setWafSettings — Updating the Firewall & CDN rules policy

The setWafSettings method updates the Firewall & CDN rules policy for a site.

The API endpoint is:

https://api.sitelock.com/v1/partner

Request format

  • SiteLockOnlineRequest: This element is used to delineate the full API request.

    • authentication: The partner’s username, password, and branding

      • username: The partner’s API username

      • password: The partner’s API password

      • partner: (Optional) The brand name to use in messaging

    • setWafSettings: The method name

      • site_id: The ID of the site for which to update the Firewall & CDN rules policy

      • backdoor: Protection policy against backdoor access attempts. Can be one of the following:

        • alert: Alert the user about a backdoor access attempt

        • disabled: Disable backdoor access protection

        • quarantine_url: Send the requested URL to quarantine

      • bot_access_control: Protection policy against access attempts by web bots. Can be one of the following:

        • block_challenge: Block a bad bot, and challenge a suspected bot, for example, with a captcha

        • challenge: Challenge a suspected web bot, for example, with a captcha

        • block: Block access attempts by web bots

        • disabled: Disable web bot protection

      • ddos: Protection policy against DDoS attacks. Can be one of the following:

        • on: Enable DDoS protection

        • auto: DDoS mitigation rules are activated automatically when SiteLock detects that your site is under a DDoS attack

        • off: Disable DDoS protection

      • illegal_resource: Protection policy against illegal resource access attempts. Can be one of the following:

        • alert: Alert the user about an illegal resource access attempt

        • disable: Disable protection against illegal resource access attempts

        • block_ip: Block the IP address from which an illegal resource access attempt was made

        • block_user: Block the visitor that made an illegal resource access attempt

        • block_request: Block illegal resource access requests

      • remote_file_inclusion: Protection policy against remote file inclusion attacks. Can be one of the following:

        • alert: Alert the user about a remote file inclusion attack

        • disable: Disable protection against remote file inclusion attacks

        • block_ip: Block the IP address from which a remote file inclusion attack was made

        • block_user: Block the visitor that made a remote file inclusion attack

        • block_request: Block remote file inclusion requests

      • sql_injection: Protection policy against SQL injection attacks. Can be one of the following:

        • alert: Alert the user about a SQL injection attack

        • disable: Disable protection against SQL injection attacks

        • block_ip: Block the IP address from which a SQL injection attack was made

        • block_user: Block the visitor that made a SQL injection attack

        • block_request: Blocks requests if they appear to contain malicious SQL code

      • xss: Protection policy against cross-site scripting (XSS) attacks. Can be one of the following:

        • alert: Alert the user about an XSS attack

        • disable: Disable protection against XSS attacks

        • block_ip: Block the IP address from which an XSS attack was made

        • block_user: Block the visitor that made an XSS attack

        • block_request: Blocks requests if they resemble XSS attacks

Example request

<SiteLockOnlineRequest>
    <authentication>
        <user>Username</user>
        <password>Password</password>
    </authentication>
    <setWafSettings>
        <site_id>12</site_id>
        <backdoor>quarantine_url</backdoor>
        <bot_access_control>challenge</bot_access_control>
        <ddos>auto</ddos>
        <illegal_resource>alert</illegal_resource>
        <remote_file_inclusion>block_ip</remote_file_inclusion>
        <sql_injection>block_request</sql_injection>
        <xss>block_request</xss>
    </setWafSettings>
</SiteLockOnlineRequest>

Response format

  • SiteLockOnlineResponse: This element is used to delineate the full API response.

    • setWafSettings: The method name

    • backdoor: The type of policy that was updated, such as backdoor, bot_access_control, ddos, illegal_resource, remote_file_inclusion, sql_injection, or xss.

      • status: Either okay or error.

      • message: If the value of status is error, a message explaining the error

Example response

<SiteLockOnlineResponse>
    <setWafSettings>
        <backdoor>
            <status>ok</status>
        </backdoor>
        <bot_access_control>
            <status>ok</status>
        </bot_access_control>
        <ddos>
            <message>Plan does not support</message>
            <status>error</status>
        </ddos>
        <illegal_resource>
            <status>ok</status>
        </illegal_resource>
        <remote_file_inclusion>
            <status>ok</status>
        </remote_file_inclusion>
        <sql_injection>
            <status>ok</status>
        </sql_injection>
        <status>ok</status>
        <xss>
            <status>ok</status>
        </xss>
    </setWafSettings>
</SiteLockOnlineResponse>