The list of allowed HTTP methods. If unspecified, default to {@code [OPTIONS, GET, HEAD, POST]}. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
If {@code action} is set to {@code BLOCK}, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to {@code SET_RESPONSE_CODE}.
The error code to show on the error page when {@code action} is set to {@code BLOCK}, {@code blockAction} is set to {@code SHOW_ERROR_PAGE}, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to {@code 403}.
The description text to show on the error page when {@code action} is set to {@code BLOCK}, {@code blockAction} is set to {@code SHOW_ERROR_PAGE}, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to {@code Access blocked by website owner. Please contact support.}
The message to show on the error page when {@code action} is set to {@code BLOCK}, {@code blockAction} is set to {@code SHOW_ERROR_PAGE}, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
The response code returned when {@code action} is set to {@code BLOCK}, {@code blockAction} is set to {@code SET_RESPONSE_CODE}, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to {@code 403}. The list of available response codes: {@code 400}, {@code 401}, {@code 403}, {@code 405}, {@code 409}, {@code 411}, {@code 412}, {@code 413}, {@code 414}, {@code 415}, {@code 416}, {@code 500}, {@code 501}, {@code 502}, {@code 503}, {@code 504}, {@code 507}. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to {@code false}.
*Note:** Only origin responses with a Content-Type matching a value in {@code mediaTypes} will be inspected.
The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to {@code 255}. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335).
Example: If {@code maxArgumentCount} to {@code 2} for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: {@code GET /myapp/path?query=one&query=two&query=three} {@code POST /myapp/path} with Body {@code {\"argument1\":\"one\",\"argument2\":\"two\",\"argument3\":\"three\"}} Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to {@code 400}. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to {@code 1024}. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to {@code 64000}. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The list of media types to allow for inspection, if {@code isResponseInspected} is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to {@code ["text/html", "text/plain", "text/xml"]}.
Supported MIME types include:
- text/html - text/plain - text/asp - text/css - text/x-script - application/json - text/webviewhtml - text/x-java-source - application/x-javascript - application/javascript - application/ecmascript - text/javascript - text/ecmascript - text/x-script.perl - text/x-script.phyton - application/plain - application/xml - text/xml
The length of time to analyze traffic traffic, in days. After the analysis period, {@code WafRecommendations} will be populated. If unspecified, defaults to {@code 10}.
Use {@code GET /waasPolicies/{waasPolicyId}/wafRecommendations} to view WAF recommendations. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The settings used for protection rules.