Modify a URL protection policy

put

https://{hostname}/appsec/v1/configs/{configId}/versions/{versionNumber}/url-protections/{urlProtectionPolicyId}

All products Updates the specified URL protection policy.

Path Params

configId

int64

required

A unique identifier for each configuration.

versionNumber

integer

required

A unique identifier for each version of a configuration.

urlProtectionPolicyId

int64

required

A unique identifier for each URL protection policy.

Query Params

accountSwitchKey

string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params

apiDefinitions

array of objects

The API endpoints to match on in incoming requests. This only applies to the api matchType.

apiDefinitions

bypassCondition

object

Exempts specific clients from being processed by the URL protection policy.

categories

configId

int64

Uniquely identifies the security configuration.

configVersion

integer

The security configuration version.

description

string

A description of the rate policy.

hostnamePaths

array of objects

length ≥ 1

The hostname and path combinations to match on.

hostnamePaths

intelligentLoadShedding

boolean

required

Enable or disable intelligent load shedding. If enabled, traffic that matches the load shedding categories is eligible for shedding if the origin rate exceeds the load shedding threshold.

name

string

required

The rate policy's unique name.

protectionType

string

enum

If matching on hostnamePaths, specify SINGLE to match on a hostname and path, or MULTIPLE to match on hostname and path combinations.

Allowed:

rateThreshold

integer

required

The allowed hits per second during any five-second interval.

sheddingThresholdHitsPerSec

integer

Specify the threshold value, in hits per second, after which traffic can be shed. The sheddingThresholdHitsPerSec value must be between 25%-90% of the rateThreshold value. If you enabled intelligentLoadShedding, this value is required.

Headers

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

200Successfully updated URL protection policy.

400Bad request. Invalid request body or URL parameter input.

403Forbidden. You don't have access to URL protection policy in this security configuration.

404Not found. Security configuration version or URL protection policy wasn't found.