Create a URL protection policy

post https://{hostname}/appsec/v1/configs/{configId}/versions/{versionNumber}/url-protections

All products Creates a new URL protection policy for a specific configuration version.

Path Params

configId

int64

required

A unique identifier for each configuration.

versionNumber

integer

required

A unique identifier for each version of a configuration.

Query Params

accountSwitchKey

string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params

apiDefinitions

array of objects

The API endpoints to match on in incoming requests. This only applies to the api matchType.

apiDefinitions

bypassCondition

object

Exempts specific clients from being processed by the URL protection policy.

categories

array

The traffic categories to perform load shedding on when the origin traffic rate exceeds the load shedding threshold. If intelligentLoadShedding is set to true, specify one or more categories.

categories

configId

int64

Uniquely identifies the security configuration.

configVersion

integer

The security configuration version.

description

string

A description of the rate policy.

hostnamePaths

array of objects

length ≥ 1

The hostname and path combinations to match on.

hostnamePaths

intelligentLoadShedding

boolean

required

Enable or disable intelligent load shedding. If enabled, traffic that matches the load shedding categories is eligible for shedding if the origin rate exceeds the load shedding threshold.

name

string

required

The rate policy's unique name.

protectionType

string

If matching on hostnamePaths, specify SINGLE to match on a hostname and path, or MULTIPLE to match on hostname and path combinations.

rateThreshold

integer

required

The allowed hits per second during any five-second interval.

sheddingThresholdHitsPerSec

integer

Specify the threshold value, in hits per second, after which traffic can be shed. The sheddingThresholdHitsPerSec value must be between 70%-90% of the rateThreshold value. If you enabled intelligentLoadShedding, this value is required.

Responses

Response body

object

apiDefinitions

array of objects

The API endpoints to match on in incoming requests. This only applies to the api matchType.

apiDefinitions

object

apiDefinitionId

int64

required

Uniquely identifies each API endpoint.

definedResources

boolean

When true, match on any resource explicitly added to your API definition without including a resourceId. When false, you'll need to pass a resourceId.

resourceIds

array of int64s

The unique identifiers of the endpoint's resources.

resourceIds

undefinedResources

boolean

When true, match on any resource you have not explicitly added to your API definition without including a resourceId. When false, you'll need to pass a resourceId.

bypassCondition

object

Exempts specific clients from being processed by the URL protection policy.

atomicConditions

array

length ≥ 1

Specify one or more types of conditions to match on. You can match on client lists, request headers, or both.

atomicConditions

categories

array

The traffic categories to perform load shedding on when the origin traffic rate exceeds the load shedding threshold. If intelligentLoadShedding is set to true, specify one or more categories.

categories

configId

int64

Uniquely identifies the security configuration.

configVersion

integer

The security configuration version.

createDate

date-time

Read-only The timestamp when you created the URL protection policy.

createdBy

string

Read-only The username of the person who created the URL protection policy.

description

string

A description of the rate policy.

hostnamePaths

array of objects

length ≥ 1

The hostname and path combinations to match on.

hostnamePaths

object

hostname

string

required

The hostnames you choose to match on.

paths

array of strings

required

The list of paths to match on.

paths*

intelligentLoadShedding

boolean

required

Enable or disable intelligent load shedding. If enabled, traffic that matches the load shedding categories is eligible for shedding if the origin rate exceeds the load shedding threshold.

name

string

required

The rate policy's unique name.

policyId

int64

Read-only Uniquely identifies the URL protection policy.

protectionType

string

If matching on hostnamePaths, specify SINGLE to match on a hostname and path, or MULTIPLE to match on hostname and path combinations.

SINGLE MULTIPLE

rateThreshold

integer

required

The allowed hits per second during any five-second interval.

sheddingThresholdHitsPerSec

integer

updateDate

date-time

Read-only The ISO 8601 timestamp when you last updated the URL protection policy.

updatedBy

string

Read-only Username who last updated the URL protection policy.

used

boolean

Read-only Whether you're currently using the URL protection policy.

Language

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://hostname/appsec/v1/configs/configId/versions/versionNumber/url-protections \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json' \
5
     --data '
6
{
7
  "intelligentLoadShedding": true
8
}
9
'


xxxxxxxxxx
83
}
1
{
2
  "bypassCondition": {
3
    "atomicConditions": [
4
      {
5
        "checkIps": "connecting",
6
        "className": "NetworkListCondition",
7
        "positiveMatch": true,
8
        "value": [
9
          "12345_10CLIENTLIST",
10
          "54321_123"
11
        ]
12
      },
13
      {
14
        "className": "RequestHeaderCondition",
15
        "name": [
16
          "my-custom-header"
17
        ],
18
        "nameWildcard": false,
19
        "positiveMatch": true,
20
        "value": [
21
          "my-custom-value"
22
        ],
23
        "valueCase": false,
24
        "valueWildcard": false
25
      }

201Successfully created a URL protection policy.

400Bad request. Invalid request body or URL parameter input.

403Forbidden. You don't have access to URL protection policies in this security configuration.

404Not found. Security configuration version wasn't found.