API

Modify a rate policy

put
https://{hostname}/appsec/v1/configs//versions//rate-policies/

All products Update details for a specific rate policy. Now you can match on defined or undefined resources. If you're setting a match for either resource type, both definedResources and undefinedResources must be present in the request object or the request is considered incomplete. When true, match on any defined resources without passing a resourceId. When false, you'll need to pass a resourceId. If you pass definedResources and undefinedResources with empty values, they default to false. You can omit both resources and use this operation without these new match criteria. Contact your account team if you'd like to match on definedResources or undefinedResources.

Path Params
int64
required

A unique identifier for each configuration.

integer
required

A unique identifier for each version of a configuration.

integer
required

A unique identifier for each rate policy.

Query Params
string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params

Contains details about a rate policy.

additionalMatchOptions
array of objects

The list of additional match conditions.

additionalMatchOptions
apiSelectors
array of objects

The API endpoints to match in incoming requests. This only applies to the api matchType.

apiSelectors
integer
required
≥ 1

The allowed hits per second during any two-minute interval.

bodyParameters
array of objects

The list of body parameters to match on.

bodyParameters
integer
required
≥ 1

The allowed hits per second during any five-second interval.

integer
1 to 5

The time span for the burstThreshold interval. For existing rate policies, analyze your traffic in Alert mode before you reduce the measure window from 5 seconds. Learn more about thresholds here.

string
required
length ≥ 0
deprecated

Deprecated The client identifier you want to use to identify and track request senders. The value is required only for WAF type, and api-key is supported only for API match criteria. Using ip-useragent is typically more specific than using ip alone when trying to identify a client. Tracking by cookie:value applies to requests per individual session, even if the IP address changes. This field will be removed in future releases. Use clientIdentifiers instead.

clientIdentifiers
array of strings
length ≥ 0

Client identifiers to track request senders. The value is required only for WAF type, and api-key is supported only for API match criteria. Using ip-useragent is typically more specific than using ip alone when trying to identify a client. Tracking by cookie:value applies to requests per individual session, even if the IP address changes. Specify request-header:value to track by a named request header, like User-Agent. Use query-string:value to track by a specific named query parameter. The tls-fingerprint identifier is available for traffic transmitted using secure transport (HTTPS).

clientIdentifiers
Allowed:
condition
object

Contains information about the criteria that trigger the rate policy.

string
enum
Defaults to per_edge

The rate policy counter type. Either per_edge for rate limiting to work per edge node, or region_aggregated for rate limiting to work using aggregated rate accounting across multiple edge nodes.

Allowed:
string

Descriptive text you provide about a policy.

evaluation
object

Contains details about rate policy evaluation.

fileExtensions
object

Contains the file extension match criteria.

hostnames
array of strings

Deprecated. The hostnames to match. This array is deprecated. Use the hosts object instead.

hostnames
hosts
object

The hostnames to match, and whether to trigger on a match or absence of match.

string
enum
required

The match type in a rate policy. Either path to match website paths or api to match API paths.

Allowed:
string
required

The name you assign to a rate policy.

path
object

Contains details about the path match criteria.

string
enum
required

The type of paths to match in incoming requests. Either AllRequests to match an empty path or any path that ends in a trailing slash (/), TopLevel to match top-level hostnames only, or Custom to match a specific path or path component. This applies only when the corresponding matchType member is path. Specify RequestDisabled to bypass matching on a path.

Allowed:
boolean

Whether the condition should trigger on a match (true) or a lack of match (false).

string
enum
Defaults to TEN_MINUTES

The duration of the penalty box. Either TEN_MINUTES, THIRTY_MINUTES, ONE_HOUR, FOUR_HOURS, SIX_HOURS, TWELVE_HOURS, or TWENTY_FOUR_HOURS. Only applicable when the counterType is region_aggregated.

Allowed:
queryParameters
array of objects

The list of query parameter objects to match on.

queryParameters
string
enum
required

The type of requests to count towards the rate policy's thresholds. Either ClientRequest to count client requests to edge servers, ClientResponse to count edge responses to the client, ForwardResponse to count origin responses to the client, or ForwardRequest to count edge requests to your origin.

Allowed:
boolean
required

Whether to apply the same action to the IPv6 traffic as to the IPv4 traffic.

string
enum
required

The rate policy type. Either WAF for Web Application Firewall, or BOTMAN for Bot Manager.

Allowed:
boolean

Whether to check the contents of the X-Forwarded-For header in incoming requests.

Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

Updated 29 days ago

Language
URL
LoadingLoading…
Response
Choose an example:
application/json
application/problem+json

Updated 29 days ago