Global ACLs
Global ACLs define strict access control (allow/deny) rules for all the services configured on the Barracuda Web Application Firewall.
To Create a Global ACL Rule
URL: /v1/security_policies/{policy_id}/global_acls | |||
Method: POST | |||
Description: Adds a global ACL rule with the given values. | |||
Parameter Name | Data Type | Mandatory | Description |
|---|---|---|---|
Input Parameters: |
|
|
|
name | Alphanumeric | Yes | A name for the URL ACL rule. |
url_match | Alphanumeric |
| The URL to be matched to the URL in the request. The URL should start with a "/" and can have at most one " * " anywhere in the URL. A value of “/*” means that the access control rule (ACL) applies for all URLs in that domain. |
extended_match | String | Yes | An expression that consists of a combination of HTTP headers and/or query string parameters. Updating extended match parameters value is shown in the example below. See Example 2. For information on how to write extended match expressions, refer to Extended Match Syntax Help. |
extended_match_sequence | Numeric | Yes | A number to indicate the order in which the extended match rule must be evaluated in the requests. |
action | Enumeration | Optional | The action to be taken on the request matching this URL. The enumerated values include:
|
deny_response | Enumeration | Conditional | The response to be sent to the client if the request is denied. The enumerated values include:
Note: Required ONLY when action is set to deny_and_log or deny_with_no_log. |
response_page | Enumeration | Conditional | The response page to be sent to the client. The enumerated values include:
Note: Required ONLY when action is set to deny_and_log or deny_with_no_log. |
redirect_url | Alphanumeric | Conditional | A URL to which a user should be redirected.
Note: Required ONLY when action is temporary_redirect or permanent_redirect. |
comments | Alphanumeric | Optional | Description about the global ACL rule. |
follow_up_action | Enumeration | Yes | The required follow up action to be taken whenever the request is denied. The enumerated values include:
Note: The default value is "none". |
follow_up_action_time | Numeric | Yes | Sets the time (sec) to block the client IP if Follow Up Action is set to Block Client-IP. The time can range between 1 to 600000 seconds. Note: The default time range set is 60 seconds. |
Request:
curl http://192.168.0.1:8000/restapi/v1/security_policies/new_policy/global_acls -u 'eyJldCI6IjEzODAxNTEyOTIiLCJwYXNzd29yZCI6IjY4YzM1YzVhYzIwYTEzMjgxOWNlYTRhMGUz\nZTQ2NjZkIiwidXNlciI6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d '{"name":"acl_1","redirect_url":"/index.html","extended_match_sequence":"3"}'
Response:
{"id":"acl_1","token":"eyJldCI6IjEzODAxNTE3MTUiLCJwYXNzd29yZCI6IjhkNjk5MjY3YzY4MGUyNzQxNGEzOGZlZjU0\nN2RjYTIwIiwidXNlciI6ImFkbWluIn0=\n"}
Request:
curl http://192.168.0.1:8000/restapi/v1/security_policies/new_policy/global_acls -u 'eyJldCI6IjEzODAxNTEyOTIiLCJwYXNzd29yZCI6IjY4YzM1YzVhYzIwYTEzMjgxOWNlYTRhMGUz\nZTQ2NjZkIiwidXNlciI6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d '{"name":"acl_1","url_match":"/test.html","extended_match":"(Method eq GET)&&(HTTP-Version eq HTTP/1.1)||(Header User-Agent eq mozilla)","extended_match_sequence":"1","action":"deny_and_log","deny_response":"response_page","response_page":"default","comments":"This is acl_1 url acl"}'
Response:
{"id":"acl_1","token":"eyJldCI6IjEzODAxNTEyOTIiLCJwYXNzd29yZCI6IjY4YzM1YzVhYzIwYTEzMjgxOWNlYTRhMGUz\nZTQ2NjZkIiwidXNlciI6ImFkbWluIn0=\n"}
To Retrieve Global ACL Rules
URL: /v1/security_policies/{policy_id}/global_acls /v1/security_policies/{policy_id}/global_acls/{global_acl_id} | |||
Method: GET | |||
Description: Lists all global ACL rules if “global_acl_id” is not specified. | |||
Parameter Name | Data Type | Mandatory | Description |
|---|---|---|---|
Input Parameters: |
|
|
|
parameters | Alphanumeric | Optional | Any specific parameter name that needs to be retrieved. See Example 2. |
Contact Us
Barracuda Campus
Barracuda Support