Get the conditions and exceptions of a rule

get https://{hostname}/appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/rules/{ruleId}/condition-exception

List a KRS rule's conditions and exceptions. Products: Kona Site Defender, App & API Protector with the Advanced Security module.

Responses

Response body

object

advancedExceptions

object

Describes the advanced exception members that allow you to conditionally exclude requests from inspection. This is only available for attack groups and when the advanced exception feature is enabled.

conditionOperator

string

Use OR to match any condition, or AND to match on all conditions.

OR AND

conditions

array of objects

The list of match conditions.

conditions

object

caseSensitive

boolean

Whether to consider the case-sensitivity of the provided query parameter value. This only applies to the uriQueryMatch condition type.

clientLists

array of strings

length ≥ 0

The clientLists that trigger the condition. This only applies to the clientListMatch condition type.

clientLists

extensions

array of strings

The file extensions that trigger the condition. This only applies to the extensionMatch condition type.

extensions

filenames

array of strings

The filenames that trigger the condition. This only applies to the filenameMatch condition type.

filenames

header

string

The HTTP header that triggers the condition. This only applies to the requestHeaderMatch condition type.

hosts

array of strings

The hostnames that trigger the condition. This only applies to the hostMatch condition type.

hosts

ips

array of strings

The IPs that trigger the condition. This only applies to the ipMatch condition type.

ips

methods

array of strings

The HTTP request methods that trigger the condition. The possible values are GET, POST, HEAD, PUT, DELETE, OPTIONS, TRACE, CONNECT and PATCH. This only applies to the requestMethodMatch condition type.

methods

name

string

The query parameter name that triggers the condition. This only applies to the uriQueryMatch condition type.

nameCase

boolean

Whether to consider the case-sensitivity of the provided query parameter name. This only applies to the uriQueryMatch condition type.

paths

array of strings

The paths that trigger the condition. This only applies to the pathMatch condition type.

paths

positiveMatch

boolean

required

Whether the condition should trigger on a match (true) or a lack of match (false).

type

string

required

The condition type to match on. See Export condition type values.

hostMatch pathMatch filenameMatch extensionMatch uriQueryMatch ipMatch requestMethodMatch requestHeaderMatch clientListMatch

useHeaders

boolean

Whether the condition should include X-Forwarded-For (XFF) header. This applies to the ipMatch and clientListMatch condition type.

value

string

The query parameter value if the condition type is uriQueryMatch and header value if the condition type is requestHeaderMatch. This only applies when the condition type is uriQueryMatch or requestHeaderMatch.

valueCase

boolean

Whether to consider the case-sensitivity of the provided header value. This only applies to the requestHeaderMatch condition type.

valueWildcard

boolean

Whether the provided header value is a wildcard. This only applies to the requestHeaderMatch condition type.

wildcard

boolean

Whether the provided query parameter value is a wildcard. This only applies to the uriQueryMatch condition type.

headerCookieOrParamValues

array of objects

The list of excepted values in headers, cookies, or query parameters.

headerCookieOrParamValues

object

criteria

array of objects

A list of criteria to limit the scope of this exception.

criteria

object

hostnames

array of strings

The list of excepted hostnames.

hostnames

names

array of strings

required

The list of excepted names.

names*

paths

array of strings

required

The list of excepted paths.

paths*

values

array of strings

required

The list of excepted values.

values*

valueWildcard

boolean

Defaults to false

Whether the provided header name is a wildcard.

values

array of strings

required

The list of request attribute names.

values*

specificHeaderCookieOrParamNameValue

array of objects

Contains details about the excepted name-value pairs in a request.

specificHeaderCookieOrParamNameValue

object

criteria

array of objects

A list of criteria to limit the scope of this exception.

criteria

object

hostnames

array of strings

The list of excepted hostnames.

hostnames

names

array of strings

required

The list of excepted names.

names*

paths

array of strings

required

The list of excepted paths.

paths*

values

array of strings

required

The list of excepted values.

values*

namesValues

array of objects

required

A list of name-value pairs to except.

namesValues*

object

names

array of strings

required

The list of request attribute names.

names*

values

array of strings

The list of request attribute values.

values

selector

string

required

The request attribute to exclude from inspection. See Exception selector values.

REQUEST_COOKIES JSON_PAIRS XML_PAIRS ARGS REQUEST_HEADERS

wildcard

boolean

Defaults to false

Whether the provided header name is a wildcard.

specificHeaderCookieParamXmlOrJsonNames

array of objects

Describes the advanced exception members that allow you to conditionally exclude requests from inspection. This is only available for attack groups and when the advanced exception feature is enabled.

specificHeaderCookieParamXmlOrJsonNames

object

criteria

array of objects

A list of criteria to limit the scope of this exception.

criteria

object

hostnames

array of strings

The list of excepted hostnames.

hostnames

names

array of strings

required

The list of excepted names.

names*

paths

array of strings

required

The list of excepted paths.

paths*

values

array of strings

required

The list of excepted values.

values*

names

array of strings

The list of request attribute names.

names

selector

string

required

The request attribute to exclude from inspection. See Exception selector values.

ARGS_NAMES ARGS REQUEST_HEADERS_NAMES REQUEST_HEADERS REQUEST_COOKIES_NAMES REQUEST_COOKIES JSON_NAMES JSON_PAIRS XML_PAIRS REQUEST_PROTOCOL REQUEST_METHOD REQUEST_URI QUERY_STRING REQUEST_FILENAME REQUEST_PATH_SEGMENT REQUEST_BODY REQBODY_PROCESSOR_ERROR FILES_NAMES

wildcard

boolean

Defaults to false

Whether the provided header name is a wildcard.

conditions

array of objects

The conditions list for a rule.

conditions

object

caseSensitive

boolean

Whether to consider the case-sensitivity of the provided query parameter value. This only applies to the uriQueryMatch condition type.

clientLists

array of strings

length ≥ 0

The clientLists that trigger the condition. This only applies to the clientListMatch condition type.

clientLists

extensions

array of strings

The file extensions that trigger the condition. This only applies to the extensionMatch condition type.

extensions

filenames

array of strings

The filenames that trigger the condition. This only applies to the filenameMatch condition type.

filenames

header

string

The HTTP header that triggers the condition. This only applies to the requestHeaderMatch condition type.

hosts

array of strings

The hostnames that trigger the condition. This only applies to the hostMatch condition type.

hosts

ips

array of strings

The IPs that trigger the condition. This only applies to the ipMatch condition type.

ips

methods

array of strings

methods

name

string

The query parameter name that triggers the condition. This only applies to the uriQueryMatch condition type.

nameCase

boolean

Whether to consider the case-sensitivity of the provided query parameter name. This only applies to the uriQueryMatch condition type.

paths

array of strings

The paths that trigger the condition. This only applies to the pathMatch condition type.

paths

positiveMatch

boolean

required

Whether the condition should trigger on a match (true) or a lack of match (false).

type

string

required

The condition type to match on. See Export condition type values.

hostMatch pathMatch filenameMatch extensionMatch uriQueryMatch ipMatch requestMethodMatch requestHeaderMatch clientListMatch

useHeaders

boolean

Whether the condition should include X-Forwarded-For (XFF) header. This applies to the ipMatch and clientListMatch condition type.

value

string

valueCase

boolean

Whether to consider the case-sensitivity of the provided header value. This only applies to the requestHeaderMatch condition type.

valueWildcard

boolean

Whether the provided header value is a wildcard. This only applies to the requestHeaderMatch condition type.

wildcard

boolean

Whether the provided query parameter value is a wildcard. This only applies to the uriQueryMatch condition type.

exception

object

Describes the exception members that allow you to conditionally exclude requests from inspection.

anyHeaderCookieOrParam

array of strings

The list of request attributes to treat as rule or attack group exceptions. The possible values are REQUEST_COOKIES, JSON_PAIRS for a JSON parameter, XML_PAIRS for an XML parameter, ARGS for a request parameter, and REQUEST_HEADERS for a request header. Use this option if you can't get an exhaustive list of elements to exclude or the list is too large. You can exclude several attributes.

anyHeaderCookieOrParam

headerCookieOrParamValues

array of strings

The list of excepted values in headers, cookies, or query parameters.

headerCookieOrParamValues

specificHeaderCookieOrParamNameValue

object

Contains details about the excepted name-value pair in a request.

specificHeaderCookieOrParamNames

object

Contains details about the excepted request attribute name.

specificHeaderCookieOrParamPrefix

object

Contains details about the excepted request attribute name prefix.

specificHeaderCookieParamXmlOrJsonNames

array of objects

Contains details about the excepted request attribute names. This is only available for attack groups and when advanced exception is not enabled.

specificHeaderCookieParamXmlOrJsonNames

object

names

array of strings

Lists request attribute names, required with several selector options. With wildcard enabled, * represents a sequence and ? represents any single character. For example, * matches any name, and *session matches a subset.

names

selector

string

required

The request attribute to exclude from inspection. The following selectors require a set of names: ARGS_NAMES, ARGS, REQUEST_HEADERS_NAMES, REQUEST_HEADERS, REQUEST_COOKIES_NAMES, REQUEST_COOKIES, JSON_NAMES, JSON_PAIRS, and XML_PAIRS. See Exception selector values.

wildcard

boolean

Defaults to false

Whether you can specify wildcards to flexibly match names, either * for any set of characters, or ? for any single character.

Language

Authentication

Remember to add your authentication credentials to run this code.

URL


xxxxxxxxxx
1
curl --request GET \
2
     --url https://hostname/appsec/v1/configs/configId/versions/versionNumber/security-policies/policyId/rules/ruleId/condition-exception \
3
     --header 'accept: application/json'


xxxxxxxxxx
132
}
1
{
2
  "advancedExceptions": {
3
    "conditionOperator": "AND",
4
    "conditions": [
5
      {
6
        "extensions": [
7
          "test"
8
        ],
9
        "positiveMatch": true,
10
        "type": "extensionMatch"
11
      },
12
      {
13
        "filenames": [
14
          "test2"
15
        ],
16
        "positiveMatch": true,
17
        "type": "filenameMatch"
18
      },
19
      {
20
        "hosts": [
21
          "www.test.com"
22
        ],
23
        "positiveMatch": true,
24
        "type": "hostMatch"
25
      },

200Successfully retrieved the rule conditions and exceptions.

400Invalid. Client error, such as invalid or malformed input.

404Not found. The named security policy doesn't exist, doesn't carry application layer controls, or no rule with this ID is available for use in this policy.

500Internal server error. Something went wrong on our side. Try again in a few minutes, and contact support if the error persists.