Defines the algorithm for the pattern. The enumerated values include:

  • credit_card_check_digit
  • korean_resident_registration_number_check_digit
  • none

case_sensitive

String

Optional

Defines whether the pattern regular expression is to be treated as case sensitive or case insensitive. The values include:

  • yes
  • no

pattern_description

Alphanumeric

Optional

Description about the pattern.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1/attacktype_pattern/pattern1 -u 'eyJldCI6IjE0NzA5OTQ4MzMiLCJwYXNzd29yZCI6IjEzMDc4ZTc3MGY2ZGMzMzVmNDZiOWJlYzYx\nMTYxZTVlIiwidXNlciI6ImFkbWluIn0=\n: ' -X PUT -H Content-Type:application/json -d '{"pattern_regex":"12[a-zA-Z][0-8]","pattern_algorithm":"korean_resident_registration_number_check_digit","operating_mode":"off","case_sensitive":"yes","pattern_description":"Created via rest api"}'

Response

{"id":"pattern1","token":"eyJldCI6IjE0NzA5OTU4NTYiLCJwYXNzd29yZCI6Ijg4ODVlZjM1OTAxMjg4ODUzZjljNGNkOGRi\nYzU1YWExIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete an Attack Type Pattern

URL: /v1/attack_types/(attack_type_group_name}/attacktype_pattern/{attack_type_pattern}

Method: DELETE

Description: Deletes the given attack type pattern.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1/attacktype_pattern/pattern1 -u 'eyJldCI6IjE0NzA5OTYzMDgiLCJwYXNzd29yZCI6IjVjNzU5MWI2MTY5ODQ1ZDc2OGFkMjcwMDcx\nNWJkMzU2IiwidXNlciI6ImFkbWluIn0=\n: ' -X DELETE

Response

{"msg":"Successfully deleted","token":"eyJldCI6IjE0NzA5OTYzMzAiLCJwYXNzd29yZCI6IjQxOTRiMDZjN2U1MDI1ZThhN2U3NzQ4YmJl\nYWY4NDNlIiwidXNlciI6ImFkbWluIn0=\n"}

To Delete an Attack Type Group

URL: /v1/attack_types/(attack_type_group_name}

Method: DELETE

Description: Deletes the given attack type group.

Example

Request

curl http://10.11.26.77:8000/restapi/v1/attack_types/attack1 -u 'eyJldCI6IjE0NzEwMDAyMTAiLCJwYXNzd29yZCI6Ijg4YWNlYjhlODUzNGZhMmEyNDEwNzM0MWUx\nYzkxNDMzIiwidXNlciI6ImFkbWluIn0=\n: ' -X DELETE

Response

{"msg":"Successfully deleted","token":"eyJldCI6IjE0NzEwMDAzNTciLCJwYXNzd29yZCI6ImQ4MGYwZDYzYmQwODM0YjM2NDBjMDU2MmRh\nNTM1NzA1IiwidXNlciI6ImFkbWluIn0=\n"}

Last updated on