Language

Español English Français 日本語 한국어

Datadog Site

Site help
US1 US3 US5 EU AP1 US1-FED

Application Security

Datadog Application Security provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate.

Get a WAF exclusion filter

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}

Información general

Retrieve a specific WAF exclusion filter using its identifier. This endpoint requires the appsec_protect_read permission.

Argumentos

Parámetros de ruta

Nombre

Tipo

Descripción

exclusion_filter_id [required]

string

The identifier of the WAF exclusion filter.

Respuesta

OK

Response object for a single WAF exclusion filter.

Expand All

Campo

Tipo

Descripción

data

object

A JSON:API resource for an WAF exclusion filter.

attributes

object

Attributes describing a WAF exclusion filter.

description

string

A description for the exclusion filter.

enabled

boolean

Indicates whether the exclusion filter is enabled.

event_query

string

The event query matched by the legacy exclusion filter. Cannot be created nor updated.

ip_list

[string]

The client IP addresses matched by the exclusion filter (CIDR notation is supported).

metadata

object

Extra information about the exclusion filter.

added_at

date-time

The creation date of the exclusion filter.

added_by

string

The handle of the user who created the exclusion filter.

added_by_name

string

The name of the user who created the exclusion filter.

modified_at

date-time

The last modification date of the exclusion filter.

modified_by

string

The handle of the user who last modified the exclusion filter.

modified_by_name

string

The name of the user who last modified the exclusion filter.

on_match

enum

The action taken when the exclusion filter matches. When set to monitor, security traces are emitted but the requests are not blocked. By default, security traces are not emitted and the requests are not blocked. Allowed enum values: monitor

parameters

[string]

A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character.

path_glob

string

The HTTP path glob expression matched by the exclusion filter.

rules_target

[object]

The WAF rules targeted by the exclusion filter.

rule_id

string

Target a single WAF rule based on its identifier.

tags

object

Target multiple WAF rules based on their tags.

category

string

The category of the targeted WAF rules.

type

string

The type of the targeted WAF rules.

scope

[object]

The services where the exclusion filter is deployed.

env

string

Deploy on this environment.

service

string

Deploy on this service.

search_query

string

Generated event search query for traces matching the exclusion filter.

id

string

The identifier of the WAF exclusion filter.

type

enum

Type of the resource. The value should always be exclusion_filter. Allowed enum values: exclusion_filter

default: exclusion_filter

{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": true,
      "event_query": "string",
      "ip_list": [
        "198.51.100.72"
      ],
      "metadata": {
        "added_at": "2019-09-19T10:00:00.000Z",
        "added_by": "string",
        "added_by_name": "string",
        "modified_at": "2019-09-19T10:00:00.000Z",
        "modified_by": "string",
        "modified_by_name": "string"
      },
      "on_match": "string",
      "parameters": [
        "list.search.query"
      ],
      "path_glob": "/accounts/*",
      "rules_target": [
        {
          "rule_id": "dog-913-009",
          "tags": {
            "category": "attack_attempt",
            "type": "lfi"
          }
        }
      ],
      "scope": [
        {
          "env": "www",
          "service": "prod"
        }
      ],
      "search_query": "string"
    },
    "id": "3dd-0uc-h1s",
    "type": "exclusion_filter"
  }
}

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                  # Path parameters
export exclusion_filter_id="3b5-v82-ns6"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/${exclusion_filter_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Create a WAF exclusion filter

POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters

Información general

Create a new WAF exclusion filter with the given parameters.

A request matched by an exclusion filter will be ignored by the Application Security WAF product. Go to https://app.datadoghq.com/security/appsec/passlist to review existing exclusion filters (also called passlist entries).

This endpoint requires the appsec_protect_write permission.

Solicitud

Body Data (required)

The definition of the new WAF exclusion filter.

Expand All

Campo

Tipo

Descripción

data [required]

object

Object for creating a single WAF exclusion filter.

attributes [required]

object

Attributes for creating a WAF exclusion filter.

description [required]

string

A description for the exclusion filter.

enabled [required]

boolean

Indicates whether the exclusion filter is enabled.

ip_list

[string]

The client IP addresses matched by the exclusion filter (CIDR notation is supported).

on_match

enum

The action taken when the exclusion filter matches. When set to monitor, security traces are emitted but the requests are not blocked. By default, security traces are not emitted and the requests are not blocked. Allowed enum values: monitor

parameters

[string]

A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character.

path_glob

string

The HTTP path glob expression matched by the exclusion filter.

rules_target

[object]

The WAF rules targeted by the exclusion filter.

rule_id

string

Target a single WAF rule based on its identifier.

tags

object

Target multiple WAF rules based on their tags.

category

string

The category of the targeted WAF rules.

type

string

The type of the targeted WAF rules.

scope

[object]

The services where the exclusion filter is deployed.

env

string

Deploy on this environment.

service

string

Deploy on this service.

type [required]

enum

Type of the resource. The value should always be exclusion_filter. Allowed enum values: exclusion_filter

default: exclusion_filter

{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": true,
      "parameters": [
        "list.search.query"
      ],
      "path_glob": "/accounts/*",
      "rules_target": [
        {
          "tags": {
            "category": "attack_attempt",
            "type": "lfi"
          }
        }
      ],
      "scope": [
        {
          "env": "www",
          "service": "prod"
        }
      ]
    },
    "type": "exclusion_filter"
  }
}

Respuesta

OK

Response object for a single WAF exclusion filter.

Expand All

Campo

Tipo

Descripción

data

object

A JSON:API resource for an WAF exclusion filter.

attributes

object

Attributes describing a WAF exclusion filter.

description

string

A description for the exclusion filter.

enabled

boolean

Indicates whether the exclusion filter is enabled.

event_query

string

The event query matched by the legacy exclusion filter. Cannot be created nor updated.

ip_list

[string]

The client IP addresses matched by the exclusion filter (CIDR notation is supported).

metadata

object

Extra information about the exclusion filter.

added_at

date-time

The creation date of the exclusion filter.

added_by

string

The handle of the user who created the exclusion filter.

added_by_name

string

The name of the user who created the exclusion filter.

modified_at

date-time

The last modification date of the exclusion filter.

modified_by

string

The handle of the user who last modified the exclusion filter.

modified_by_name

string

The name of the user who last modified the exclusion filter.

on_match

enum

The action taken when the exclusion filter matches. When set to monitor, security traces are emitted but the requests are not blocked. By default, security traces are not emitted and the requests are not blocked. Allowed enum values: monitor

parameters

[string]

A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character.

path_glob

string

The HTTP path glob expression matched by the exclusion filter.

rules_target

[object]

The WAF rules targeted by the exclusion filter.

rule_id

string

Target a single WAF rule based on its identifier.

tags

object

Target multiple WAF rules based on their tags.

category

string

The category of the targeted WAF rules.

type

string

The type of the targeted WAF rules.

scope

[object]

The services where the exclusion filter is deployed.

env

string

Deploy on this environment.

service

string

Deploy on this service.

search_query

string

Generated event search query for traces matching the exclusion filter.

id

string

The identifier of the WAF exclusion filter.

type

enum

Type of the resource. The value should always be exclusion_filter. Allowed enum values: exclusion_filter

default: exclusion_filter

{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": true,
      "event_query": "string",
      "ip_list": [
        "198.51.100.72"
      ],
      "metadata": {
        "added_at": "2019-09-19T10:00:00.000Z",
        "added_by": "string",
        "added_by_name": "string",
        "modified_at": "2019-09-19T10:00:00.000Z",
        "modified_by": "string",
        "modified_by_name": "string"
      },
      "on_match": "string",
      "parameters": [
        "list.search.query"
      ],
      "path_glob": "/accounts/*",
      "rules_target": [
        {
          "rule_id": "dog-913-009",
          "tags": {
            "category": "attack_attempt",
            "type": "lfi"
          }
        }
      ],
      "scope": [
        {
          "env": "www",
          "service": "prod"
        }
      ],
      "search_query": "string"
    },
    "id": "3dd-0uc-h1s",
    "type": "exclusion_filter"
  }
}

Bad Request

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": true,
      "parameters": [
        "list.search.query"
      ],
      "path_glob": "/accounts/*",
      "rules_target": [
        {
          "tags": {
            "category": "attack_attempt",
            "type": "lfi"
          }
        }
      ],
      "scope": [
        {
          "env": "www",
          "service": "prod"
        }
      ]
    },
    "type": "exclusion_filter"
  }
}
EOF

List all WAF exclusion filters

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filtershttps://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters

Información general

Retrieve a list of WAF exclusion filters. This endpoint requires the appsec_protect_read permission.

Respuesta

OK

Response object for multiple WAF exclusion filters.

Expand All

Campo

Tipo

Descripción

data

[object]

A list of WAF exclusion filters.

attributes

object

Attributes describing a WAF exclusion filter.

description

string

A description for the exclusion filter.

enabled

boolean

Indicates whether the exclusion filter is enabled.

event_query

string

The event query matched by the legacy exclusion filter. Cannot be created nor updated.

ip_list

[string]

The client IP addresses matched by the exclusion filter (CIDR notation is supported).

metadata

object

Extra information about the exclusion filter.

added_at

date-time

The creation date of the exclusion filter.

added_by

string

The handle of the user who created the exclusion filter.

added_by_name

string

The name of the user who created the exclusion filter.

modified_at

date-time

The last modification date of the exclusion filter.

modified_by

string

The handle of the user who last modified the exclusion filter.

modified_by_name

string

The name of the user who last modified the exclusion filter.

on_match

enum

The action taken when the exclusion filter matches. When set to monitor, security traces are emitted but the requests are not blocked. By default, security traces are not emitted and the requests are not blocked. Allowed enum values: monitor

parameters

[string]

A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character.

path_glob

string

The HTTP path glob expression matched by the exclusion filter.

rules_target

[object]

The WAF rules targeted by the exclusion filter.

rule_id

string

Target a single WAF rule based on its identifier.

tags

object

Target multiple WAF rules based on their tags.

category

string

The category of the targeted WAF rules.

type

string

The type of the targeted WAF rules.

scope

[object]

The services where the exclusion filter is deployed.

env

string

Deploy on this environment.

service

string

Deploy on this service.

search_query

string

Generated event search query for traces matching the exclusion filter.

id

string

The identifier of the WAF exclusion filter.

type

enum

Type of the resource. The value should always be exclusion_filter. Allowed enum values: exclusion_filter

default: exclusion_filter

{
  "data": [
    {
      "attributes": {
        "description": "Exclude false positives on a path",
        "enabled": true,
        "event_query": "string",
        "ip_list": [
          "198.51.100.72"
        ],
        "metadata": {
          "added_at": "2019-09-19T10:00:00.000Z",
          "added_by": "string",
          "added_by_name": "string",
          "modified_at": "2019-09-19T10:00:00.000Z",
          "modified_by": "string",
          "modified_by_name": "string"
        },
        "on_match": "string",
        "parameters": [
          "list.search.query"
        ],
        "path_glob": "/accounts/*",
        "rules_target": [
          {
            "rule_id": "dog-913-009",
            "tags": {
              "category": "attack_attempt",
              "type": "lfi"
            }
          }
        ],
        "scope": [
          {
            "env": "www",
            "service": "prod"
          }
        ],
        "search_query": "string"
      },
      "id": "3dd-0uc-h1s",
      "type": "exclusion_filter"
    }
  ]
}

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Update a WAF exclusion filter

PUT https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}

Información general

Update a specific WAF exclusion filter using its identifier. Returns the exclusion filter object when the request is successful. This endpoint requires the appsec_protect_write permission.

Argumentos

Parámetros de ruta

Nombre

Tipo

Descripción

exclusion_filter_id [required]

string

The identifier of the WAF exclusion filter.

Solicitud

Body Data (required)

The exclusion filter to update.

Expand All

Campo

Tipo

Descripción

data [required]

object

Object for updating a single WAF exclusion filter.

attributes [required]

object

Attributes for updating a WAF exclusion filter.

description [required]

string

A description for the exclusion filter.

enabled [required]

boolean

Indicates whether the exclusion filter is enabled.

ip_list

[string]

The client IP addresses matched by the exclusion filter (CIDR notation is supported).

on_match

enum

The action taken when the exclusion filter matches. When set to monitor, security traces are emitted but the requests are not blocked. By default, security traces are not emitted and the requests are not blocked. Allowed enum values: monitor

parameters

[string]

A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character.

path_glob

string

The HTTP path glob expression matched by the exclusion filter.

rules_target

[object]

The WAF rules targeted by the exclusion filter.

rule_id

string

Target a single WAF rule based on its identifier.

tags

object

Target multiple WAF rules based on their tags.

category

string

The category of the targeted WAF rules.

type

string

The type of the targeted WAF rules.

scope

[object]

The services where the exclusion filter is deployed.

env

string

Deploy on this environment.

service

string

Deploy on this service.

type [required]

enum

Type of the resource. The value should always be exclusion_filter. Allowed enum values: exclusion_filter

default: exclusion_filter

{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": false,
      "ip_list": [
        "198.51.100.72"
      ],
      "on_match": "monitor"
    },
    "type": "exclusion_filter"
  }
}

Respuesta

OK

Response object for a single WAF exclusion filter.

Expand All

Campo

Tipo

Descripción

data

object

A JSON:API resource for an WAF exclusion filter.

attributes

object

Attributes describing a WAF exclusion filter.

description

string

A description for the exclusion filter.

enabled

boolean

Indicates whether the exclusion filter is enabled.

event_query

string

The event query matched by the legacy exclusion filter. Cannot be created nor updated.

ip_list

[string]

The client IP addresses matched by the exclusion filter (CIDR notation is supported).

metadata

object

Extra information about the exclusion filter.

added_at

date-time

The creation date of the exclusion filter.

added_by

string

The handle of the user who created the exclusion filter.

added_by_name

string

The name of the user who created the exclusion filter.

modified_at

date-time

The last modification date of the exclusion filter.

modified_by

string

The handle of the user who last modified the exclusion filter.

modified_by_name

string

The name of the user who last modified the exclusion filter.

on_match

enum

The action taken when the exclusion filter matches. When set to monitor, security traces are emitted but the requests are not blocked. By default, security traces are not emitted and the requests are not blocked. Allowed enum values: monitor

parameters

[string]

A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character.

path_glob

string

The HTTP path glob expression matched by the exclusion filter.

rules_target

[object]

The WAF rules targeted by the exclusion filter.

rule_id

string

Target a single WAF rule based on its identifier.

tags

object

Target multiple WAF rules based on their tags.

category

string

The category of the targeted WAF rules.

type

string

The type of the targeted WAF rules.

scope

[object]

The services where the exclusion filter is deployed.

env

string

Deploy on this environment.

service

string

Deploy on this service.

search_query

string

Generated event search query for traces matching the exclusion filter.

id

string

The identifier of the WAF exclusion filter.

type

enum

Type of the resource. The value should always be exclusion_filter. Allowed enum values: exclusion_filter

default: exclusion_filter

{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": true,
      "event_query": "string",
      "ip_list": [
        "198.51.100.72"
      ],
      "metadata": {
        "added_at": "2019-09-19T10:00:00.000Z",
        "added_by": "string",
        "added_by_name": "string",
        "modified_at": "2019-09-19T10:00:00.000Z",
        "modified_by": "string",
        "modified_by_name": "string"
      },
      "on_match": "string",
      "parameters": [
        "list.search.query"
      ],
      "path_glob": "/accounts/*",
      "rules_target": [
        {
          "rule_id": "dog-913-009",
          "tags": {
            "category": "attack_attempt",
            "type": "lfi"
          }
        }
      ],
      "scope": [
        {
          "env": "www",
          "service": "prod"
        }
      ],
      "search_query": "string"
    },
    "id": "3dd-0uc-h1s",
    "type": "exclusion_filter"
  }
}

Bad Request

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                          # Path parameters
export exclusion_filter_id="3b5-v82-ns6"
# Curl command
curl -X PUT "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/${exclusion_filter_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "description": "Exclude false positives on a path",
      "enabled": false,
      "ip_list": [
        "198.51.100.72"
      ],
      "on_match": "monitor"
    },
    "type": "exclusion_filter"
  }
}
EOF

Delete a WAF exclusion filter

DELETE https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}

Información general

Delete a specific WAF exclusion filter using its identifier. This endpoint requires the appsec_protect_write permission.

Argumentos

Parámetros de ruta

Nombre

Tipo

Descripción

exclusion_filter_id [required]

string

The identifier of the WAF exclusion filter.

Respuesta

OK

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                  # Path parameters
export exclusion_filter_id="3b5-v82-ns6"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/exclusion_filters/${exclusion_filter_id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Get a WAF custom rule

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}

Información general

Retrieve a WAF custom rule by ID.

Argumentos

Parámetros de ruta

Nombre

Tipo

Descripción

custom_rule_id [required]

string

The ID of the custom rule.

Respuesta

OK

Response object that includes a single WAF custom rule.

Expand All

Campo

Tipo

Descripción

data

object

Object for a single WAF custom rule.

attributes

object

A WAF custom rule.

action

object

The definition of ApplicationSecurityWafCustomRuleAction object.

action

enum

Override the default action to take when the WAF custom rule would block. Allowed enum values: redirect_request,block_request

default: block_request

parameters

object

The definition of ApplicationSecurityWafCustomRuleActionParameters object.

location

string

The location to redirect to when the WAF custom rule triggers.

status_code

int64

The status code to return when the WAF custom rule triggers.

default: 403

blocking [required]

boolean

Indicates whether the WAF custom rule will block the request.

conditions [required]

[object]

Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger.

operator [required]

enum

Operator to use for the WAF Condition. Allowed enum values: match_regex,!match_regex,phrase_match,!phrase_match,is_xss,is_sqli,exact_match,!exact_match,ip_match,!ip_match,capture_data

parameters [required]

object

The scope of the WAF custom rule.

data

string

Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter.

inputs [required]

[object]

List of inputs on which at least one should match with the given operator.

address [required]

enum

Input from the request on which the condition should apply. Allowed enum values: server.db.statement,server.io.fs.file,server.io.net.url,server.sys.shell.cmd,server.request.method,server.request.uri.raw,server.request.path_params,server.request.query,server.request.headers.no_cookies,server.request.cookies,server.request.trailers,server.request.body,server.response.status,server.response.headers.no_cookies,server.response.trailers,grpc.server.request.metadata,grpc.server.request.message,grpc.server.method,graphql.server.all_resolvers,usr.id,http.client_ip

key_path

[string]

Specific path for the input.

list

[string]

List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator.

options

object

Options for the operator of this condition.

case_sensitive

boolean

Evaluate the value as case sensitive.

min_length

int64

Only evaluate this condition if the value has a minimum amount of characters.

regex

string

Regex to use with the condition. Only used with match_regex and !match_regex operator.

value

string

Store the captured value in the specified tag name. Only used with the capture_data operator.

enabled [required]

boolean

Indicates whether the WAF custom rule is enabled.

metadata

object

Metadata associated with the WAF Custom Rule.

added_at

date-time

The date and time the WAF custom rule was created.

added_by

string

The handle of the user who created the WAF custom rule.

added_by_name

string

The name of the user who created the WAF custom rule.

modified_at

date-time

The date and time the WAF custom rule was last updated.

modified_by

string

The handle of the user who last updated the WAF custom rule.

modified_by_name

string

The name of the user who last updated the WAF custom rule.

name [required]

string

The Name of the WAF custom rule.

path_glob

string

The path glob for the WAF custom rule.

scope

[object]

The scope of the WAF custom rule.

env [required]

string

The environment scope for the WAF custom rule.

service [required]

string

The service scope for the WAF custom rule.

tags [required]

object

Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces.

category [required]

enum

The category of the WAF Rule, can be either business_logic, attack_attempt or security_response. Allowed enum values: attack_attempt,business_logic,security_responses

type [required]

string

The type of the WAF rule, associated with the category will form the security activity.

id

string

The ID of the custom rule.

type

enum

The type of the resource. The value should always be custom_rule. Allowed enum values: custom_rule

default: custom_rule

{
  "data": {
    "attributes": {
      "action": {
        "action": "block_request",
        "parameters": {
          "location": "/blocking",
          "status_code": 403
        }
      },
      "blocking": false,
      "conditions": [
        {
          "operator": "match_regex",
          "parameters": {
            "data": "blocked_users",
            "inputs": [
              {
                "address": "server.db.statement",
                "key_path": []
              }
            ],
            "list": [],
            "options": {
              "case_sensitive": false,
              "min_length": "integer"
            },
            "regex": "path.*",
            "value": "custom_tag"
          }
        }
      ],
      "enabled": false,
      "metadata": {
        "added_at": "2021-01-01T00:00:00Z",
        "added_by": "john.doe@datadoghq.com",
        "added_by_name": "John Doe",
        "modified_at": "2021-01-01T00:00:00Z",
        "modified_by": "john.doe@datadoghq.com",
        "modified_by_name": "John Doe"
      },
      "name": "Block request from bad useragent",
      "path_glob": "/api/search/*",
      "scope": [
        {
          "env": "prod",
          "service": "billing-service"
        }
      ],
      "tags": {
        "category": "business_logic",
        "type": "users.login.success"
      }
    },
    "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b",
    "type": "custom_rule"
  }
}

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                  # Path parameters
export custom_rule_id="3b5-v82-ns6"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/${custom_rule_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Create a WAF custom rule

POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules

Información general

Create a new WAF custom rule with the given parameters.

Solicitud

Body Data (required)

The definition of the new WAF Custom Rule.

Expand All

Campo

Tipo

Descripción

data [required]

object

Object for a single WAF custom rule.

attributes [required]

object

Create a new WAF custom rule.

action

object

The definition of ApplicationSecurityWafCustomRuleAction object.

action

enum

Override the default action to take when the WAF custom rule would block. Allowed enum values: redirect_request,block_request

default: block_request

parameters

object

The definition of ApplicationSecurityWafCustomRuleActionParameters object.

location

string

The location to redirect to when the WAF custom rule triggers.

status_code

int64

The status code to return when the WAF custom rule triggers.

default: 403

blocking [required]

boolean

Indicates whether the WAF custom rule will block the request.

conditions [required]

[object]

Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger

operator [required]

enum

Operator to use for the WAF Condition. Allowed enum values: match_regex,!match_regex,phrase_match,!phrase_match,is_xss,is_sqli,exact_match,!exact_match,ip_match,!ip_match,capture_data

parameters [required]

object

The scope of the WAF custom rule.

data

string

Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter.

inputs [required]

[object]

List of inputs on which at least one should match with the given operator.

address [required]

enum

Input from the request on which the condition should apply. Allowed enum values: server.db.statement,server.io.fs.file,server.io.net.url,server.sys.shell.cmd,server.request.method,server.request.uri.raw,server.request.path_params,server.request.query,server.request.headers.no_cookies,server.request.cookies,server.request.trailers,server.request.body,server.response.status,server.response.headers.no_cookies,server.response.trailers,grpc.server.request.metadata,grpc.server.request.message,grpc.server.method,graphql.server.all_resolvers,usr.id,http.client_ip

key_path

[string]

Specific path for the input.

list

[string]

List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator.

options

object

Options for the operator of this condition.

case_sensitive

boolean

Evaluate the value as case sensitive.

min_length

int64

Only evaluate this condition if the value has a minimum amount of characters.

regex

string

Regex to use with the condition. Only used with match_regex and !match_regex operator.

value

string

Store the captured value in the specified tag name. Only used with the capture_data operator.

enabled [required]

boolean

Indicates whether the WAF custom rule is enabled.

name [required]

string

The Name of the WAF custom rule.

path_glob

string

The path glob for the WAF custom rule.

scope

[object]

The scope of the WAF custom rule.

env [required]

string

The environment scope for the WAF custom rule.

service [required]

string

The service scope for the WAF custom rule.

tags [required]

object

Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces.

category [required]

enum

The category of the WAF Rule, can be either business_logic, attack_attempt or security_response. Allowed enum values: attack_attempt,business_logic,security_responses

type [required]

string

The type of the WAF rule, associated with the category will form the security activity.

type [required]

enum

The type of the resource. The value should always be custom_rule. Allowed enum values: custom_rule

default: custom_rule

{
  "data": {
    "attributes": {
      "action": {
        "action": "block_request",
        "parameters": {
          "location": "/blocking",
          "status_code": 403
        }
      },
      "blocking": false,
      "conditions": [
        {
          "operator": "match_regex",
          "parameters": {
            "data": "blocked_users",
            "inputs": [
              {
                "address": "server.db.statement",
                "key_path": []
              }
            ],
            "list": [],
            "options": {
              "case_sensitive": false,
              "min_length": "integer"
            },
            "regex": "path.*",
            "value": "custom_tag"
          }
        }
      ],
      "enabled": false,
      "name": "Block request from a bad useragent",
      "path_glob": "/api/search/*",
      "scope": [
        {
          "env": "prod",
          "service": "billing-service"
        }
      ],
      "tags": {
        "category": "business_logic",
        "type": "users.login.success"
      }
    },
    "type": "custom_rule"
  }
}

Respuesta

Created

Response object that includes a single WAF custom rule.

Expand All

Campo

Tipo

Descripción

data

object

Object for a single WAF custom rule.

attributes

object

A WAF custom rule.

action

object

The definition of ApplicationSecurityWafCustomRuleAction object.

action

enum

Override the default action to take when the WAF custom rule would block. Allowed enum values: redirect_request,block_request

default: block_request

parameters

object

The definition of ApplicationSecurityWafCustomRuleActionParameters object.

location

string

The location to redirect to when the WAF custom rule triggers.

status_code

int64

The status code to return when the WAF custom rule triggers.

default: 403

blocking [required]

boolean

Indicates whether the WAF custom rule will block the request.

conditions [required]

[object]

Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger.

operator [required]

enum

Operator to use for the WAF Condition. Allowed enum values: match_regex,!match_regex,phrase_match,!phrase_match,is_xss,is_sqli,exact_match,!exact_match,ip_match,!ip_match,capture_data

parameters [required]

object

The scope of the WAF custom rule.

data

string

Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter.

inputs [required]

[object]

List of inputs on which at least one should match with the given operator.

address [required]

enum

Input from the request on which the condition should apply. Allowed enum values: server.db.statement,server.io.fs.file,server.io.net.url,server.sys.shell.cmd,server.request.method,server.request.uri.raw,server.request.path_params,server.request.query,server.request.headers.no_cookies,server.request.cookies,server.request.trailers,server.request.body,server.response.status,server.response.headers.no_cookies,server.response.trailers,grpc.server.request.metadata,grpc.server.request.message,grpc.server.method,graphql.server.all_resolvers,usr.id,http.client_ip

key_path

[string]

Specific path for the input.

list

[string]

List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator.

options

object

Options for the operator of this condition.

case_sensitive

boolean

Evaluate the value as case sensitive.

min_length

int64

Only evaluate this condition if the value has a minimum amount of characters.

regex

string

Regex to use with the condition. Only used with match_regex and !match_regex operator.

value

string

Store the captured value in the specified tag name. Only used with the capture_data operator.

enabled [required]

boolean

Indicates whether the WAF custom rule is enabled.

metadata

object

Metadata associated with the WAF Custom Rule.

added_at

date-time

The date and time the WAF custom rule was created.

added_by

string

The handle of the user who created the WAF custom rule.

added_by_name

string

The name of the user who created the WAF custom rule.

modified_at

date-time

The date and time the WAF custom rule was last updated.

modified_by

string

The handle of the user who last updated the WAF custom rule.

modified_by_name

string

The name of the user who last updated the WAF custom rule.

name [required]

string

The Name of the WAF custom rule.

path_glob

string

The path glob for the WAF custom rule.

scope

[object]

The scope of the WAF custom rule.

env [required]

string

The environment scope for the WAF custom rule.

service [required]

string

The service scope for the WAF custom rule.

tags [required]

object

Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces.

category [required]

enum

The category of the WAF Rule, can be either business_logic, attack_attempt or security_response. Allowed enum values: attack_attempt,business_logic,security_responses

type [required]

string

The type of the WAF rule, associated with the category will form the security activity.

id

string

The ID of the custom rule.

type

enum

The type of the resource. The value should always be custom_rule. Allowed enum values: custom_rule

default: custom_rule

{
  "data": {
    "attributes": {
      "action": {
        "action": "block_request",
        "parameters": {
          "location": "/blocking",
          "status_code": 403
        }
      },
      "blocking": false,
      "conditions": [
        {
          "operator": "match_regex",
          "parameters": {
            "data": "blocked_users",
            "inputs": [
              {
                "address": "server.db.statement",
                "key_path": []
              }
            ],
            "list": [],
            "options": {
              "case_sensitive": false,
              "min_length": "integer"
            },
            "regex": "path.*",
            "value": "custom_tag"
          }
        }
      ],
      "enabled": false,
      "metadata": {
        "added_at": "2021-01-01T00:00:00Z",
        "added_by": "john.doe@datadoghq.com",
        "added_by_name": "John Doe",
        "modified_at": "2021-01-01T00:00:00Z",
        "modified_by": "john.doe@datadoghq.com",
        "modified_by_name": "John Doe"
      },
      "name": "Block request from bad useragent",
      "path_glob": "/api/search/*",
      "scope": [
        {
          "env": "prod",
          "service": "billing-service"
        }
      ],
      "tags": {
        "category": "business_logic",
        "type": "users.login.success"
      }
    },
    "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b",
    "type": "custom_rule"
  }
}

Bad Request

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                  # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "blocking": false,
      "conditions": [
        {
          "operator": "match_regex",
          "parameters": {
            "inputs": [
              {
                "address": "server.db.statement"
              }
            ]
          }
        }
      ],
      "enabled": false,
      "name": "Block request from a bad useragent",
      "scope": [
        {
          "env": "prod",
          "service": "billing-service"
        }
      ],
      "tags": {
        "category": "business_logic",
        "type": "users.login.success"
      }
    },
    "type": "custom_rule"
  }
}
EOF

List all WAF custom rules

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_ruleshttps://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules

Información general

Retrieve a list of WAF custom rule.

Respuesta

OK

Response object that includes a list of WAF custom rules.

Expand All

Campo

Tipo

Descripción

data

[object]

The WAF custom rule data.

attributes

object

A WAF custom rule.

action

object

The definition of ApplicationSecurityWafCustomRuleAction object.

action

enum

Override the default action to take when the WAF custom rule would block. Allowed enum values: redirect_request,block_request

default: block_request

parameters

object

The definition of ApplicationSecurityWafCustomRuleActionParameters object.

location

string

The location to redirect to when the WAF custom rule triggers.

status_code

int64

The status code to return when the WAF custom rule triggers.

default: 403

blocking [required]

boolean

Indicates whether the WAF custom rule will block the request.

conditions [required]

[object]

Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger.

operator [required]

enum

Operator to use for the WAF Condition. Allowed enum values: match_regex,!match_regex,phrase_match,!phrase_match,is_xss,is_sqli,exact_match,!exact_match,ip_match,!ip_match,capture_data

parameters [required]

object

The scope of the WAF custom rule.

data

string

Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter.

inputs [required]

[object]

List of inputs on which at least one should match with the given operator.

address [required]

enum

Input from the request on which the condition should apply. Allowed enum values: server.db.statement,server.io.fs.file,server.io.net.url,server.sys.shell.cmd,server.request.method,server.request.uri.raw,server.request.path_params,server.request.query,server.request.headers.no_cookies,server.request.cookies,server.request.trailers,server.request.body,server.response.status,server.response.headers.no_cookies,server.response.trailers,grpc.server.request.metadata,grpc.server.request.message,grpc.server.method,graphql.server.all_resolvers,usr.id,http.client_ip

key_path

[string]

Specific path for the input.

list

[string]

List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator.

options

object

Options for the operator of this condition.

case_sensitive

boolean

Evaluate the value as case sensitive.

min_length

int64

Only evaluate this condition if the value has a minimum amount of characters.

regex

string

Regex to use with the condition. Only used with match_regex and !match_regex operator.

value

string

Store the captured value in the specified tag name. Only used with the capture_data operator.

enabled [required]

boolean

Indicates whether the WAF custom rule is enabled.

metadata

object

Metadata associated with the WAF Custom Rule.

added_at

date-time

The date and time the WAF custom rule was created.

added_by

string

The handle of the user who created the WAF custom rule.

added_by_name

string

The name of the user who created the WAF custom rule.

modified_at

date-time

The date and time the WAF custom rule was last updated.

modified_by

string

The handle of the user who last updated the WAF custom rule.

modified_by_name

string

The name of the user who last updated the WAF custom rule.

name [required]

string

The Name of the WAF custom rule.

path_glob

string

The path glob for the WAF custom rule.

scope

[object]

The scope of the WAF custom rule.

env [required]

string

The environment scope for the WAF custom rule.

service [required]

string

The service scope for the WAF custom rule.

tags [required]

object

Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces.

category [required]

enum

The category of the WAF Rule, can be either business_logic, attack_attempt or security_response. Allowed enum values: attack_attempt,business_logic,security_responses

type [required]

string

The type of the WAF rule, associated with the category will form the security activity.

id

string

The ID of the custom rule.

type

enum

The type of the resource. The value should always be custom_rule. Allowed enum values: custom_rule

default: custom_rule

{
  "data": [
    {
      "attributes": {
        "action": {
          "action": "block_request",
          "parameters": {
            "location": "/blocking",
            "status_code": 403
          }
        },
        "blocking": false,
        "conditions": [
          {
            "operator": "match_regex",
            "parameters": {
              "data": "blocked_users",
              "inputs": [
                {
                  "address": "server.db.statement",
                  "key_path": []
                }
              ],
              "list": [],
              "options": {
                "case_sensitive": false,
                "min_length": "integer"
              },
              "regex": "path.*",
              "value": "custom_tag"
            }
          }
        ],
        "enabled": false,
        "metadata": {
          "added_at": "2021-01-01T00:00:00Z",
          "added_by": "john.doe@datadoghq.com",
          "added_by_name": "John Doe",
          "modified_at": "2021-01-01T00:00:00Z",
          "modified_by": "john.doe@datadoghq.com",
          "modified_by_name": "John Doe"
        },
        "name": "Block request from bad useragent",
        "path_glob": "/api/search/*",
        "scope": [
          {
            "env": "prod",
            "service": "billing-service"
          }
        ],
        "tags": {
          "category": "business_logic",
          "type": "users.login.success"
        }
      },
      "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b",
      "type": "custom_rule"
    }
  ]
}

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Update a WAF Custom Rule

PUT https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}

Información general

Update a specific WAF custom Rule. Returns the Custom Rule object when the request is successful.

Argumentos

Parámetros de ruta

Nombre

Tipo

Descripción

custom_rule_id [required]

string

The ID of the custom rule.

Solicitud

Body Data (required)

New definition of the WAF Custom Rule.

Expand All

Campo

Tipo

Descripción

data [required]

object

Object for a single WAF Custom Rule.

attributes [required]

object

Update a WAF custom rule.

action

object

The definition of ApplicationSecurityWafCustomRuleAction object.

action

enum

Override the default action to take when the WAF custom rule would block. Allowed enum values: redirect_request,block_request

default: block_request

parameters

object

The definition of ApplicationSecurityWafCustomRuleActionParameters object.

location

string

The location to redirect to when the WAF custom rule triggers.

status_code

int64

The status code to return when the WAF custom rule triggers.

default: 403

blocking [required]

boolean

Indicates whether the WAF custom rule will block the request.

conditions [required]

[object]

Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger.

operator [required]

enum

Operator to use for the WAF Condition. Allowed enum values: match_regex,!match_regex,phrase_match,!phrase_match,is_xss,is_sqli,exact_match,!exact_match,ip_match,!ip_match,capture_data

parameters [required]

object

The scope of the WAF custom rule.

data

string

Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter.

inputs [required]

[object]

List of inputs on which at least one should match with the given operator.

address [required]

enum

Input from the request on which the condition should apply. Allowed enum values: server.db.statement,server.io.fs.file,server.io.net.url,server.sys.shell.cmd,server.request.method,server.request.uri.raw,server.request.path_params,server.request.query,server.request.headers.no_cookies,server.request.cookies,server.request.trailers,server.request.body,server.response.status,server.response.headers.no_cookies,server.response.trailers,grpc.server.request.metadata,grpc.server.request.message,grpc.server.method,graphql.server.all_resolvers,usr.id,http.client_ip

key_path

[string]

Specific path for the input.

list

[string]

List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator.

options

object

Options for the operator of this condition.

case_sensitive

boolean

Evaluate the value as case sensitive.

min_length

int64

Only evaluate this condition if the value has a minimum amount of characters.

regex

string

Regex to use with the condition. Only used with match_regex and !match_regex operator.

value

string

Store the captured value in the specified tag name. Only used with the capture_data operator.

enabled [required]

boolean

Indicates whether the WAF custom rule is enabled.

name [required]

string

The Name of the WAF custom rule.

path_glob

string

The path glob for the WAF custom rule.

scope

[object]

The scope of the WAF custom rule.

env [required]

string

The environment scope for the WAF custom rule.

service [required]

string

The service scope for the WAF custom rule.

tags [required]

object

Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces.

category [required]

enum

The category of the WAF Rule, can be either business_logic, attack_attempt or security_response. Allowed enum values: attack_attempt,business_logic,security_responses

type [required]

string

The type of the WAF rule, associated with the category will form the security activity.

type [required]

enum

The type of the resource. The value should always be custom_rule. Allowed enum values: custom_rule

default: custom_rule

{
  "data": {
    "type": "custom_rule",
    "attributes": {
      "blocking": false,
      "conditions": [
        {
          "operator": "match_regex",
          "parameters": {
            "inputs": [
              {
                "address": "server.request.query",
                "key_path": [
                  "id"
                ]
              }
            ],
            "regex": "badactor"
          }
        }
      ],
      "enabled": false,
      "name": "test",
      "path_glob": "/test",
      "scope": [
        {
          "env": "test",
          "service": "test"
        }
      ],
      "tags": {
        "category": "attack_attempt",
        "type": "test"
      }
    }
  }
}

Respuesta

OK

Response object that includes a single WAF custom rule.

Expand All

Campo

Tipo

Descripción

data

object

Object for a single WAF custom rule.

attributes

object

A WAF custom rule.

action

object

The definition of ApplicationSecurityWafCustomRuleAction object.

action

enum

Override the default action to take when the WAF custom rule would block. Allowed enum values: redirect_request,block_request

default: block_request

parameters

object

The definition of ApplicationSecurityWafCustomRuleActionParameters object.

location

string

The location to redirect to when the WAF custom rule triggers.

status_code

int64

The status code to return when the WAF custom rule triggers.

default: 403

blocking [required]

boolean

Indicates whether the WAF custom rule will block the request.

conditions [required]

[object]

Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger.

operator [required]

enum

Operator to use for the WAF Condition. Allowed enum values: match_regex,!match_regex,phrase_match,!phrase_match,is_xss,is_sqli,exact_match,!exact_match,ip_match,!ip_match,capture_data

parameters [required]

object

The scope of the WAF custom rule.

data

string

Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter.

inputs [required]

[object]

List of inputs on which at least one should match with the given operator.

address [required]

enum

Input from the request on which the condition should apply. Allowed enum values: server.db.statement,server.io.fs.file,server.io.net.url,server.sys.shell.cmd,server.request.method,server.request.uri.raw,server.request.path_params,server.request.query,server.request.headers.no_cookies,server.request.cookies,server.request.trailers,server.request.body,server.response.status,server.response.headers.no_cookies,server.response.trailers,grpc.server.request.metadata,grpc.server.request.message,grpc.server.method,graphql.server.all_resolvers,usr.id,http.client_ip

key_path

[string]

Specific path for the input.

list

[string]

List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator.

options

object

Options for the operator of this condition.

case_sensitive

boolean

Evaluate the value as case sensitive.

min_length

int64

Only evaluate this condition if the value has a minimum amount of characters.

regex

string

Regex to use with the condition. Only used with match_regex and !match_regex operator.

value

string

Store the captured value in the specified tag name. Only used with the capture_data operator.

enabled [required]

boolean

Indicates whether the WAF custom rule is enabled.

metadata

object

Metadata associated with the WAF Custom Rule.

added_at

date-time

The date and time the WAF custom rule was created.

added_by

string

The handle of the user who created the WAF custom rule.

added_by_name

string

The name of the user who created the WAF custom rule.

modified_at

date-time

The date and time the WAF custom rule was last updated.

modified_by

string

The handle of the user who last updated the WAF custom rule.

modified_by_name

string

The name of the user who last updated the WAF custom rule.

name [required]

string

The Name of the WAF custom rule.

path_glob

string

The path glob for the WAF custom rule.

scope

[object]

The scope of the WAF custom rule.

env [required]

string

The environment scope for the WAF custom rule.

service [required]

string

The service scope for the WAF custom rule.

tags [required]

object

Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces.

category [required]

enum

The category of the WAF Rule, can be either business_logic, attack_attempt or security_response. Allowed enum values: attack_attempt,business_logic,security_responses

type [required]

string

The type of the WAF rule, associated with the category will form the security activity.

id

string

The ID of the custom rule.

type

enum

The type of the resource. The value should always be custom_rule. Allowed enum values: custom_rule

default: custom_rule

{
  "data": {
    "attributes": {
      "action": {
        "action": "block_request",
        "parameters": {
          "location": "/blocking",
          "status_code": 403
        }
      },
      "blocking": false,
      "conditions": [
        {
          "operator": "match_regex",
          "parameters": {
            "data": "blocked_users",
            "inputs": [
              {
                "address": "server.db.statement",
                "key_path": []
              }
            ],
            "list": [],
            "options": {
              "case_sensitive": false,
              "min_length": "integer"
            },
            "regex": "path.*",
            "value": "custom_tag"
          }
        }
      ],
      "enabled": false,
      "metadata": {
        "added_at": "2021-01-01T00:00:00Z",
        "added_by": "john.doe@datadoghq.com",
        "added_by_name": "John Doe",
        "modified_at": "2021-01-01T00:00:00Z",
        "modified_by": "john.doe@datadoghq.com",
        "modified_by_name": "John Doe"
      },
      "name": "Block request from bad useragent",
      "path_glob": "/api/search/*",
      "scope": [
        {
          "env": "prod",
          "service": "billing-service"
        }
      ],
      "tags": {
        "category": "business_logic",
        "type": "users.login.success"
      }
    },
    "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b",
    "type": "custom_rule"
  }
}

Bad Request

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                          # Path parameters
export custom_rule_id="3b5-v82-ns6"
# Curl command
curl -X PUT "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/${custom_rule_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "type": "custom_rule",
    "attributes": {
      "blocking": false,
      "conditions": [
        {
          "operator": "match_regex",
          "parameters": {
            "inputs": [
              {
                "address": "server.request.query",
                "key_path": [
                  "id"
                ]
              }
            ],
            "regex": "badactor"
          }
        }
      ],
      "enabled": false,
      "name": "test",
      "path_glob": "/test",
      "scope": [
        {
          "env": "test",
          "service": "test"
        }
      ],
      "tags": {
        "category": "attack_attempt",
        "type": "test"
      }
    }
  }
}
EOF

Delete a WAF Custom Rule

DELETE https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}

Información general

Delete a specific WAF custom rule.

Argumentos

Parámetros de ruta

Nombre

Tipo

Descripción

custom_rule_id [required]

string

The ID of the custom rule.

Respuesta

No Content

Not Authorized

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Campo

Tipo

Descripción

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Ejemplo de código

                  # Path parameters
export custom_rule_id="3b5-v82-ns6"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/${custom_rule_id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"