As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Get WAF Rules - API
- Kyle Pippin (Unlicensed)
- Daniel Colon
- David Harrison (Unlicensed)
- Hector Ruiz (Unlicensed)
WAF API's have been deprecated as of ThreadFix version 2.8.
/rest/{version}/wafs/{wafId}/rules/app/{appId}
Descriptor | Value |
|---|---|
HTTP Method | GET |
Description | Returns the WAF rule text for one or all applications a WAF is attached to. If the appId is -1, it will get rules for all apps. If the appId is a valid application ID, rules will be generated for that application. |
Required Permission | Generate WAF Rules |
Version Introduced | 2.3.0 |
Request Header Parameters
Parameter | Value | Required | Description |
|---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Sample Call:
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" http://localhost:8080/threadfix/rest/latest/wafs/2/rules/app/-1
Sample Output:
{
   "message": "",
   "success": true,
   "responseCode": -1,
   "object": "SecRule REQUEST_URI \"^\\/cgi-bin\\/( |%20|\\n|$|\\?|\\/\\?|\\/\\n|\\/$|\\/ |\\/%20)\"\"phase:2,deny,msg:'Directory Indexing attempt: /cgi-bin/',id:'100000',severity:'2'\"\n\nSecRule REQUEST_URI \"^\\/demo\\/( |%20|\\n|$|\\?|\\/\\?|\\/\\n|\\/$|\\/ |\\/%20)\"\"phase:2,deny,msg:'Directory Indexing attempt: /demo/',id:'100001',severity:'2'\"\n\nSecRule REQUEST_URI \"^\\/test\\.php( |%20|\\n|$|\\?|\\/\\?|\\/\\n|\\/$|\\/ |\\/%20)\"\"phase:2,deny,msg:'Direct Request attempt: /test.php',id:'100002',severity:'2'\"\n\nSecRule REQUEST_URI \"^\\/demo\\/OSCommandInjection2\\.php\"\"phase:2,chain,deny,msg:'OS Command Injection attempt: /demo/OSCommandInjection2.php [fileName]',id:'100003',severity:'2'\"\nSecRule ARGS:fileName \"&|\\||;|%7C|%26|%3B\"\n\nSecRule REQUEST_URI \"^\\/demo\\/XSS-cookie\\.php\"\"phase:2,chain,deny,msg:'Cross-site Scripting attempt: /demo/XSS-cookie.php [cookie]',id:'100004',severity:'2'\"\nSecRule ARGS:cookie \"<|\\%3C|>|\\%3E\"\n\nSecRule REQUEST_URI \"^\\/demo\\/EvalInjection2\\.php\"\"phase:2,chain,deny,msg:'Cross-site Scripting attempt: /demo/EvalInjection2.php [command]',id:'100005',severity:'2'\"\nSecRule ARGS:command \"<|\\%3C|>|\\%3E\"\n\nSecRule REQUEST_URI \"^\\/demo\\/XSS-reflected2\\.php\"\"phase:2,chain,deny,msg:'Cross-site Scripting attempt: /demo/XSS-reflected2.php [username]',id:'100006',severity:'2'\"\nSecRule ARGS:username \"<|\\%3C|>|\\%3E\"\n\n"
} www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.