Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

List all WAF custom rules

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.ap2.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.us2.ddog-gov.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules

Overview

Retrieve a list of WAF custom rule.

Response

OK

Response object that includes a list of WAF custom rules.

Expand All

Field

Type

Description

data

[object]

The WAF custom rule data.

attributes

object

A WAF custom rule.

action

object

The definition of ApplicationSecurityWafCustomRuleAction object.

action

enum

Override the default action to take when the WAF custom rule would block. Allowed enum values: redirect_request,block_request

default: block_request

parameters

object

The definition of ApplicationSecurityWafCustomRuleActionParameters object.

location

string

The location to redirect to when the WAF custom rule triggers.

status_code

int64

The status code to return when the WAF custom rule triggers.

default: 403

blocking [required]

boolean

Indicates whether the WAF custom rule will block the request.

conditions [required]

[object]

Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger.

operator [required]

enum

Operator to use for the WAF Condition. Allowed enum values: match_regex,!match_regex,phrase_match,!phrase_match,is_xss,is_sqli,exact_match,!exact_match,ip_match,!ip_match

Show 5 more,capture_data,exists,!exists,equals,!equals

parameters [required]

object

The scope of the WAF custom rule.

data

string

Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter.

inputs [required]

[object]

List of inputs on which at least one should match with the given operator.

address [required]

enum

Input from the request on which the condition should apply. Allowed enum values: server.db.statement,server.io.fs.file,server.io.net.url,server.sys.shell.cmd,server.request.method,server.request.uri.raw,server.request.path_params,server.request.query,server.request.headers,server.request.headers.no_cookies

Show 21 more,server.request.custom-auth,server.request.cookies,server.request.trailers,server.request.body,server.request.body.filenames,server.response.status,server.response.headers.no_cookies,server.response.trailers,server.response.body,grpc.server.request.metadata,grpc.server.request.message,grpc.server.method,graphql.server.all_resolvers,usr.id,http.client_ip,server.llm.event,server.llm.guard.verdict,_dd.appsec.fp.http.header,_dd.appsec.fp.http.network,_dd.appsec.fp.session,_dd.appsec.fp.http.endpoint

key_path

[string]

Specific path for the input.

list

[string]

List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator.

options

object

Options for the operator of this condition.

case_sensitive

boolean

Evaluate the value as case sensitive.

min_length

int64

Only evaluate this condition if the value has a minimum amount of characters.

regex

string

Regex to use with the condition. Only used with match_regex and !match_regex operator.

type

enum

The type of the value to compare against. Only used with the equals and !equals operator. Allowed enum values: boolean,signed,unsigned,float,string

value

string

Store the captured value in the specified tag name. Only used with the capture_data operator.

enabled [required]

boolean

Indicates whether the WAF custom rule is enabled.

metadata

object

Metadata associated with the WAF Custom Rule.

added_at

date-time

The date and time the WAF custom rule was created.

added_by

string

The handle of the user who created the WAF custom rule.

added_by_name

string

The name of the user who created the WAF custom rule.

modified_at

date-time

The date and time the WAF custom rule was last updated.

modified_by

string

The handle of the user who last updated the WAF custom rule.

modified_by_name

string

The name of the user who last updated the WAF custom rule.

name [required]

string

The name of the WAF custom rule.

path_glob

string

The path glob for the WAF custom rule.

scope

[object]

The scope of the WAF custom rule.

env [required]

string

The environment scope for the WAF custom rule.

service [required]

string

The service scope for the WAF custom rule.

tags [required]

object

Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces.

category [required]

enum

The category of the WAF Rule, can be either business_logic, attack_attempt or security_response. Allowed enum values: attack_attempt,business_logic,security_response

type [required]

string

The type of the WAF rule, associated with the category will form the security activity.

id

string

The ID of the custom rule.

type

enum

The type of the resource. The value should always be custom_rule. Allowed enum values: custom_rule

default: custom_rule

{
  "data": [
    {
      "attributes": {
        "action": {
          "action": "block_request",
          "parameters": {
            "location": "/blocking",
            "status_code": 403
          }
        },
        "blocking": false,
        "conditions": [
          {
            "operator": "match_regex",
            "parameters": {
              "data": "blocked_users",
              "inputs": [
                {
                  "address": "server.db.statement",
                  "key_path": []
                }
              ],
              "list": [],
              "options": {
                "case_sensitive": false,
                "min_length": "integer"
              },
              "regex": "path.*",
              "type": "string",
              "value": "custom_tag"
            }
          }
        ],
        "enabled": false,
        "metadata": {
          "added_at": "2021-01-01T00:00:00Z",
          "added_by": "john.doe@datadoghq.com",
          "added_by_name": "John Doe",
          "modified_at": "2021-01-01T00:00:00Z",
          "modified_by": "john.doe@datadoghq.com",
          "modified_by_name": "John Doe"
        },
        "name": "Block request from bad useragent",
        "path_glob": "/api/search/*",
        "scope": [
          {
            "env": "prod",
            "service": "billing-service"
          }
        ],
        "tags": {
          "category": "business_logic",
          "type": "users.login.success"
        }
      },
      "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b",
      "type": "custom_rule"
    }
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

                
"""
List all WAF custom rules returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = ApplicationSecurityApi(api_client)
    response = api_instance.list_application_security_waf_custom_rules()

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# List all WAF custom rules returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::ApplicationSecurityAPI.new
p api_instance.list_application_security_waf_custom_rules()

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// List all WAF custom rules returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewApplicationSecurityApi(apiClient)
	resp, r, err := api.ListApplicationSecurityWAFCustomRules(ctx)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `ApplicationSecurityApi.ListApplicationSecurityWAFCustomRules`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `ApplicationSecurityApi.ListApplicationSecurityWAFCustomRules`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// List all WAF custom rules returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.ApplicationSecurityApi;
import com.datadog.api.client.v2.model.ApplicationSecurityWafCustomRuleListResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    ApplicationSecurityApi apiInstance = new ApplicationSecurityApi(defaultClient);

    try {
      ApplicationSecurityWafCustomRuleListResponse result =
          apiInstance.listApplicationSecurityWAFCustomRules();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling ApplicationSecurityApi#listApplicationSecurityWAFCustomRules");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
// List all WAF custom rules returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_application_security::ApplicationSecurityAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = ApplicationSecurityAPI::with_config(configuration);
    let resp = api.list_application_security_waf_custom_rules().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
 * List all WAF custom rules returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.ApplicationSecurityApi(configuration);

apiInstance
  .listApplicationSecurityWAFCustomRules()
  .then((data: v2.ApplicationSecurityWafCustomRuleListResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"