Common Tasks for Protection Module

1. Toggle Blocking On/Off

curl -X POST http://localhost:8080/api/toggle-blocking \ 
                   -H "Content-Type: application/json" \
                   -d '{"enable":"False"}'

2. ModSecurity Debug Level

curl -X POST http://localhost:8080/api/debug-level \ 
                   -H "Content-Type: application/json" \
                   -d '{"level":"3"}'

3. Add Custom Ruleset

Generating a Regular Rule

You need the:

Type: regular
Inspection point
Operator
Action

Inspection Point

Following are the inspection points:

'ip'
'single_header'
'all_headers'
'single_query_param'
'all_query_params'
'cookie'
'uri_path'
'method'
'body'

Operator

Following are the operators:

'exact'
'contains'
'regex'
'ip_match'
'greater_than'
'less_than'
'begins_with'
'ends_with'
'length'

Action

The action types are as follows:

'block'
'deny'
'allow'
'count'
'redirect'

Generating a Rate Limit Rule

A rate limit rule requires the following parameters:

Type: rate_limit
Rate limit ("rateLimit") - Number of requests to allow
Window size ("windowSize") - Window to check the requests in seconds
Inspection point (same as in regular rule)
Action (same as in regular rule)

The following example creates a ruleset to whitelist the IP 172.24.220.82 and block all other IPs. It also applies a rate limit of 5 requests per 10 seconds for the allowed IP.

# The following example creates a ruleset to whitelist the IP `172.24.220.82` and block all other IPs.
# It also applies a rate limit of 5 requests per 10 seconds for the allowed IP.

curl -X POST http://0.0.0.0:8080/api/ruleset/generate -H "Content-Type: application/json" \
-d '{
  "metadata": {
    "name": "IP Whitelist with Rate Limiting",
    "description": "Whitelist 172.24.220.82 and apply rate limiting"
  },
  "rules": [
    {
      "type": "regular",
      "inspectionPoint": "ip",
      "matchConditions": {
        "type": "ip_match",
        "value": "172.24.220.82"
      },
      "action": {
        "type": "pass",
        "message": "Whitelisted IP allowed"
      }
    },
    {
      "type": "regular",
      "inspectionPoint": "ip",
      "matchConditions": {
        "type": "regex",
        "value": "^(?!172\\\\.24\\\\.220\\\\.82$).*"
      },
      "action": {
        "type": "deny",
        "status": 403,
        "message": "Blocked IP ## not whitelisted"
      }
    },
    {
      "type": "rate_limit",
      "rateLimit": 5,
      "windowSize": 10,
      "inspectionPoint": "ip",
      "action": "deny"
    }
  ]
}'

4. Get Custom Rules List

curl http://localhost:8080/api/list-rules

5. Remove a Custom Rule Using ID

curl -X DELETE "http://localhost:8080/remove-rule?id=1000"

For Docker Installation Only

1. Add Upstream Server to the Nginx Configuration

curl -X POST http://localhost:8080/api/add-server \
                   -H "Content-Type: application/json" \
                   -d '{"name":"app1","port":80,"upstream":"http://httpbin.org"}'

2. List Servers

curl -X DELETE "http://localhost:8080/list-servers"

3. Remove Server

curl -X DELETE "http://localhost:8080/remove-server?name=app1"

1. Toggle Blocking On/Off​

2. ModSecurity Debug Level​

3. Add Custom Ruleset​

Generating a Regular Rule​

Inspection Point​

Operator​

Action​

Generating a Rate Limit Rule​

4. Get Custom Rules List​

5. Remove a Custom Rule Using ID​

For Docker Installation Only​

1. Add Upstream Server to the Nginx Configuration​

2. List Servers​

3. Remove Server​