Create a WAF exclusion filter

v2 (latest)

POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.ap2.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.us2.ddog-gov.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters

Overview

Create a new WAF exclusion filter with the given parameters.

A request matched by an exclusion filter will be ignored by the Application Security WAF product. Go to https://app.datadoghq.com/security/appsec/passlist to review existing exclusion filters (also called passlist entries).

This endpoint requires the appsec_protect_write permission.

Request

Body Data (required)

The definition of the new WAF exclusion filter.

Expand All

Field

Type

Description

data [required]

object

Object for creating a single WAF exclusion filter.

{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": true,
      "parameters": [
        "list.search.query"
      ],
      "path_glob": "/accounts/*",
      "rules_target": [
        {
          "tags": {
            "category": "attack_attempt",
            "type": "lfi"
          }
        }
      ],
      "scope": [
        {
          "env": "www",
          "service": "prod"
        }
      ]
    },
    "type": "exclusion_filter"
  }
}

Response

Response object for a single WAF exclusion filter.

Expand All

Field

Type

Description

data

object

A JSON:API resource for an WAF exclusion filter.

{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": true,
      "event_query": "string",
      "ip_list": [
        "198.51.100.72"
      ],
      "metadata": {
        "added_at": "2019-09-19T10:00:00.000Z",
        "added_by": "string",
        "added_by_name": "string",
        "modified_at": "2019-09-19T10:00:00.000Z",
        "modified_by": "string",
        "modified_by_name": "string"
      },
      "on_match": "string",
      "parameters": [
        "list.search.query"
      ],
      "path_glob": "/accounts/*",
      "rules_target": [
        {
          "rule_id": "dog-913-009",
          "tags": {
            "category": "attack_attempt",
            "type": "lfi"
          }
        }
      ],
      "scope": [
        {
          "env": "www",
          "service": "prod"
        }
      ],
      "search_query": "string"
    },
    "id": "3dd-0uc-h1s",
    "type": "exclusion_filter"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                          ## default
# 

# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": true,
      "ip_list": [
        "198.51.100.72"
      ],
      "on_match": "monitor",
      "parameters": [
        "list.search.query"
      ],
      "path_glob": "/accounts/*",
      "rules_target": [
        {
          "rule_id": "dog-913-009",
          "tags": {
            "category": "attack_attempt",
            "type": "lfi"
          }
        }
      ],
      "scope": [
        {
          "env": "www",
          "service": "prod"
        }
      ]
    },
    "type": "exclusion_filter"
  }
}
EOF

                        

// Create a WAF exclusion filter returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.ApplicationSecurityWafExclusionFilterCreateRequest{
		Data: datadogV2.ApplicationSecurityWafExclusionFilterCreateData{
			Attributes: datadogV2.ApplicationSecurityWafExclusionFilterCreateAttributes{
				Description: "Exclude false positives on a path",
				Enabled:     true,
				Parameters: []string{
					"list.search.query",
				},
				PathGlob: datadog.PtrString("/accounts/*"),
				RulesTarget: []datadogV2.ApplicationSecurityWafExclusionFilterRulesTarget{
					{
						Tags: &datadogV2.ApplicationSecurityWafExclusionFilterRulesTargetTags{
							Category: datadog.PtrString("attack_attempt"),
							Type:     datadog.PtrString("lfi"),
						},
					},
				},
				Scope: []datadogV2.ApplicationSecurityWafExclusionFilterScope{
					{
						Env:     datadog.PtrString("www"),
						Service: datadog.PtrString("prod"),
					},
				},
			},
			Type: datadogV2.APPLICATIONSECURITYWAFEXCLUSIONFILTERTYPE_EXCLUSION_FILTER,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewApplicationSecurityApi(apiClient)
	resp, r, err := api.CreateApplicationSecurityWafExclusionFilter(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `ApplicationSecurityApi.CreateApplicationSecurityWafExclusionFilter`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `ApplicationSecurityApi.CreateApplicationSecurityWafExclusionFilter`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"

// Create a WAF exclusion filter returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.ApplicationSecurityApi;
import com.datadog.api.client.v2.model.ApplicationSecurityWafExclusionFilterCreateAttributes;
import com.datadog.api.client.v2.model.ApplicationSecurityWafExclusionFilterCreateData;
import com.datadog.api.client.v2.model.ApplicationSecurityWafExclusionFilterCreateRequest;
import com.datadog.api.client.v2.model.ApplicationSecurityWafExclusionFilterResponse;
import com.datadog.api.client.v2.model.ApplicationSecurityWafExclusionFilterRulesTarget;
import com.datadog.api.client.v2.model.ApplicationSecurityWafExclusionFilterRulesTargetTags;
import com.datadog.api.client.v2.model.ApplicationSecurityWafExclusionFilterScope;
import com.datadog.api.client.v2.model.ApplicationSecurityWafExclusionFilterType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    ApplicationSecurityApi apiInstance = new ApplicationSecurityApi(defaultClient);

    ApplicationSecurityWafExclusionFilterCreateRequest body =
        new ApplicationSecurityWafExclusionFilterCreateRequest()
            .data(
                new ApplicationSecurityWafExclusionFilterCreateData()
                    .attributes(
                        new ApplicationSecurityWafExclusionFilterCreateAttributes()
                            .description("Exclude false positives on a path")
                            .enabled(true)
                            .parameters(Collections.singletonList("list.search.query"))
                            .pathGlob("/accounts/*")
                            .rulesTarget(
                                Collections.singletonList(
                                    new ApplicationSecurityWafExclusionFilterRulesTarget()
                                        .tags(
                                            new ApplicationSecurityWafExclusionFilterRulesTargetTags()
                                                .category("attack_attempt")
                                                .type("lfi"))))
                            .scope(
                                Collections.singletonList(
                                    new ApplicationSecurityWafExclusionFilterScope()
                                        .env("www")
                                        .service("prod"))))
                    .type(ApplicationSecurityWafExclusionFilterType.EXCLUSION_FILTER));

    try {
      ApplicationSecurityWafExclusionFilterResponse result =
          apiInstance.createApplicationSecurityWafExclusionFilter(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling"
              + " ApplicationSecurityApi#createApplicationSecurityWafExclusionFilter");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"

"""
Create a WAF exclusion filter returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi
from datadog_api_client.v2.model.application_security_waf_exclusion_filter_create_attributes import (
    ApplicationSecurityWafExclusionFilterCreateAttributes,
)
from datadog_api_client.v2.model.application_security_waf_exclusion_filter_create_data import (
    ApplicationSecurityWafExclusionFilterCreateData,
)
from datadog_api_client.v2.model.application_security_waf_exclusion_filter_create_request import (
    ApplicationSecurityWafExclusionFilterCreateRequest,
)
from datadog_api_client.v2.model.application_security_waf_exclusion_filter_rules_target import (
    ApplicationSecurityWafExclusionFilterRulesTarget,
)
from datadog_api_client.v2.model.application_security_waf_exclusion_filter_rules_target_tags import (
    ApplicationSecurityWafExclusionFilterRulesTargetTags,
)
from datadog_api_client.v2.model.application_security_waf_exclusion_filter_scope import (
    ApplicationSecurityWafExclusionFilterScope,
)
from datadog_api_client.v2.model.application_security_waf_exclusion_filter_type import (
    ApplicationSecurityWafExclusionFilterType,
)

body = ApplicationSecurityWafExclusionFilterCreateRequest(
    data=ApplicationSecurityWafExclusionFilterCreateData(
        attributes=ApplicationSecurityWafExclusionFilterCreateAttributes(
            description="Exclude false positives on a path",
            enabled=True,
            parameters=[
                "list.search.query",
            ],
            path_glob="/accounts/*",
            rules_target=[
                ApplicationSecurityWafExclusionFilterRulesTarget(
                    tags=ApplicationSecurityWafExclusionFilterRulesTargetTags(
                        category="attack_attempt",
                        type="lfi",
                    ),
                ),
            ],
            scope=[
                ApplicationSecurityWafExclusionFilterScope(
                    env="www",
                    service="prod",
                ),
            ],
        ),
        type=ApplicationSecurityWafExclusionFilterType.EXCLUSION_FILTER,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = ApplicationSecurityApi(api_client)
    response = api_instance.create_application_security_waf_exclusion_filter(body=body)

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"

# Create a WAF exclusion filter returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::ApplicationSecurityAPI.new

body = DatadogAPIClient::V2::ApplicationSecurityWafExclusionFilterCreateRequest.new({
  data: DatadogAPIClient::V2::ApplicationSecurityWafExclusionFilterCreateData.new({
    attributes: DatadogAPIClient::V2::ApplicationSecurityWafExclusionFilterCreateAttributes.new({
      description: "Exclude false positives on a path",
      enabled: true,
      parameters: [
        "list.search.query",
      ],
      path_glob: "/accounts/*",
      rules_target: [
        DatadogAPIClient::V2::ApplicationSecurityWafExclusionFilterRulesTarget.new({
          tags: DatadogAPIClient::V2::ApplicationSecurityWafExclusionFilterRulesTargetTags.new({
            category: "attack_attempt",
            type: "lfi",
          }),
        }),
      ],
      scope: [
        DatadogAPIClient::V2::ApplicationSecurityWafExclusionFilterScope.new({
          env: "www",
          service: "prod",
        }),
      ],
    }),
    type: DatadogAPIClient::V2::ApplicationSecurityWafExclusionFilterType::EXCLUSION_FILTER,
  }),
})
p api_instance.create_application_security_waf_exclusion_filter(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"

// Create a WAF exclusion filter returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_application_security::ApplicationSecurityAPI;
use datadog_api_client::datadogV2::model::ApplicationSecurityWafExclusionFilterCreateAttributes;
use datadog_api_client::datadogV2::model::ApplicationSecurityWafExclusionFilterCreateData;
use datadog_api_client::datadogV2::model::ApplicationSecurityWafExclusionFilterCreateRequest;
use datadog_api_client::datadogV2::model::ApplicationSecurityWafExclusionFilterRulesTarget;
use datadog_api_client::datadogV2::model::ApplicationSecurityWafExclusionFilterRulesTargetTags;
use datadog_api_client::datadogV2::model::ApplicationSecurityWafExclusionFilterScope;
use datadog_api_client::datadogV2::model::ApplicationSecurityWafExclusionFilterType;
use std::collections::BTreeMap;

#[tokio::main]
async fn main() {
    let body = ApplicationSecurityWafExclusionFilterCreateRequest::new(
        ApplicationSecurityWafExclusionFilterCreateData::new(
            ApplicationSecurityWafExclusionFilterCreateAttributes::new(
                "Exclude false positives on a path".to_string(),
                true,
            )
            .parameters(vec!["list.search.query".to_string()])
            .path_glob("/accounts/*".to_string())
            .rules_target(vec![ApplicationSecurityWafExclusionFilterRulesTarget::new(
            )
            .tags(
                ApplicationSecurityWafExclusionFilterRulesTargetTags::new()
                    .category("attack_attempt".to_string())
                    .type_("lfi".to_string())
                    .additional_properties(BTreeMap::from([])),
            )])
            .scope(vec![ApplicationSecurityWafExclusionFilterScope::new()
                .env("www".to_string())
                .service("prod".to_string())]),
            ApplicationSecurityWafExclusionFilterType::EXCLUSION_FILTER,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = ApplicationSecurityAPI::with_config(configuration);
    let resp = api
        .create_application_security_waf_exclusion_filter(body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run

/**
 * Create a WAF exclusion filter returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.ApplicationSecurityApi(configuration);

const params: v2.ApplicationSecurityApiCreateApplicationSecurityWafExclusionFilterRequest =
  {
    body: {
      data: {
        attributes: {
          description: "Exclude false positives on a path",
          enabled: true,
          parameters: ["list.search.query"],
          pathGlob: "/accounts/*",
          rulesTarget: [
            {
              tags: {
                category: "attack_attempt",
                type: "lfi",
              },
            },
          ],
          scope: [
            {
              env: "www",
              service: "prod",
            },
          ],
        },
        type: "exclusion_filter",
      },
    },
  };

apiInstance
  .createApplicationSecurityWafExclusionFilter(params)
  .then((data: v2.ApplicationSecurityWafExclusionFilterResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

Create a WAF exclusion filter

Overview

Request

Body Data (required)

Response

Code Example

Create a WAF exclusion filter returns "OK" response

Create a WAF exclusion filter returns "OK" response

Instructions

Create a WAF exclusion filter returns "OK" response

Instructions

Create a WAF exclusion filter returns "OK" response

Instructions

Create a WAF exclusion filter returns "OK" response

Instructions

Create a WAF exclusion filter returns "OK" response

Instructions

Create a WAF exclusion filter returns "OK" response

Instructions

How can I help you today?