F5 Distributed Cloud Services API for ves.io.schema.api_sec.rule_suggestion
Download OpenAPI specification:Download
APIs to get rule suggestions from App Security Monitoring pages
Suggest api endpoint protection rule
Suggest API endpoint protection rule for a given path
path Parameters
namespace required | string Namespace x-example: "shared" x-required Namespace of the App type for current request |
Request Body schema: application/jsonrequired
method | string (HttpMethod) Default: "ANY" Enum: "ANY" "GET" "HEAD" "POST" "PUT" "DELETE" "CONNECT" "OPTIONS" "TRACE" "PATCH" "COPY" Specifies the HTTP method used to access a resource. Any HTTP Method |
namespace | string (Namespace) Namespace of the App type for current request Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true |
path | string (Path) <= 1024 characters Path to apply the API endpoint protection to Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true ves.io.schema.rules.string.max_len: 1024 ves.io.schema.rules.string.templated_http_path: true |
virtual_host_name | string (Name) Virtual Host for which this API endpoint protection rule applied Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true |
Responses
Request samples
- Payload
{- "method": "ANY",
- "namespace": "string",
- "path": "string",
- "virtual_host_name": "string"
}
Response samples
- 200
- 401
- 403
- 404
- 409
- 429
- 500
- 503
- 504
{- "found_existing_rule": { },
- "loadbalancer_type": "VIRTUAL_SERVICE",
- "rule": {
- "action": {
- "allow": { },
- "deny": { }
}, - "any_domain": { },
- "api_endpoint_method": {
- "invert_matcher": true,
- "methods": [
- "ANY"
]
}, - "api_endpoint_path": "string",
- "client_matcher": {
- "any_client": { },
- "any_ip": { },
- "asn_list": {
- "as_numbers": [
- 0
]
}, - "asn_matcher": {
- "asn_sets": [
- {
- "kind": "string",
- "name": "string",
- "namespace": "string",
- "tenant": "string",
- "uid": "string"
}
]
}, - "client_selector": {
- "expressions": [
- "string"
]
}, - "ip_matcher": {
- "invert_matcher": true,
- "prefix_sets": [
- {
- "kind": "string",
- "name": "string",
- "namespace": "string",
- "tenant": "string",
- "uid": "string"
}
]
}, - "ip_prefix_list": {
- "invert_match": true,
- "ip_prefixes": [
- "string"
]
}, - "ip_threat_category_list": {
- "ip_threat_categories": [
- "SPAM_SOURCES"
]
}, - "tls_fingerprint_matcher": {
- "classes": [
- "TLS_FINGERPRINT_NONE"
], - "exact_values": [
- "string"
], - "excluded_values": [
- "string"
]
}
}, - "metadata": {
- "description": "string",
- "name": "string"
}, - "request_matcher": {
- "cookie_matchers": [
- {
- "check_not_present": { },
- "check_present": { },
- "invert_matcher": true,
- "item": {
- "exact_values": [
- "string"
], - "regex_values": [
- "string"
], - "transformers": [
- "LOWER_CASE"
]
}, - "name": "string"
}
], - "headers": [
- {
- "check_not_present": { },
- "check_present": { },
- "invert_matcher": true,
- "item": {
- "exact_values": [
- "string"
], - "regex_values": [
- "string"
], - "transformers": [
- "LOWER_CASE"
]
}, - "name": "string"
}
], - "jwt_claims": [
- {
- "check_not_present": { },
- "check_present": { },
- "invert_matcher": true,
- "item": {
- "exact_values": [
- "string"
], - "regex_values": [
- "string"
], - "transformers": [
- "LOWER_CASE"
]
}, - "name": "string"
}
], - "query_params": [
- {
- "check_not_present": { },
- "check_present": { },
- "invert_matcher": true,
- "item": {
- "exact_values": [
- "string"
], - "regex_values": [
- "string"
], - "transformers": [
- "LOWER_CASE"
]
}, - "key": "string"
}
]
}, - "specific_domain": "string"
}
}
Suggest sensitive data rule
Suggest sensitive data rule for a given path
path Parameters
namespace required | string Namespace x-example: "shared" x-required Namespace of the App type for current request |
Request Body schema: application/jsonrequired
method | string (HttpMethod) Default: "ANY" Enum: "ANY" "GET" "HEAD" "POST" "PUT" "DELETE" "CONNECT" "OPTIONS" "TRACE" "PATCH" "COPY" Specifies the HTTP method used to access a resource. Any HTTP Method |
namespace | string (Namespace) Namespace of the App type for current request Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true |
path | string (Path) <= 1024 characters Path to apply the senstive data to Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true ves.io.schema.rules.string.max_len: 1024 ves.io.schema.rules.string.templated_http_path: true |
virtual_host_name | string (Name) Virtual Host for which this sensitive data rule applied Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true |
Responses
Request samples
- Payload
{- "method": "ANY",
- "namespace": "string",
- "path": "string",
- "virtual_host_name": "string"
}
Response samples
- 200
- 401
- 403
- 404
- 409
- 429
- 500
- 503
- 504
{- "found_existing_rule": { },
- "loadbalancer_type": "VIRTUAL_SERVICE",
- "rule": {
- "api_endpoint": {
- "methods": [
- "ANY"
], - "path": "string"
}, - "body": {
- "fields": [
- "string"
]
}, - "mask": { },
- "report": { }
}
}
Suggest Open API specification validation rule
Suggest Open API specification validation rule for a given path
path Parameters
namespace required | string Namespace x-example: "shared" x-required Namespace of the App type for current request |
Request Body schema: application/jsonrequired
api_groups | Array of strings (API Groups membership) List of API Groups the API Endpoint is a member of. Example: |
method | string (HttpMethod) Default: "ANY" Enum: "ANY" "GET" "HEAD" "POST" "PUT" "DELETE" "CONNECT" "OPTIONS" "TRACE" "PATCH" "COPY" Specifies the HTTP method used to access a resource. Any HTTP Method |
namespace | string (Namespace) Namespace of the App type for current request Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true |
path | string (Path) <= 1024 characters Path to apply the Open API specification validation to Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true ves.io.schema.rules.string.max_len: 1024 ves.io.schema.rules.string.templated_http_path: true |
virtual_host_name | string (Name) Virtual Host for which this Open API specification validation rule applied Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true |
Responses
Request samples
- Payload
{- "api_groups": [
- "string"
], - "method": "ANY",
- "namespace": "string",
- "path": "string",
- "virtual_host_name": "string"
}
Response samples
- 200
- 401
- 403
- 404
- 409
- 429
- 500
- 503
- 504
{- "all_endpoints_oas_validation": {
- "fall_through_mode": {
- "fall_through_mode_allow": { },
- "fall_through_mode_custom": {
- "open_api_validation_rules": [
- {
- "action_block": { },
- "action_report": { },
- "action_skip": { },
- "api_endpoint": {
- "methods": [
- "ANY"
], - "path": "string"
}, - "api_group": "string",
- "base_path": "string",
- "metadata": {
- "description": "string",
- "name": "string"
}
}
]
}
}, - "settings": {
- "oversized_body_fail_validation": { },
- "oversized_body_skip_validation": { },
- "property_validation_settings_custom": {
- "queryParameters": {
- "allow_additional_parameters": { },
- "disallow_additional_parameters": { }
}
}, - "property_validation_settings_default": { }
}, - "validation_mode": {
- "response_validation_mode_active": {
- "enforcement_block": { },
- "enforcement_report": { },
- "response_validation_properties": [
- "PROPERTY_QUERY_PARAMETERS"
]
}, - "skip_response_validation": { },
- "skip_validation": { },
- "validation_mode_active": {
- "enforcement_block": { },
- "enforcement_report": { },
- "request_validation_properties": [
- "PROPERTY_QUERY_PARAMETERS"
]
}
}
}, - "custom_oas_validation": {
- "any_domain": { },
- "api_endpoint": {
- "methods": [
- "ANY"
], - "path": "string"
}, - "api_group": "string",
- "base_path": "string",
- "metadata": {
- "description": "string",
- "name": "string"
}, - "specific_domain": "string",
- "validation_mode": {
- "response_validation_mode_active": {
- "enforcement_block": { },
- "enforcement_report": { },
- "response_validation_properties": [
- "PROPERTY_QUERY_PARAMETERS"
]
}, - "skip_response_validation": { },
- "skip_validation": { },
- "validation_mode_active": {
- "enforcement_block": { },
- "enforcement_report": { },
- "request_validation_properties": [
- "PROPERTY_QUERY_PARAMETERS"
]
}
}
}, - "found_existing_rule": { },
- "loadbalancer_type": "VIRTUAL_SERVICE"
}
Suggest rate limit rule
Suggest rate limit rule for a given path
path Parameters
namespace required | string Namespace x-example: "shared" x-required Namespace of the App type for current request |
Request Body schema: application/jsonrequired
method | string (HttpMethod) Default: "ANY" Enum: "ANY" "GET" "HEAD" "POST" "PUT" "DELETE" "CONNECT" "OPTIONS" "TRACE" "PATCH" "COPY" Specifies the HTTP method used to access a resource. Any HTTP Method |
namespace | string (Namespace) Namespace of the App type for current request Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true |
path | string (Path) <= 1024 characters Path to apply the rate limit to Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true ves.io.schema.rules.string.max_len: 1024 ves.io.schema.rules.string.templated_http_path: true |
virtual_host_name | string (Name) Virtual Host for which this rate limit rule applied Example: Required: YES Validation Rules: ves.io.schema.rules.message.required: true |
Responses
Request samples
- Payload
{- "method": "ANY",
- "namespace": "string",
- "path": "string",
- "virtual_host_name": "string"
}
Response samples
- 200
- 401
- 403
- 404
- 409
- 429
- 500
- 503
- 504
{- "found_existing_rule": { },
- "loadbalancer_type": "VIRTUAL_SERVICE",
- "rule": {
- "any_domain": { },
- "api_endpoint_method": {
- "invert_matcher": true,
- "methods": [
- "ANY"
]
}, - "api_endpoint_path": "string",
- "client_matcher": {
- "any_client": { },
- "any_ip": { },
- "asn_list": {
- "as_numbers": [
- 0
]
}, - "asn_matcher": {
- "asn_sets": [
- {
- "kind": "string",
- "name": "string",
- "namespace": "string",
- "tenant": "string",
- "uid": "string"
}
]
}, - "client_selector": {
- "expressions": [
- "string"
]
}, - "ip_matcher": {
- "invert_matcher": true,
- "prefix_sets": [
- {
- "kind": "string",
- "name": "string",
- "namespace": "string",
- "tenant": "string",
- "uid": "string"
}
]
}, - "ip_prefix_list": {
- "invert_match": true,
- "ip_prefixes": [
- "string"
]
}, - "ip_threat_category_list": {
- "ip_threat_categories": [
- "SPAM_SOURCES"
]
}, - "tls_fingerprint_matcher": {
- "classes": [
- "TLS_FINGERPRINT_NONE"
], - "exact_values": [
- "string"
], - "excluded_values": [
- "string"
]
}
}, - "inline_rate_limiter": {
- "ref_user_id": {
- "name": "string",
- "namespace": "string",
- "tenant": "string"
}, - "threshold": 0,
- "unit": "SECOND",
- "use_http_lb_user_id": { }
}, - "ref_rate_limiter": {
- "name": "string",
- "namespace": "string",
- "tenant": "string"
}, - "request_matcher": {
- "cookie_matchers": [
- {
- "check_not_present": { },
- "check_present": { },
- "invert_matcher": true,
- "item": {
- "exact_values": [
- "string"
], - "regex_values": [
- "string"
], - "transformers": [
- "LOWER_CASE"
]
}, - "name": "string"
}
], - "headers": [
- {
- "check_not_present": { },
- "check_present": { },
- "invert_matcher": true,
- "item": {
- "exact_values": [
- "string"
], - "regex_values": [
- "string"
], - "transformers": [
- "LOWER_CASE"
]
}, - "name": "string"
}
], - "jwt_claims": [
- {
- "check_not_present": { },
- "check_present": { },
- "invert_matcher": true,
- "item": {
- "exact_values": [
- "string"
], - "regex_values": [
- "string"
], - "transformers": [
- "LOWER_CASE"
]
}, - "name": "string"
}
], - "query_params": [
- {
- "check_not_present": { },
- "check_present": { },
- "invert_matcher": true,
- "item": {
- "exact_values": [
- "string"
], - "regex_values": [
- "string"
], - "transformers": [
- "LOWER_CASE"
]
}, - "key": "string"
}
]
}, - "specific_domain": "string"
}
}