getWafAclOverview — Retrieving the ACL status overview

Many configuration settings are based on Access Control List (ACL) rules and exceptions to those rules. Rules might include things such as blacklisting URLs, countries or IP addresses, and exceptions on certain types of actions, such as bot access or illegal resource access.

The getWafAclOverview method retrieves the site’s ACLs.

The API endpoint is:

https://api.sitelock.com/v1/partner

Request format

SiteLockOnlineRequest: This element is used to delineate the full API request.
- authentication: The partner’s username, password, and branding
  - username: The partner’s API username
  - password: The partner’s API password
  - partner: (Optional) The brand name to use in messaging
- getWafAclOverview: The method name
  - site_id: The ID of the site for which to retrieve the ACL

Example XML request

<SiteLockOnlineRequest>
    <authentication>
        <user>Username</user>
        <password>Password</password>
    </authentication>
    <getWafAclOverview>
        <site_id>1234567</site_id>
    </getWafAclOverview>
</SiteLockOnlineRequest>

Response format

SiteLockOnlineResponse: This element is used to delineate the full API response.
- getWafAclOverview: The method name
  - backdoor: A list of exceptions for backdoor access attempts
    
    exceptions: A list of exceptions in the Common exception format
  - blacklist_geo: A list of rules and exceptions for blacklisted geographical regions
    
    exceptions: A list of exceptions in the Common exception format
    
    geo: A list of blacklisted geographical regions
    
    continents: A list of blacklisted continents
    
    continent: (Repeatable) The two-character codes for blacklisted continents
    
    countries: A list of blacklisted countries
    
    country: (Repeatable) two-character codes for blacklisted countries
  - blacklist_ip: A list of blacklisted IPs and exceptions
    
    exceptions: A list of exceptions in the Common exception format
    
    ips: A list of IP addresses
    
    ip: (Repeatable) The blacklisted IP addresses. The acceptable formats are:
    
    A single IP address (for example, 192.168.0.1)
    
    A network block in CIDR format (for example, 192.186.0.0/28)
    
    An IP address range (for example, 192.168.0.1-192.168.1.30)
  - blacklist_url: A list of blacklisted URLs and exceptions
    
    urls: A list of blacklisted URLs. These aren’t external URLs but those prohibited from outside access. Attempts to access these URLs will be blocked by the Firewall & CDN product.
    
    url: (Repeatable) The blacklisted URL
    
    value: [attribute] - The URL to be blocked. It must begin with a forward slash (/) for any of the following pattern types: EQUALS, NOT_EQUALS, PREFIX.
    
    pattern: [attribute] - The way the URL is to be matched. The pattern can be one of the following: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, PREFIX, SUFFIX.
    
    exceptions: A list of exceptions in the Common exception format
  - bot_access_control: A list of exceptions for access attempts by web bots
    
    exceptions: A list of exceptions in the Common exception format
  - ddos: A list of exceptions for DDoS attack attempts
    
    exceptions: A list of exceptions in the Common exception format
  - illegal_resource: A list of exceptions for illegal resource access attempts
    
    exceptions: A list of exceptions in the Common exception format
  - remote_file_inclusion: A list of exceptions for remote file inclusion attempts
    
    exceptions: A list of exceptions in the Common exception format
  - sql_injection: A list of exceptions for SQL injection attempts
    
    exceptions: A list of exceptions in the Common exception format
    
    exception: (Repeatable) An exception
    
    id: The ID of the exception
    
    geo: A list of allowed geographical regions
    
    continents: A list of allowed continents
    
    continent: (Repeatable) The two-character codes for continents
    
    countries: A list of allowed countries
    
    country: (Repeatable) two-character codes for countries
    
    ips: A list of allowed IP addresses
    
    ip: (Repeatable) An allowed IP address. The acceptable formats are:
    
    A single IP address (for example, 192.168.0.1)
    
    A network block in CIDR format (for example, 192.186.0.0/28)
    
    An IP address range (for example, 192.168.0.1-192.168.1.30)
    
    urls: A list of URLs that can be accessed from outside
    
    url: (Repeatable) An allowed URL
    
    value: [attribute] - The URL that can be accessed from outside. It must begin with a forward slash (/) for any of the following pattern types: EQUALS, NOT_EQUALS, PREFIX.
    
    pattern: [attribute] - The way the URL is to be matched. The pattern must be one of: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, PREFIX, SUFFIX.
    
    user_agents: A list of allowed user agents
    
    user_agent: (Repeatable) A user agent
  - status: Either ok or error
  - whitelist_ip: A list of whitelisted IP addresses and exceptions
    
    exceptions: A list of exceptions in the Common exception format
    
    ips: A list of whitelisted IP addresses
    
    ip: (Repeatable) A whitelelisted IP address. The acceptable formats are:
    
    A single IP address (for example, 192.168.0.1)
    
    A network block in CIDR format (for example, 192.186.0.0/28)
    
    An IP address range (for example, 192.168.0.1-192.168.1.30)
  - xss: A list of exceptions for cross-site scripting (XSS) attempts
    
    exceptions: A list of exceptions in the Common exception format

Example response

<SiteLockOnlineResponse>
    <getWafAclOverview>
        <backdoor>
            <exceptions></exceptions>
        </backdoor>
        <blacklist_geo>
            <exceptions></exceptions>
            <geo>
                <continents>
                    <continent>OC</continent>
                </continents>
                <countries>
                    <country>CA</country>
                    <country>FR</country>
                    <country>LU</country>
                    <country>US</country>
                </countries>
            </geo>
        </blacklist_geo>
        <blacklist_ip>
            <exceptions></exceptions>
            <ips>
                <ip>1.2.3.12</ip>
            </ips>
        </blacklist_ip>
        <blacklist_url>
            <exceptions>
                <exception id="10475517">
                    <geo>
                        <continents>
                            <continent>OC</continent>
                        </continents>
                        <countries>
                            <country>GB</country>
                            <country>IR</country>
                            <country>SA</country>
                        </countries>
                    </geo>
                    <urls>
                        <url pattern="EQUALS" value="/qux.ext" />
                    </urls>
                    <user_agents>
                        <user_agent>Foolps! 2.1</user_agent>
                        <user_agent>Sploof! 1.2</user_agent>
                    </user_agents>
                </exception>
            </exceptions>
            <urls>
                <url path="/test.path/x" pattern="PREFIX" />
                <url path="admincp" pattern="CONTAINS" />
            </urls>
        </blacklist_url>
        <bot_access_control>
            <exceptions></exceptions>
        </bot_access_control>
        <ddos>
            <exceptions></exceptions>
        </ddos>
        <illegal_resource>
            <exceptions></exceptions>
        </illegal_resource>
        <remote_file_inclusion>
            <exceptions></exceptions>
        </remote_file_inclusion>
        <sql_injection>
            <exceptions>
                <exception id="5806864">
                    <geo>
                        <continents>
                            <continent>OC</continent>
                        </continents>
                            <countries>
                            <country>CA</country>
                        </countries>
                    </geo>
                    <ips>
                        <ip>10.2.2.0-10.2.2.255</ip>
                    </ips>
                    <urls>
                        <url pattern="EQUALS" value="/denied_to_wl" />
                    </urls>
                    <user_agents>
                        <user_agent>Shift/1.1 Alonzo; Core; 2.2</user_agent>
                    </user_agents>
                </exception>
                <exception id="4988220">
                <ips>
                    <ip>10.1.0.0</ip>
                </ips>
                </exception>
            </exceptions>
        </sql_injection>
        <status>ok</status>
        <whitelist_ip>
            <exceptions></exceptions>
            <ips>
                <ip>1.2.3.16</ip>
                <ip>184.154.149.90</ip>
                <ip>1.2.3.14</ip>
                <ip>10.2.2.2</ip>
                <ip>108.178.14.202</ip>
            </ips>
        </whitelist_ip>
        <xss>
            <exceptions></exceptions>
        </xss>
    </getWafAclOverview>
</SiteLockOnlineResponse>