Match targets
Use the available options to build out your match target object.
{
"type": "website",
"isNegativePathMatch": false,
"isNegativeFileExtensionMatch": false,
"hostnames": [
"my-hostname-example.com",
"learn.my-hostname-example.com",
"developer.my-hostname-example.com"
],
"fileExtensions": ["sfx", "py", "js", "jar", "html", "exe", "dll", "bat"],
"securityPolicy": {
"policyId": "abc_123456"
}
}
{
"type": "api",
"apis": [
{
"id": 11111,
"name": "GET all my things"
},
{
"id": 22222,
"name": "PATCH my thing"
}
],
"securityPolicy": {
"policyId": "abc_123456"
},
"bypassNetworkLists": [
{
"id": "123456_MYNETWORKLIST",
"name": "My Network List 1"
},
{
"id": "987654_MYNETWORKLIST"
"name": "My Network List 2"
}
]
}
Required arguments
The match target type
argument must be included in all your match target JSON files. Allowed values are website
or api
.
Optional arguments
While optional, these arguments might be required depending on the other arguments you include in your match target.
Argument | Description |
---|---|
configId | The security configuration ID associated with the match target. |
configVersion | The security configuration version associated with the match target. |
defaultFile | How to match paths. Value is one of:
Do not use if you use fileExtensions or filePaths . |
fileExtensions | File extensions for which the match target scans. |
filePaths | File paths for which the match target scans. |
hostnames | Hostnames for which the match target scans. |
isNegativeFileExtensionMatch | Whether the match target triggers on files not included in the file extension list.
|
isNegativePathMatch | Whether the match target triggers on paths not included in the file path list.
|
securityPolicy
An object that associates your security policy to your match target by policy ID.
{
"securityPolicy": {
"policyId": "abc_123456"
}
}
apis
The API endpoints on which to match.
Argument | Required | Description |
---|---|---|
id | ✔️ | An API endpoint ID. |
name | The API endpoint's name. |
{
"apis": [
{
"id": 11111,
"name": "GET all my things"
},
{
"id": 22222,
"name": "PATCH my thing"
}
]
}
byPassNetworkLists
The bypass network list provides a way for you to exempt one or more network lists from the Web Application Firewall.
Argument | Required | Description |
---|---|---|
id | ✔️ | A network list ID. |
name | The network list's name. |
{
"bypassNetworkLists": [
{
"id": "123456_MYNETWORKLIST",
"name": "My Network List 1"
},
{
"id": "987654_MYNETWORKLIST"
"name": "My Network List 2"
}
]
}
Sequence properties
The order in which to match your targets.
Argument | Required | Description |
---|---|---|
type | ✔️ | Whether the sequencing is for website matches or api matches. |
targetSequence | ✔️ | An object that contains the targetId and sequence value for each of your match targets. Contains two required properties:
|
{
"type": "website"
"targetSequence": [
{
"targetId": 1234567,
"sequence": 1
},
{
"targetId": 9876543,
"sequence": 2
},
{
"targetId": 4567890,
"sequence": 3
}
]
}
Updated 8 months ago