API

Application Security API
API summary
OpenAPI schema
Get Started
- Set up your API token
API concepts
API workflows
Rate limiting
Enumeration values
Errors
- 400
- 401
- 403
- 404
- 409
- 429

Security policies

General policy settings
Rate policy actions
- List rate policy actionsget
- Modify a rate policy actionput
IP/Geo Firewall settings
- Get IP/Geo Firewall settingsget
- Modify IP/Geo Firewall settingsput
Attack payload logs
- Get attack payload logging settings for a policyget
- Modify attack payload logging settings for a policyput
HTTP header logs
- Get HTTP header log settingsget
- Modify HTTP header log settingsput
Client reputation
Custom rule actions
- List custom rule actionsget
- Modify a custom rule actionput
Reputation analysis
- Get reputation analysis settingsget
- Modify reputation analysis settingsput
URL protection policy actions
- List URL protection policy actionsget
- Modify a URL protection policy actionput
Pragma settings
- Get Pragma settings for a security policyget
- Modify Pragma settings for a security policyput
API request constraints
Evasive path match
- Get evasive path match settingsget
- Modify evasive path match settingsput
Malware policy actions
- List malware policy actionsget
- Modify a malware policy actionput
Request body inspection limits
- Get request body inspection limit settings for a security policyget
- Modify request body size settings for a security policyput
API endpoints
- List API endpointsget
Slow POST protections
- Get slow POST protection settingsget
- Modify slow POST protection settingsput
WAF rules: General settings
Protections
- Get protectionsget
- Modify protectionsput
WAF rules: Penalty box
- Get the penalty boxget
- Modify the penalty boxput
WAF rules: Penalty box conditions
- Get penalty box conditionget
- Modify the penalty box conditionsput
WAF rules: Tuning recommendations
WAF rules: Attack groups
WAF rules: Update mode
- Get the current modeget
- Modify the modeput
WAF rules: Rapid rules
Challenge actions
Behavioral DDoS profile actions
- List Behavioral DDoS profile actionsget
- Modify a Behavioral DDoS profile actionput
Bypass network lists
- Get the bypass network lists settings for a security policyget
- Modify the bypass network lists settings for a security policyput
Client-Side Protections & Compliance
- Get Client-Side Protection & Compliance settingsget
- Modify Client-Side Protections & Compliance settingsput
Hostnames
- List selected hostnames for a security policyget
- Modify selected hostnames for a security policyput

Configuration settings

General configuration settings
Match targets
Prefetch requests
- Get prefetch requestsget
- Modify prefetch requestsput
Shared resources: Rate policies
SIEM settings
URL protection policies
Hostnames
Shared resources: Malware policies
Shared resources: Custom rules
PII learning
- Get PII learning settings for a configurationget
- Enable PII learning settings for a configurationput
Shared resources: Custom deny actions
Bypass network lists
- Get bypass network lists settingsget
- Modify the bypass network lists settingsput
Failover hostnames
- List failover hostnamesget
Shared resources: Reputation profiles
Request body size
- Get request body size settings for a configurationget
- Modify request body inspection limit settings for a configurationput
Cookie Settings
- Get cookie settingsget
- Modify cookie settingsput
Evasive path match
- Get evasive path match settings for a configurationget
- Modify evasive path match settings for a configurationput
HTTP header logs
- Get the HTTP header log settings for a configurationget
- Modify HTTP header log settings for a configurationput
Attack payload logs
- Get the attack payload log settings for a configurationget
- Modify attack payload log settings for a configurationput
Pragma settings
- Get Pragma settings for a configurationget
- Modify Pragma settings for a configurationput
Behavioral DDoS profiles
Behavioral DDoS protection profiles
- Get a Behavioral DDoS profileget
- Modify a Behavioral DDoS profileput

Evaluation mode

Security policy: Conditions and exceptions
Security policy: Evaluation hostnames
Security policy: Evaluation mode
- Set evaluation modepost
Security policy: Evaluation penalty box
- Get the penalty box for a policy in evaluation modeget
- Modify the evaluation penalty boxput
Security policy: Evaluation rules
Security policy: Evaluation attack groups
WAF rules: Evaluation Penalty box conditions
- Get penalty box conditions in evaluation modeget
- Modify the penalty box conditions in evaluation modeput
Configuration: Evaluation hostnames

Activation and export

Activations
- Activate a configuration versionpost
Configuration version export
- Export a configuration versionget
Activation history
- List activation historyget
Activation status
- Get an activation request statusget
- Get activation statusget
Configuration version diff
- Compare two versionspost

Utilities and account data

Discovered APIs
- List discovered APIsget
- Get a discovered APIget
Subscriptions
- Subscribe or unsubscribe to recommendation emailspost
- List subscribersget
Endpoints
Contracts and groups
- List contracts and groupsget
Available hostnames
- List available hostnames for a new configurationget
Hostname coverage
- Get hostname coverageget
CVE Protections lookup

Self-service onboardings

Onboarding: Creation and settings
Onboarding: Activations and status
- Activate an onboardingpost
- Get an onboarding activationget
Onboarding: Post-activation validation

Get the penalty box for a policy in evaluation mode

get https://{hostname}/appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/eval-penalty-box

Beta, All products Returns the penalty box settings for a security policy in evaluation mode. When the penalty box is enabled for a policy, clients that trigger a Web Application Firewall deny action are placed in the penalty box. There, the action you select for penalty box (either alert or deny) continues to apply to any requests from that client for the next 10 minutes.

Path Params

configId

int64

required

A unique identifier for each configuration.

versionNumber

integer

required

A unique identifier for each version of a configuration.

policyId

string

required

A unique identifier for a security policy.

Query Params

accountSwitchKey

string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Responses

Response body

object

action

required

penaltyBoxProtection

boolean

required

Specifies whether penalty box protection is enabled for the security policy. When set to true the action occurs if triggered by a request.

Response body

object

detail

string

required

The detailed error message.

fieldErrors

object

Pointers to fields for which invalid input was provided, whose values are messages detailing the reason this input was invalid for this field.

Has additional fields

instance

string

required

The non-referenceable URI that indicates the error instance.

status

integer

required

The HTTP status code.

title

string

required

The error title.

type

string

required

The URL for the error type.

Response body

object

detail

string

required

The detailed error message.

fieldErrors

object

Pointers to fields for which invalid input was provided, whose values are messages detailing the reason this input was invalid for this field.

Has additional fields

instance

string

required

The non-referenceable URI that indicates the error instance.

status

integer

required

The HTTP status code.

title

string

required

The error title.

type

string

required

The URL for the error type.

Response body

object

detail

string

required

The detailed error message.

fieldErrors

object

Pointers to fields for which invalid input was provided, whose values are messages detailing the reason this input was invalid for this field.

Has additional fields

instance

string

required

The non-referenceable URI that indicates the error instance.

status

integer

required

The HTTP status code.

title

string

required

The error title.

type

string

required

The URL for the error type.

Updated about 2 months ago

Set evaluation mode

Modify the evaluation penalty box

Did this page help you?

Language

Authentication

Remember to add your authentication credentials to run this code.

URL


xxxxxxxxxx
1
curl --request GET \
2
     --url https://hostname/appsec/v1/configs/configId/versions/versionNumber/security-policies/policyId/eval-penalty-box \
3
     --header 'accept: application/json'


xxxxxxxxxx
 
1
{
2
  "action": "alert",
3
  "penaltyBoxProtection": true
4
}

Updated about 2 months ago

Set evaluation mode

Modify the evaluation penalty box

Did this page help you?

API
Application Security API
API summary
Get Started
API concepts
API workflows
Diff configuration versions
Export a configuration version
Add a new custom rule to a configuration
Add a new hostname to a configuration
Activate with invalid hostnames
Rate limiting
Enumeration values
Logging option values (Beta)
Recommendation selector values
Exception selector values
Deny name values
CustomRule condition type values
Condition values
Export header values
Export match condition type values
Export condition type values
Errors
429
409
404
403
401
400

Security policies
General policy settings
Remove a security policydelete
Modify a security policyput
Get a security policyget
List security policiesget
Clone or create a security policypost
Rate policy actions
Modify a rate policy actionput
List rate policy actionsget
IP/Geo Firewall settings
Modify IP/Geo Firewall settingsput
Get IP/Geo Firewall settingsget
Attack payload logs
Modify attack payload logging settings for a policyput
Get attack payload logging settings for a policyget
HTTP header logs
Modify HTTP header log settingsput
Get HTTP header log settingsget
Client reputation
Modify the action for a reputation profileput
Get the action for a reputation profileget
List reputation profile actionsget
Custom rule actions
Modify a custom rule actionput
List custom rule actionsget
Reputation analysis
Modify reputation analysis settingsput
Get reputation analysis settingsget
URL protection policy actions
Modify a URL protection policy actionput
List URL protection policy actionsget
Pragma settings
Modify Pragma settings for a security policyput
Get Pragma settings for a security policyget
API request constraints
Modify an API request constraint's actionput
Modify the request constraint action for all APIsput
List API request constraints and actionsget
Evasive path match
Modify evasive path match settingsput
Get evasive path match settingsget
Malware policy actions
Modify a malware policy actionput
List malware policy actionsget
Request body inspection limits
Modify request body size settings for a security policyput
Get request body inspection limit settings for a security policyget
API endpoints
List API endpointsget
Slow POST protections
Modify slow POST protection settingsput
Get slow POST protection settingsget
WAF rules: General settings
Modify the conditions and exceptions of a ruleput
Get the conditions and exceptions of a ruleget
Modify the action for a ruleput
Get the action for a ruleget
Get upgrade detailsget
Modify adaptive intelligence settingsput
Get adaptive intelligence settingsget
Upgrade KRS rulesetput
List rulesget
Protections
Modify protectionsput
Get protectionsget
WAF rules: Penalty box
Modify the penalty boxput
Get the penalty boxget
WAF rules: Penalty box conditions
Modify the penalty box conditionsput
Get penalty box conditionget
WAF rules: Tuning recommendations
List tuning recommendations for a ruleget
List tuning recommendations for an attack groupget
Get tuning recommendations for a policyget
Respond to exception recommendationspost
WAF rules: Attack groups
Modify the exceptions of an attack groupput
Get the exceptions of an attack groupget
Modify the action for an attack groupput
Get the action for an attack groupget
List attack groupsget
WAF rules: Update mode
Modify the modeput
Get the current modeget
WAF rules: Rapid rules
Update a rapid rule's actionput
Get a rapid rule's actionget
Update a rapid rule's lock statusput
Get a rapid rule's lock statusget
Update a rapid rule's conditions and exceptionsput
List a rapid rule's conditions and exceptionsget
Update rapid rules' statusput
Get rapid rules' statusget
Update rapid rules' default actionput
Get rapid rules' default actionget
List rapid rulesget
Challenge actions
Update Google reCAPTCHA secret keyput
Delete a challenge actiondelete
Update a challenge actionput
Get a challenge actionget
List challenge actionsget
Create a challenge actionpost
Behavioral DDoS profile actions
Modify a Behavioral DDoS profile actionput
List Behavioral DDoS profile actionsget
Bypass network lists
Modify the bypass network lists settings for a security policyput
Get the bypass network lists settings for a security policyget
Client-Side Protections & Compliance
Modify Client-Side Protections & Compliance settingsput
Get Client-Side Protection & Compliance settingsget
Hostnames
Modify selected hostnames for a security policyput
List selected hostnames for a security policyget

Configuration settings
General configuration settings
Modify version notesput
Get the version notesget
Delete a configuration versiondelete
Get configuration version detailsget
List configuration versionsget
Clone a configuration versionpost
Delete a configurationdelete
Rename a security configurationput
Get a security configurationget
List configurationsget
Create a configurationpost
Match targets
Remove a match targetdelete
Modify a match targetput
Get a match targetget
Modify match target orderput
List match targetsget
Create a match targetpost
Get the hostname coverage match targetsget
Prefetch requests
Modify prefetch requestsput
Get prefetch requestsget
Shared resources: Rate policies
Modify a rate policy evaluationput
Remove a rate policydelete
Modify a rate policyput
Get a rate policyget
List rate policiesget
Create a rate policypost
SIEM settings
Get SIEM versionsget
Modify SIEM settingsput
Get SIEM settingsget
URL protection policies
Remove a URL protection policydelete
Modify a URL protection policyput
Get a URL protection policyget
List URL protection policiesget
Create a URL protection policypost
Hostnames
Modify selected hostnamesput
List selected hostnamesget
List selectable hostnamesget
List hostname overlapsget
Shared resources: Malware policies
Remove a malware policydelete
Modify a malware policyput
Get a malware policyget
List supported malware policy content typesget
List malware policiesget
Create a malware policypost
Shared resources: Custom rules
Remove a custom ruledelete
Modify a custom ruleput
Get a custom ruleget
List custom rulesget
Create a custom rulepost
PII learning
Enable PII learning settings for a configurationput
Get PII learning settings for a configurationget
Shared resources: Custom deny actions
Remove a custom deny actiondelete
Modify a custom deny actionput
Get a custom deny actionget
List custom deny actionsget
Create a custom deny actionpost
Bypass network lists
Modify the bypass network lists settingsput
Get bypass network lists settingsget
Failover hostnames
List failover hostnamesget
Shared resources: Reputation profiles
Remove a reputation profiledelete
Modify a reputation profileput
Get a reputation profileget
List reputation profilesget
Create a reputation profilepost
Request body size
Modify request body inspection limit settings for a configurationput
Get request body size settings for a configurationget
Cookie Settings
Modify cookie settingsput
Get cookie settingsget
Evasive path match
Modify evasive path match settings for a configurationput
Get evasive path match settings for a configurationget
HTTP header logs
Modify HTTP header log settings for a configurationput
Get the HTTP header log settings for a configurationget
Attack payload logs
Modify attack payload log settings for a configurationput
Get the attack payload log settings for a configurationget
Pragma settings
Modify Pragma settings for a configurationput
Get Pragma settings for a configurationget
Behavioral DDoS profiles
Remove a Behavioral DDoS profiledelete
List Behavioral DDoS profilesget
Create a Behavioral DDoS profilepost
Behavioral DDoS protection profiles
Modify a Behavioral DDoS profileput
Get a Behavioral DDoS profileget

Evaluation mode
Security policy: Conditions and exceptions
Modify the conditions and exceptions for an evaluation ruleput
Get the conditions and exceptions for an evaluation ruleget
Modify the exceptions of an evaluation attack groupput
Get the exceptions of an evaluation attack groupget
Security policy: Evaluation hostnames
Protect evaluation hostnames for a security policyput
Modify evaluation hostnames for a security policyput
List evaluation hostnames for a security policyget
Security policy: Evaluation mode
Set evaluation modepost
Security policy: Evaluation penalty box
Modify the evaluation penalty boxput
Get the penalty box for a policy in evaluation modeget
Security policy: Evaluation rules
Modify the action of an evaluation ruleput
Get the action of an evaluation ruleget
List evaluation rulesget
Security policy: Evaluation attack groups
Modify the action for an evaluation attack groupput
Get the action for an evaluation attack groupget
List evaluation attack groupsget
WAF rules: Evaluation Penalty box conditions
Modify the penalty box conditions in evaluation modeput
Get penalty box conditions in evaluation modeget
Configuration: Evaluation hostnames
Modify evaluation hostnamesput
List evaluation hostnamesget
Protect evaluation hostnamesput

Activation and export
Activations
Activate a configuration versionpost
Configuration version export
Export a configuration versionget
Activation history
List activation historyget
Activation status
Get activation statusget
Get an activation request statusget
Configuration version diff
Compare two versionspost

Utilities and account data
Discovered APIs
Get a discovered APIget
List discovered APIsget
Subscriptions
List subscribersget
Subscribe or unsubscribe to recommendation emailspost
Endpoints
List discovered API endpointsget
Create an endpoint or resourcepost
Modify an API's visibilityput
Contracts and groups
List contracts and groupsget
Available hostnames
List available hostnames for a new configurationget
Hostname coverage
Get hostname coverageget
CVE Protections lookup
Get CVE coverageget
Get a CVEget
Unsubscribe from CVEspost
List subscribed CVEsget
Subscribe to CVEspost
List CVEsget

Self-service onboardings
Onboarding: Creation and settings
Modify onboarding settingsput
Get onboarding settingsget
Delete an onboardingdelete
Get an onboardingget
List onboardingsget
Create an onboardingpost
Onboarding: Activations and status
Get an onboarding activationget
Activate an onboardingpost
Onboarding: Post-activation validation
Validate origin hostnames DNS recordspost
Skip origin hostnames DNS record validationpost
List origin hostname DNS recordsget
Validate hostname CNAME DNS recordspost
List hostname CNAME DNS recordsget
Validate onboarding certificatepost
List onboarding certificate challengesget

200Successfully retrieved penalty box protection settings for a security policy in evaluation mode.

400Invalid. Client error, such as invalid or malformed input.

404Not found. The named security policy doesn't exist, doesn't carry application layer controls, or no rule with this ID is available for use in this policy.

500Internal server error. Something went wrong on our side. Try again in a few minutes, and contact support if the error persists.