Cluster Settings REST Interface

Data

The cluster settings dictionary contains the following fields:

In the administration user interface these settings are part of the Global Configuration. See Global Configuration for details on the parameters.

  • allow_traffic_if_cant_parse_request

    Under some rare circumstances, it might may happen that vWAF can’t parse some special character combinations within a request. If this option is enabled, vWAF accepts the request in this case.

  • allow_traffic_if_no_configuration_found

    If this option is enabled, vWAF doesn’t block traffic for hosts that have not yet been added to any application.

  • allow_traffic_if_no_license_found

    Usually, vWAF blocks all traffic if there isn’t any valid license or if the number of hosts exceeds your license. If this option is enabled, this behavior is reversed and vWAF accepts all traffic if there’s no license. This means that your web application is no longer protected!

  • allow_unencoded_spaces_in_url

    Browsers usually encode space characters properly, but poorly programmed scripts sometimes don’t. To allow such a script access to your web application, you can enable this option.

  • disable_statistics

    If this option is enabled, vWAF doesn’t run any statistics.

  • error_page_html_template

    Template that’s used if error_page_mode is set to html.

  • error_page_mode

    Setting for the global error page setup. Can have the values standard, redirect, and html.

  • error_page_url_template

    Template for the URL that’s used if error_page_mode is set to redirect.

  • full_request_logging

    If this option is enabled, vWAF logs the complete request header and the complete request body (up to a configurable size).

  • full_request_logging_max_body_size

    Maximum size of the body that’s logged if full request logging is active. Given in KB; max. is 2048 KB.

  • request_timelimit

    Time limit in seconds for requests that aren’t answered by the backend.

  • session_cookie_name

    Name of the secure session cookie that vWAF is to generate.

  • use_ns_client_ip_header

    If this option is enabled, vWAF uses the NS-Client-IP header (inserted by NetScaler) to determine the IP address of the user.

  • use_x_forwarded_for_header

    If this option is enabled, vWAF uses the X-Forwarded-For header (inserted by the reverse proxy) to determine the IP address of the user.

Getting the global cluster settings

  • Request

    Method GET

    URL

    /cluster/settings

    Arguments

  • Response

    Return code Arguments Meaning

    200

    { clustersettings }

    successfully returned a dictionary containing all cluster settings

    401

    -

    no login

    403

    -

    not enough rights

    500

    -

    internal server error

  • Example

    The following request reads the settings.

    $ curl -n https://something.com:8087/api/af/latest/cluster/settings { "__name": "settings", "__path": "/api/af/latest/cluster/settings/", "__subnodes": [], "allow_traffic_if_cant_parse_request": false, "allow_traffic_if_no_configuration_found": false, "allow_traffic_if_no_license_found": false, "allow_unencoded_spaces_in_url": false, "disable_statistics": false, "error_page_html_template": "\n<html>\n<head>\n ..........", "error_page_mode": "standard", "error_page_url_template": "http://something.de/", "full_request_logging": true, "full_request_logging_max_body_size": 65536, "request_timelimit": 30, "session_cookie_name": "aodsession", "use_ns_client_ip_header": false, "use_x_forwarded_for_header": false }

Changing the global cluster settings

  • Request

    Method PUT

    URL

    /cluster/settings

    Arguments

    { clustersettings }

  • Response

    Return code Arguments Meaning

    200

    -

    global cluster settings successfully changed

    401

    -

    no login

    403

    -

    not enough rights

    409

    -

    invalid, malformed, or missing settings

    500

    -

    internal server error

  • Example

    The following request changes a value-in this case the session cookie name.

    $ curl -n --data ‘session_cookie_name=jsession' https://something.com:8087/api/af/latest/cluster/settings { "__name": "settings", "__path": "/api/af/latest/cluster/settings/", "__subnodes": [], "allow_traffic_if_cant_parse_request": false, "allow_traffic_if_no_configuration_found": false, "allow_traffic_if_no_license_found": false, "allow_unencoded_spaces_in_url": false, "disable_statistics": false, "error_page_html_template": "\n<html>\n<head>\n ..........", "error_page_mode": "standard", "error_page_url_template": "http://something.com/", "full_request_logging": true, "full_request_logging_max_body_size": 65536, "request_timelimit": 30, "session_cookie_name": "jsession", "use_ns_client_ip_header": false, "use_x_forwarded_for_header": false }