Get the conditions and exceptions of a rule

List a KRS rule's conditions and exceptions. Products: Kona Site Defender, App & API Protector with the Advanced Security module.

Path Params
int64
required

A unique identifier for each configuration.

integer
required

A unique identifier for each version of a configuration.

string
required

A unique identifier for a security policy.

integer
required

A unique identifier for rule.

Query Params
string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Responses

Response body
object
advancedExceptions
object

Describes the advanced exception members that allow you to conditionally exclude requests from inspection. This is only available for attack groups and when the advanced exception feature is enabled.

string

Use OR to match any condition, or AND to match on all conditions.

OR AND

conditions
array of objects

The list of match conditions.

conditions
object
boolean

Whether to consider the case-sensitivity of the provided query parameter value. This only applies to the uriQueryMatch condition type.

clientLists
array of strings
length ≥ 0

The clientLists that trigger the condition. This only applies to the clientListMatch condition type.

clientLists
extensions
array of strings

The file extensions that trigger the condition. This only applies to the extensionMatch condition type.

extensions
filenames
array of strings

The filenames that trigger the condition. This only applies to the filenameMatch condition type.

filenames
string

The HTTP header that triggers the condition. This only applies to the requestHeaderMatch condition type.

hosts
array of strings

The hostnames that trigger the condition. This only applies to the hostMatch condition type.

hosts
ips
array of strings

The IPs that trigger the condition. This only applies to the ipMatch condition type.

ips
methods
array of strings

The HTTP request methods that trigger the condition. The possible values are GET, POST, HEAD, PUT, DELETE, OPTIONS, TRACE, CONNECT and PATCH. This only applies to the requestMethodMatch condition type.

methods
string

The query parameter name that triggers the condition. This only applies to the uriQueryMatch condition type.

boolean

Whether to consider the case-sensitivity of the provided query parameter name. This only applies to the uriQueryMatch condition type.

paths
array of strings

The paths that trigger the condition. This only applies to the pathMatch condition type.

paths
boolean
required

Whether the condition should trigger on a match (true) or a lack of match (false).

string
required

The condition type to match on. See Export condition type values.

hostMatch pathMatch filenameMatch extensionMatch uriQueryMatch ipMatch requestMethodMatch requestHeaderMatch clientListMatch

boolean

Whether the condition should include X-Forwarded-For (XFF) header. This applies to the ipMatch and clientListMatch condition type.

string

The query parameter value if the condition type is uriQueryMatch and header value if the condition type is requestHeaderMatch. This only applies when the condition type is uriQueryMatch or requestHeaderMatch.

boolean

Whether to consider the case-sensitivity of the provided header value. This only applies to the requestHeaderMatch condition type.

boolean

Whether the provided header value is a wildcard. This only applies to the requestHeaderMatch condition type.

boolean

Whether the provided query parameter value is a wildcard. This only applies to the uriQueryMatch condition type.

headerCookieOrParamValues
array of objects

The list of excepted values in headers, cookies, or query parameters.

headerCookieOrParamValues
object
criteria
array of objects

A list of criteria to limit the scope of this exception.

criteria
object
hostnames
array of strings

The list of excepted hostnames.

hostnames
names
array of strings
required

The list of excepted names.

names*
paths
array of strings
required

The list of excepted paths.

paths*
values
array of strings
required

The list of excepted values.

values*
boolean
Defaults to false

Whether the provided header name is a wildcard.

values
array of strings
required

The list of request attribute names.

values*
specificHeaderCookieOrParamNameValue
array of objects

Contains details about the excepted name-value pairs in a request.

specificHeaderCookieOrParamNameValue
object
criteria
array of objects

A list of criteria to limit the scope of this exception.

criteria
object
hostnames
array of strings

The list of excepted hostnames.

hostnames
names
array of strings
required

The list of excepted names.

names*
paths
array of strings
required

The list of excepted paths.

paths*
values
array of strings
required

The list of excepted values.

values*
namesValues
array of objects
required

A list of name-value pairs to except.

namesValues*
object
names
array of strings
required

The list of request attribute names.

names*
values
array of strings

The list of request attribute values.

values
string
required

The request attribute to exclude from inspection. See Exception selector values.

REQUEST_COOKIES JSON_PAIRS XML_PAIRS ARGS REQUEST_HEADERS

boolean
Defaults to false

Whether the provided header name is a wildcard.

specificHeaderCookieParamXmlOrJsonNames
array of objects

Describes the advanced exception members that allow you to conditionally exclude requests from inspection. This is only available for attack groups and when the advanced exception feature is enabled.

specificHeaderCookieParamXmlOrJsonNames
object
criteria
array of objects

A list of criteria to limit the scope of this exception.

criteria
object
hostnames
array of strings

The list of excepted hostnames.

hostnames
names
array of strings
required

The list of excepted names.

names*
paths
array of strings
required

The list of excepted paths.

paths*
values
array of strings
required

The list of excepted values.

values*
names
array of strings

The list of request attribute names.

names
string
required

The request attribute to exclude from inspection. See Exception selector values.

ARGS_NAMES ARGS REQUEST_HEADERS_NAMES REQUEST_HEADERS REQUEST_COOKIES_NAMES REQUEST_COOKIES JSON_NAMES JSON_PAIRS XML_PAIRS REQUEST_PROTOCOL REQUEST_METHOD REQUEST_URI QUERY_STRING REQUEST_FILENAME REQUEST_PATH_SEGMENT REQUEST_BODY REQBODY_PROCESSOR_ERROR FILES_NAMES

boolean
Defaults to false

Whether the provided header name is a wildcard.

conditions
array of objects

The conditions list for a rule.

conditions
object
boolean

Whether to consider the case-sensitivity of the provided query parameter value. This only applies to the uriQueryMatch condition type.

clientLists
array of strings
length ≥ 0

The clientLists that trigger the condition. This only applies to the clientListMatch condition type.

clientLists
extensions
array of strings

The file extensions that trigger the condition. This only applies to the extensionMatch condition type.

extensions
filenames
array of strings

The filenames that trigger the condition. This only applies to the filenameMatch condition type.

filenames
string

The HTTP header that triggers the condition. This only applies to the requestHeaderMatch condition type.

hosts
array of strings

The hostnames that trigger the condition. This only applies to the hostMatch condition type.

hosts
ips
array of strings

The IPs that trigger the condition. This only applies to the ipMatch condition type.

ips
methods
array of strings

The HTTP request methods that trigger the condition. The possible values are GET, POST, HEAD, PUT, DELETE, OPTIONS, TRACE, CONNECT and PATCH. This only applies to the requestMethodMatch condition type.

methods
string

The query parameter name that triggers the condition. This only applies to the uriQueryMatch condition type.

boolean

Whether to consider the case-sensitivity of the provided query parameter name. This only applies to the uriQueryMatch condition type.

paths
array of strings

The paths that trigger the condition. This only applies to the pathMatch condition type.

paths
boolean
required

Whether the condition should trigger on a match (true) or a lack of match (false).

string
required

The condition type to match on. See Export condition type values.

hostMatch pathMatch filenameMatch extensionMatch uriQueryMatch ipMatch requestMethodMatch requestHeaderMatch clientListMatch

boolean

Whether the condition should include X-Forwarded-For (XFF) header. This applies to the ipMatch and clientListMatch condition type.

string

The query parameter value if the condition type is uriQueryMatch and header value if the condition type is requestHeaderMatch. This only applies when the condition type is uriQueryMatch or requestHeaderMatch.

boolean

Whether to consider the case-sensitivity of the provided header value. This only applies to the requestHeaderMatch condition type.

boolean

Whether the provided header value is a wildcard. This only applies to the requestHeaderMatch condition type.

boolean

Whether the provided query parameter value is a wildcard. This only applies to the uriQueryMatch condition type.

exception
object

Describes the exception members that allow you to conditionally exclude requests from inspection.

anyHeaderCookieOrParam
array of strings

The list of request attributes to treat as rule or attack group exceptions. The possible values are REQUEST_COOKIES, JSON_PAIRS for a JSON parameter, XML_PAIRS for an XML parameter, ARGS for a request parameter, and REQUEST_HEADERS for a request header. Use this option if you can't get an exhaustive list of elements to exclude or the list is too large. You can exclude several attributes.

anyHeaderCookieOrParam
headerCookieOrParamValues
array of strings

The list of excepted values in headers, cookies, or query parameters.

headerCookieOrParamValues
specificHeaderCookieOrParamNameValue
object

Contains details about the excepted name-value pair in a request.

specificHeaderCookieOrParamNames
object

Contains details about the excepted request attribute name.

specificHeaderCookieOrParamPrefix
object

Contains details about the excepted request attribute name prefix.

specificHeaderCookieParamXmlOrJsonNames
array of objects

Contains details about the excepted request attribute names. This is only available for attack groups and when advanced exception is not enabled.

specificHeaderCookieParamXmlOrJsonNames
object
names
array of strings

Lists request attribute names, required with several selector options. With wildcard enabled, * represents a sequence and ? represents any single character. For example, * matches any name, and *session matches a subset.

names
string
required

The request attribute to exclude from inspection. The following selectors require a set of names: ARGS_NAMES, ARGS, REQUEST_HEADERS_NAMES, REQUEST_HEADERS, REQUEST_COOKIES_NAMES, REQUEST_COOKIES, JSON_NAMES, JSON_PAIRS, and XML_PAIRS. See Exception selector values.

ARGS_NAMES ARGS REQUEST_HEADERS_NAMES REQUEST_HEADERS REQUEST_COOKIES_NAMES REQUEST_COOKIES JSON_NAMES JSON_PAIRS XML_PAIRS REQUEST_PROTOCOL REQUEST_METHOD REQUEST_URI QUERY_STRING REQUEST_FILENAME REQUEST_PATH_SEGMENT REQUEST_BODY REQBODY_PROCESSOR_ERROR FILES_NAMES

boolean
Defaults to false

Whether you can specify wildcards to flexibly match names, either * for any set of characters, or ? for any single character.

Language
Authentication
URL