LOG IN SIGN UP
Documentation

Fastly offers a web application firewall (WAF) security service that allows you to detect malicious request traffic and log or log and block that traffic before it reaches your web application. The Fastly WAF provides rules that detect and block potential attacks. The rules are collected into a policy and deployed within your Fastly service at the edge.

Firewall

Firewall object used when configuring WAF.

Fields

field type description
last_push string

Date and time that VCL was last pushed to cache nodes.

prefetch_condition string

Name of the corresponding condition object.

response string

Name of the corresponding response object.

version string

The current version number of a service.

service_id string

The service ID.

disabled boolean

The status of the firewall. Defaults to false.

rule_statuses_log_count integer

The number of rule statuses set to log.

rule_statuses_block_count integer

The number of rule statuses set to block.

rule_statuses_disabled_count integer

The number of rule statuses set to disabled.

Actions

GET /service/service_id/version/version/wafs

List all firewall objects for a particular service and version.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
page[size] integer

Limit the number of returned wafs.

page[number] integer

Request a specific page of wafs.

include string

Include relationships. Optional, comma separated values. Permitted values: configuration_set,owasp.

Request Example
GET /service/SU1Z0isxPaozGVKXdv0eY/version/1/wafs HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": [
    {
      "id": "6hBXhHGly9nQT9PvnA1cRo",
      "type": "waf",
      "attributes": {
        "prefetch_condition": null,
        "response": "waf",
        "last_push": "2016-09-28 22:52:33 UTC",
        "version": "2",
        "service_id": "SU1Z0isxPaozGVKXdv0eY",
        "disabled": false,
        "rule_statuses_log_count": 235,
        "rule_statuses_block_count": 34,
        "rule_statuses_disabled_count": 2
      },
      "relationships": {
        "configuration_set": {
          "data": {
            "type": "configuration_set",
            "id": "x4xCwxxJxGCx123Rx5xTx"
          }
        }
      }
    }
  ],
  "links": {
    "first": "https://api.fastly.com/service/4CkNe7DSkapn8huuYZqpIK/version/2/wafs?page[number]=1&page[size]=100",
    "last": "https://api.fastly.com/service/4CkNe7DSkapn8huuYZqpIK/version/2/wafs?page[number]=1&page[size]=100"
  }
}
GET /service/service_id/version/version/wafs/waf_id

Get a specific firewall object.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
service_id string

The ID of the service.

version integer

The number of the version.

waf_id string

The firewall ID.

Request Example
GET /service/SU1Z0isxPaozGVKXdv0eY/version/1/wafs/3N9YFqslrxuURkTPXGwQbX HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "attributes": {
      "last_push": "2016-08-16 17:05:13 UTC",
      "prefetch_condition": "WAF-Condition",
      "response": "WAF_Error",
      "version": "1",
      "service_id": "SU1Z0isxPaozGVKXdv0eY",
      "disabled": false,
      "rule_statuses_log_count": 235,
      "rule_statuses_block_count": 34,
      "rule_statuses_disabled_count": 2
    },
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "relationships": {
      "configuration_set": {
        "data": {
          "id": "3X2wuHEBldz3Hv9HCmxGdL",
          "type": "configuration_set"
        }
      }
    },
    "type": "waf"
  }
}
POST /service/service_id/version/version/wafs

Create a firewall object for a particular service and version.

Authentication

API token with at least Billing permissions.

Request Example
POST /service/SU1Z0isxPaozGVKXdv0eY/version/1/wafs HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
{
  "data": {
    "attributes": {
      "prefetch_condition": "WAF-Condition",
      "response": "WAF_Error"
    },
    "type": "waf"
  }
}
Response Example
HTTP/1.1 201 Created
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "waf",
    "attributes": {
      "last_push": null,
      "prefetch_condition": "WAF-Condition",
      "response": "WAF_Error",
      "version": "1",
      "service_id": "SU1Z0isxPaozGVKXdv0eY",
      "disabled": false,
      "rule_statuses_log_count": 235,
      "rule_statuses_block_count": 34,
      "rule_statuses_disabled_count": 2
    },
    "relationships": {
      "configuration_set": {
        "data": {
          "id": "3X2wuHEBldz3Hv9HCmxGdL",
          "type": "configuration_set"
        }
      }
    }
  }
}
PATCH /service/service_id/version/version/wafs/waf_id

Update a firewall object for a particular service and version.

Authentication

API token with at least Billing permissions.

Request Example
PATCH /service/SU1Z0isxPaozGVKXdv0eY/version/1/wafs/3N9YFqslrxuURkTPXGwQbX HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
{
  "data": {
    "attributes": {
      "response": "new response"
    },
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "waf"
  }
}
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "waf",
    "attributes": {
      "last_push": null,
      "prefetch_condition": "WAF-Condition",
      "response": "new response",
      "version": "1",
      "service_id": "SU1Z0isxPaozGVKXdv0eY",
      "disabled": false,
      "rule_statuses_log_count": 235,
      "rule_statuses_block_count": 34,
      "rule_statuses_disabled_count": 2
    },
    "relationships": {
      "configuration_set": {
        "data": {
          "id": "3X2wuHEBldz3Hv9HCmxGdL",
          "type": "configuration_set"
        }
      }
    }
  }
}
PATCH /wafs/waf_id/disable

Temporarily disable a firewall object for a particular service and version. This endpoint is intended to be used in an emergency. Disabling a firewall object for a specific service and version replaces your existing WAF ruleset with an empty ruleset. While disabled, your WAF ruleset will not be applied to your origin traffic. This endpoint is only available to users assigned the role of superuser or above.

Authentication

API token with at least Billing permissions.

Request Example
PATCH /wafs/3N9YFqslrxuURkTPXGwQbX/disable HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
{
  "data": {
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "waf"
  }
}
Response Example
HTTP/1.1 202 Accepted
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "waf",
    "attributes": {
      "last_push": null,
      "prefetch_condition": null,
      "response": null,
      "version": null,
      "service_id": "SU1Z0isxPaozGVKXdv0eY",
      "disabled": false,
      "rule_statuses_log_count": 235,
      "rule_statuses_block_count": 34,
      "rule_statuses_disabled_count": 2
    },
    "relationships": {
      "configuration_set": {
        "data": {
          "id": "3X2wuHEBldz3Hv9HCmxGdL",
          "type": "configuration_set"
        }
      }
    },
    "links": {
      "related": {
        "href": "https://api.fastly.com/service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/update_statuses/yAyllcStMc0SN1g6FYhZ6"
      }
    }
  }
}
PATCH /wafs/waf_id/enable

Re-enable a firewall object for a particular service and version after it has been temporarily disabled. This endpoint is intended to be used in an emergency. When a firewall object is re-enabled, a newly generated WAF ruleset VCL based on the current WAF configuration is used to replace the empty ruleset. This endpoint is only available to users assigned the role of superuser or above.

Authentication

API token with at least Billing permissions.

Request Example
PATCH /wafs/3N9YFqslrxuURkTPXGwQbX/enable HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
{
  "data": {
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "waf"
  }
}
Response Example
HTTP/1.1 202 Accepted
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "waf",
    "attributes": {
      "last_push": null,
      "prefetch_condition": null,
      "response": null,
      "version": null,
      "service_id": "SU1Z0isxPaozGVKXdv0eY",
      "disabled": false,
      "rule_statuses_log_count": 235,
      "rule_statuses_block_count": 34,
      "rule_statuses_disabled_count": 2
    },
    "relationships": {
      "configuration_set": {
        "data": {
          "id": "3X2wuHEBldz3Hv9HCmxGdL",
          "type": "configuration_set"
        }
      }
    },
    "links": {
      "related": {
        "href": "https://api.fastly.com/service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/update_statuses/yAyllcStMc0SN1g6FYhZ6"
      }
    }
  }
}
GET /wafs

List all active firewall objects.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
filter[rules][rule_id] integer

Limit the returned wafs to a specific rule ID.

filter[customer_id] integer

Limit the returned wafs to a specific customer.

page[size] integer

Limit the number of returned wafs.

page[number] integer

Request a specific page of wafs.

include string

Include relationships. Optional, comma separated values. Permitted values: configuration_set,owasp.

Request Example
GET /wafs HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": [
    {
      "id": "6hBXhHGly9nQT9PvnA1cRo",
      "type": "waf",
      "attributes": {
        "prefetch_condition": null,
        "response": "waf",
        "last_push": "2016-09-28 22:52:33 UTC",
        "service_id": "SU1Z0isxPaozGVKXdv0eY",
        "disabled": false,
        "version": "2",
        "rule_statuses_log_count": 235,
        "rule_statuses_block_count": 34,
        "rule_statuses_disabled_count": 2
      },
      "relationships": {
        "configuration_set": {
          "data": {
            "type": "configuration_set",
            "id": "x4xCwxxJxGCx123Rx5xTx"
          }
        }
      }
    }
  ],
  "links": {
    "first": "https://api.fastly.com/wafs?page[number]=1&page[size]=100",
    "last": "https://api.fastly.com/wafs?page[number]=1&page[size]=100"
  }
}
GET /wafs/waf_id

Get a specific firewall object.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
include string

Include relationships. Optional, comma separated values. Permitted values: configuration_set,owasp,rules,rule_statuses.

Request Example
GET /wafs/3N9YFqslrxuURkTPXGwQbX HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "attributes": {
      "last_push": "2016-08-16 17:05:13 UTC",
      "prefetch_condition": "WAF-Condition",
      "response": "WAF_Error",
      "version": "1"
      "service_id": "SU1Z0isxPaozGVKXdv0eY",
      "disabled": false,
      "rule_statuses_log_count": 235,
      "rule_statuses_block_count": 34,
      "rule_statuses_disabled_count": 2
    },
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "relationships": {
      "configuration_set": {
        "data": {
          "id": "3X2wuHEBldz3Hv9HCmxGdL",
          "type": "configuration_set"
        }
      }
    },
    "type": "waf"
  }
}

OWASP

OWASP settings object used when configuring WAF.

Fields

field type description
allowed_http_versions string

Allowed HTTP versions (default HTTP/1.0 HTTP/1.1 HTTP/2).

allowed_methods string

A space-separated list of HTTP method names (default GET HEAD POST OPTIONS PUT PATCH DELETE).

allowed_request_content_type string

Allowed request content types (default application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain).

arg_length integer

The maximum number of arguments allowed (default 400).

arg_name_length integer

The maximum allowed argument name length (default 100).

combined_file_sizes integer

The maximum allowed size of all files (in bytes, default 10000000).

created_at string

Date and time that the settings object was created.

critical_anomaly_score integer

Score value to add for critical anomalies (default 6).

crs_validate_utf8_encoding boolean

CRS validate UTF8 encoding.

error_anomaly_score integer

Score value to add for error anomalies (default 5).

high_risk_country_codes string

A space-separated list of country codes in ISO 3166-1 (two-letter) format.

http_violation_score_threshold integer

HTTP violation threshold.

inbound_anomaly_score_threshold integer

Inbound anomaly threshold.

lfi_score_threshold integer

Local file inclusion attack threshold.

max_file_size integer

The maximum allowed file size (in bytes, default 10000000).

max_num_args integer

The maximum number of arguments allowed (default 255).

notice_anomaly_score integer

Score value to add for notice anomalies (default 4).

paranoia_level integer

The configured paranoia level (default 1).

php_injection_score_threshold integer

PHP injection threshold.

rce_score_threshold integer

Remote code execution threshold.

restricted_extensions string

A space-separated list of allowed file extensions (default .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx).

restricted_headers string

A space-separated list of allowed header names (default /proxy/ /lock-token/ /content-range/ /translate/ /if/).

rfi_score_threshold integer

Remote file inclusion attack threshold.

session_fixation_score_threshold integer

Session fixation attack threshold.

sql_injection_score_threshold integer

SQL injection attack threshold.

total_arg_length integer

The maximum size of argument names and values (default 6400).

updated_at string

Date and time that the settings object was last updated.

warning_anomaly_score integer

Score value to add for warning anomalies.

xss_score_threshold integer

XSS attack threshold.

Actions

GET /service/service_id/wafs/waf_id/owasp

Get an OWASP settings object for a particular service and firewall.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
service_id string

The ID of the service.

waf_id string

The firewall ID.

Request Example
GET /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/owasp HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "3EfaBF7gWjOUxJc8PylEIt",
    "type": "owasp",
    "attributes": {
      "allowed_http_versions": "HTTP/1.0 HTTP/1.1 HTTP/2",
      "allowed_methods": "GET HEAD POST OPTIONS PUT PATCH DELETE",
      "allowed_request_content_type": "application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain",
      "arg_length": 400,
      "arg_name_length": 100,
      "combined_file_sizes": 10000000,
      "created_at": "2016-09-09 16:00:17 UTC",
      "critical_anomaly_score": 6,
      "crs_validate_utf8_encoding": false,
      "error_anomaly_score": 5,
      "high_risk_country_codes": null,
      "http_violation_score_threshold": 999,
      "inbound_anomaly_score_threshold": 999,
      "lfi_score_threshold": 999,
      "max_file_size": 10000000,
      "max_num_args": null,
      "notice_anomaly_score": 4,
      "paranoia_level": 1,
      "php_injection_score_threshold": 999,
      "rce_score_threshold": 999,
      "restricted_extensions": ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx",
      "restricted_headers": "/proxy/ /lock-token/ /content-range/ /translate/ /if/",
      "rfi_score_threshold": 999,
      "session_fixation_score_threshold": 999,
      "sql_injection_score_threshold": 999,
      "total_arg_length": 6400,
      "updated_at": "2016-09-09 16:00:17 UTC",
      "warning_anomaly_score": 3,
      "xss_score_threshold": 999
    },
    "relationships": {
      "waf": {
        "data": {
          "type": "waf",
          "id": "x4xCwxxJxGCx123Rx5xTx"
        }
      }
    }
  }
}
POST /service/service_id/wafs/waf_id/owasp

Create an OWASP settings object for a particular service and firewall.

Authentication

API token with at least Billing permissions.

Request Example
POST /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/owasp HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
{
  "data": {
    "type": "owasp"
  }
}
Response Example
HTTP/1.1 201 Created
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "3EfaBF7gWjOUxJc8PylEIt",
    "type": "owasp",
    "attributes": {
      "allowed_http_versions": "HTTP/1.0 HTTP/1.1 HTTP/2",
      "allowed_methods": "GET HEAD POST OPTIONS PUT PATCH DELETE",
      "allowed_request_content_type": "application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain",
      "arg_length": 400,
      "arg_name_length": 100,
      "combined_file_sizes": 10000000,
      "created_at": "2016-09-09 16:00:17 UTC",
      "critical_anomaly_score": 6,
      "crs_validate_utf8_encoding": false,
      "error_anomaly_score": 5,
      "high_risk_country_codes": null,
      "http_violation_score_threshold": 999,
      "inbound_anomaly_score_threshold": 999,
      "lfi_score_threshold": 999,
      "max_file_size": 10000000,
      "max_num_args": null,
      "notice_anomaly_score": 4,
      "paranoia_level": 1,
      "php_injection_score_threshold": 999,
      "rce_score_threshold": 999,
      "restricted_extensions": ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx",
      "restricted_headers": "/proxy/ /lock-token/ /content-range/ /translate/ /if/",
      "rfi_score_threshold": 999,
      "session_fixation_score_threshold": 999,
      "sql_injection_score_threshold": 999,
      "total_arg_length": 6400,
      "updated_at": "2016-09-09 16:00:17 UTC",
      "warning_anomaly_score": 3,
      "xss_score_threshold": 999
    },
    "relationships": {
      "waf": {
        "data": {
          "type": "waf",
          "id": "x4xCwxxJxGCx123Rx5xTx"
        }
      }
    }
  }
}
PATCH /service/service_id/wafs/waf_id/owasp

Update an OWASP settings object for a particular service and firewall.

Authentication

API token with at least Billing permissions.

Request Example
PATCH /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/owasp HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
{
  "data": {
      "attributes": {
        "inbound_anomaly_score_threshold": 42
      },
      "id": "3EfaBF7gWjOUxJc8PylEIt",
      "type": "owasp"
  }
}
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "3EfaBF7gWjOUxJc8PylEIt",
    "type": "owasp",
    "attributes": {
      "allowed_http_versions": "HTTP/1.0 HTTP/1.1 HTTP/2",
      "allowed_methods": "GET HEAD POST OPTIONS PUT PATCH DELETE",
      "allowed_request_content_type": "application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain",
      "arg_length": 400,
      "arg_name_length": 100,
      "combined_file_sizes": 10000000,
      "created_at": "2016-09-09 16:00:17 UTC",
      "critical_anomaly_score": 6,
      "crs_validate_utf8_encoding": false,
      "error_anomaly_score": 5,
      "high_risk_country_codes": null,
      "http_violation_score_threshold": 999,
      "inbound_anomaly_score_threshold": 999,
      "lfi_score_threshold": 999,
      "max_file_size": 10000000,
      "max_num_args": null,
      "notice_anomaly_score": 4,
      "paranoia_level": 1,
      "php_injection_score_threshold": 999,
      "rce_score_threshold": 999,
      "restricted_extensions": ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx",
      "restricted_headers": "/proxy/ /lock-token/ /content-range/ /translate/ /if/",
      "rfi_score_threshold": 999,
      "session_fixation_score_threshold": 999,
      "sql_injection_score_threshold": 999,
      "total_arg_length": 6400,
      "updated_at": "2016-09-09 16:00:17 UTC",
      "warning_anomaly_score": 3,
      "xss_score_threshold": 999
    },
    "relationships": {
      "waf": {
        "data": {
          "type": "waf",
          "id": "x4xCwxxJxGCx123Rx5xTx"
        }
      }
    }
  }
}

Rules

Rules used when configuring WAF. Rules can be filtered by rule_id.

Fields

field type description
message string

Message metadata for the rule.

rule_id string

Corresponding ModSecurity rule ID.

severity integer

Severity metadata for the rule.

Actions

GET /wafs/rules

List all rules in the latest configuration set.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
filter[rule_id] string

Limit the returned rules to a specific rule ID.

filter[severity] string

Limit the returned rules to a specific severity.

filter[tags][name] string

Limit the returned rules to a set linked to a tag by name.

filter[configuration_set_id] string

Optional. Limit rules to specific configuration set or pass "all" to search all configuration sets, including stale ones.

page[size] integer

Limit the number of returned tags.

page[number] integer

Request a specific page of tags.

include array

Include relationships. Optional. Comma separated values. Permitted values: tags,rule_statuses.

Request Example
GET /wafs/rules?filter[rule_id]=949120 HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
   "data": [
      {
         "type": "rule",
         "id": "949120",
         "attributes": {
            "rule_id": "949120",
            "severity": 2,
            "message": "Cross-site Scripting (XSS) Anomaly Threshold Exceeded (XSS Score: %{TX.XSS_SCORE})"
            "source": null,
            "vcl": null,
         }
      }
   ],
   "links": {
      "last": "https://api.fastly.com/wafs/rules?page[number]=204&page[size]=1",
      "first": "https://api.fastly.com/wafs/rules?page[number]=1&page[size]=1",
      "next": "https://api.fastly.com/wafs/rules?page[number]=2&page[size]=1"
   }
}
GET /wafs/rules/rule_id

Get a specific rule.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
rule_id string

The rule ID.

filter[configuration_set_id] string

Optional. Limit rule to a specific configuration set, or pass "all" to search all configuration sets, including stale ones.

include array

Include relationships. Optional. Comma separated values. Permitted values: tags,rule_statuses. May also include long text attributes source,vcl.

Request Example
GET /wafs/rules/2044149 HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "attributes": {
      "message": "SLR: Xpoze account/user/mail.html reed Parameter SQL Injection",
      "rule_id": "2044149",
      "severity": 2,
    },
    "id": "2044149",
    "relationships": {
      "tags": {
        "data": [
          {
            "id": "1eAnWPBCtR2Ayq6yey0nPm",
            "type": "tag"
          }
        ]
      }
    },
    "type": "rule"
  }
}
GET /wafs/rules/rule_id/vcl

Get associated VCL for a specific rule.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
rule_id string

The rule ID.

Request Example
GET /wafs/rules/2044149/vcl HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "2044149-vcl",
    "type": "rule_vcl",
    "attributes": {
      "vcl": "sub waf_ruleset {\n  declare local var.postbody STRING;\n  set var.postbody = req.postbody;\n\n  workspace.snapshot;\n\n  set waf.rule_id = 943011;\n\n  call waf_debug_log;\n  workspace.restore;\n  goto WAF_MARKER_0;\n\n  workspace.restore;\n\n  if (waf.blocked || waf.logged) {\n    return;\n  }\n}"
    },
    "relationships": {
      "rule": {
        "data": {
          "id": "2044149",
          "type": "rule"
        }
      }
    }
  }
}
GET /wafs/waf_id/rules/rule_id/vcl

Get associated VCL for a specific rule associated with a specific firewall.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
waf_id string

The firewall ID.

rule_id string

The rule ID.

Request Example
GET /wafs/2aRci7GLsXVO9vFo9x0Ih4/rules/2044149/vcl HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "2044149-2aRci7GLsXVO9vFo9x0Ih4-vcl",
    "type": "rule_vcl",
    "attributes": {
      "vcl": "/*\nThis is a report of changes to the rules you have configured when generating\nVCL.  Rules may be edited or removed depending on the configuration of your\nWAF.\n\nParanoiaFilter:\n\n    943011: removed due to being above paranoia level 1\n*/\n\nsub waf_ruleset {\n  declare local var.postbody STRING;\n  set var.postbody = req.postbody;\n\n  if (waf.blocked || waf.logged) {\n    return;\n  }\n}"
    },
    "relationships": {
      "rule": {
        "data": {
          "id": "2044149",
          "type": "rule"
        }
      }
    }
  }
}

Rule statuses

Rule status determines the state of a rule for a given firewall object.

Fields

field type description
status string

The behavior of the VCL generated for the particular rule and firewall pair. Permitted values: log, block, and disabled.

name string

The name of the tag for which to create or update rule statuses with the specified status. For example, OWASP or language-php.

force boolean

Whether or not to update rule statuses for disabled rules. Optional.

Actions

GET /service/service_id/wafs/waf_id/rule_statuses

List all rule statuses for a particular service and firewall.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
filter[status] string

Limit results to rule statuses with the specified status.

filter[rule][message] string

Limit results to rule statuses whose rules have the specified message.

filter[rule][rule_id] string

Limit results to rule statuses whose rules represent the specified ModSecurity rule_id

filter[rule][tags] integer

Limit results to rule statuses whose rules relate to the specified tag IDs.

filter[rule][tags][name] string

Limit results to rule statuses whose rules related to the named tags.

include array

Include relationships. Optional, comma separated values. Permitted values: tags.

page[size] integer

Limit the number of returned tags.

page[number] integer

Request a specific page of tags.

Request Example
GET /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/rule_statuses?filter[tags][name]=application-FBC%20Market HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "links": {
    "last": "https://api.fastly.com/service/4CkNe7DSkapn8huuYZqpIK/wafs/6hBXhHGly9nQT9PvnA1cRo/rule_statuses?page[number]=1&page[size]=100",
    "first": "https://api.fastly.com/service/4CkNe7DSkapn8huuYZqpIK/wafs/6hBXhHGly9nQT9PvnA1cRo/rule_statuses?page[number]=1&page[size]=100"
  },
  "data": [
    {
      "type": "rule_status",
      "id": "6hBXhHGly9nQT9PvnA1cRo-20100878",
      "attributes": {
        "status": "log"
      },
      "relationships": {
        "waf": {
          "data": {
            "type": "waf",
            "id": "x4xCwxxJxGCx123Rx5xTx"
          }
        },
        "rule": {
          "data": {
            "type": "rule",
            "id": 20100878
          }
        }
      }
    },
    {
      "id": "6hBXhHGly9nQT9PvnA1cRo-949110",
      "type": "rule_status",
      "attributes": {
        "status": "disabled"
      },
      "relationships": {
        "waf": {
          "data": {
            "type": "waf",
            "id": "x4xCwxxJxGCx123Rx5xTx"
          }
        },
        "rule": {
          "data": {
            "type": "rule",
            "id": 949110
          }
        }
      }
    },
    {
      "type": "rule_status",
      "id": "6hBXhHGly9nQT9PvnA1cRo-913120",
      "attributes": {
        "status": "log"
      },
      "relationships": {
        "waf": {
          "data": {
            "type": "waf",
            "id": "x4xCwxxJxGCx123Rx5xTx"
          }
        },
        "rule": {
          "data": {
            "type": "rule",
            "id": 913120
          }
        }
      }
    }
  ]
}
GET /service/service_id/wafs/waf_id/rules/rule_id/rule_status

Get a specific rule status object for a particular service, firewall, and rule.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
service_id string

The ID of the service.

rule_id integer

The ID of the rule associated with the rule status.

waf_id string

The firewall ID.

Request Example
GET /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/rules/913120/rule_status HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "attributes": {
      "status": "log"
    },
    "id": "3N9YFqslrxuURkTPXGwQbX-913120",
    "relationships": {
      "rule": {
        "data": [
          {
            "id": 913120,
            "type": "rule"
          }
        ]
      },
      "waf": {
        "data": [
          {
            "id": "3N9YFqslrxuURkTPXGwQbX",
            "type": "waf"
          }
        ]
      }
    },
    "type": "rule_status"
  }
}
PATCH /service/service_id/wafs/waf_id/rules/rule_id/rule_status

Update a rule status for a particular service, firewall, and rule.

Authentication

API token with at least Billing permissions.

Request Example
PATCH /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/rules/913120/rule_status HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
{
  "data": {
    "attributes": {
      "status": "block"
    },
    "id": "3N9YFqslrxuURkTPXGwQbX-913120",
    "type": "rule_status"
  }
}
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "attributes": {
      "status": "block"
    },
    "id": "3N9YFqslrxuURkTPXGwQbX-913120",
    "type": "rule_status"
  }
}
POST /service/service_id/wafs/waf_id/rule_statuses

Create or update all rule statuses for a particular service and firewall, based on tag name. By default, we only update rule statuses for enabled rules (with status log or block). To update rule status for disabled rules under the specified tag, set 'force': true in your request body under attributes.

Authentication

API token with at least Billing permissions.

Request Example
POST /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/rule_statuses HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
{
  "data": {
    "attributes": {
      "status": "block",
      "name": "application-FBC Market",
      "force": true
    },
    "type": "rule_status"
  }
}
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": [
    {
      "id": "3N9YFqslrxuURkTPXGwQbX-913120",
      "type": "rule_status",
      "attributes": {
        "status": "block",
        "name": "application-FBC Market"
      },
      "relationships": {
        "waf": {
          "data": {
            "type": "waf",
            "id": "3N9YFqslrxuURkTPXGwQbX"
          }
        },
        "rule": {
          "data": {
            "type": "rule",
            "id": 913120
          }
        }
      }
    }
  ]
}

Rule sets

Retrieve the currently deployed WAF ruleset VCL and the date it was deployed.

Fields

field type description
last_push string

Date and time WAF ruleset VCL was last deployed.

vcl string

The WAF ruleset VCL currently deployed.

Actions

GET /service/service_id/wafs/waf_id/ruleset

Get a WAF ruleset for a particular service and firewall object.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
service_id string

The ID of the service.

waf_id string

The firewall ID.

Request Example
GET /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/ruleset HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "attributes": {
      "last_push": "2016-08-16 17:05:13 UTC",
      "vcl": "sub waf_ruleset {\n\n}"
    },
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "ruleset"
  }
}
GET /service/service_id/wafs/waf_id/ruleset/preview

Get a preview of the WAF ruleset VCL for a particular service and firewall object based on changes to WAF configuration before deploying the ruleset. The response will include a link to status of the background VCL generation job. Once the background job is completed, the preview WAF ruleset VCL can be retrieved from the status response.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
service_id string

The ID of the service.

waf_id string

The firewall ID.

Request Example
GET /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/ruleset/preview HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 202 Accepted
Content-Type: application/vnd.api+json
{
  "data": {
    "attributes": {},
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "ruleset",
    "links": {
      "related": {
        "href": "https://api.fastly.com/service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/update_statuses/1VL4rYaw2WUo8hUGGnmujY"
      }
    }
    "meta": {
      "warnings": {
        "title": "Generating preview ruleset VCL for 3N9YFqslrxuURkTPXGwQbX",
        "detail": "Please check the data field for generated preview VCL once the background job completes."
      }
    }
  }
}
PATCH /service/service_id/wafs/waf_id/ruleset

Update the WAF ruleset for a particular service and firewall object. Use the URL in the response to view the WAF ruleset deploy status.

Authentication

API token with at least Billing permissions.

Request Example
PATCH /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/ruleset HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
{
  "data": {
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "ruleset"
  }
}
Response Example
HTTP/1.1 202 Accepted
Content-Type: application/vnd.api+json
{
  "data": {
    "attributes": {
      "last_push": "2016-08-20 23:05:13 UTC",
      "vcl": "sub waf_ruleset {\n\n}"
    },
    "id": "3N9YFqslrxuURkTPXGwQbX",
    "type": "ruleset"
  },
  "links": {
    "related": {
      "href": "https://api.fastly.com/service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/update_statuses/yAyllcStMc0SN1g6FYhZ6"
    }
  }
}

Tags

Tags for categorizing WAF rules. Tags can be filtered by name.

Fields

field type description
name string

Name of the tag.

Actions

GET /wafs/tags

List all tags.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
filter[name] string

Limit the returned tags to a specific name.

page[size] integer

Limit the number of returned tags.

page[number] integer

Request a specific page of tags.

include array

Include relationships. Optional, comma separated values. Permitted values: rules.

Request Example
GET /wafs/tags?filter[name]=application-FBC%20Market&include=rules HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "links": {
    "next": "https://api.fastly.com/wafs/tags?page[number]=2&page[size]=100",
    "last": "https://api.fastly.com/wafs/tags?page[number]=201&page[size]=100",
    "first": "https://api.fastly.com/wafs/tags?page[number]=1&page[size]=100"
  },
  "data": [
    {
      "id": "YfnzrNCQoMPLTpw7ej9wE",
      "type": "tag",
      "attributes": {
        "name": "OWASP"
      },
      "relationships": {
        "rules": {
          "data": [
            {
              "id": 930110,
              "type": "rule"
            },
            {
              "id": 911100,
              "type": "rule"
            },
            {
              "id": 931013,
              "type": "rule"
            },
            {
              "id": 931015,
              "type": "rule"
            }
          ]
        }
      }
    },
    {
      "type": "tag",
      "attributes": {
        "name": "WASCTC/WASC-37"
      },
      "id": "6PAayRUwMORbeVMZuGTqk3",
      "relationships": {
        "rules": {
          "data": [
            {
              "id": 930110,
              "type": "rule"
            },
            {
              "id": 911100,
              "type": "rule"
            },
            {
              "id": 931013,
              "type": "rule"
            },
            {
              "id": 931015,
              "type": "rule"
            }
          ]
        }
      }
    }
  ]
}

Configuration sets

Configuration set object used to view and select the available versions of the Fastly WAF rules.

Fields

field type description
active boolean

The active configuration set is the default configuration set when creating a new WAF. When Fastly adds configuration sets, the new versions become the default (active).

name string

The name of the configuration set.

Actions

GET /wafs/configuration_sets

List all Fastly WAF rule versions.

Authentication

API token with at least Billing permissions.

Request Example
GET /wafs/configuration_sets HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": [{
    "id": "70xVgu04fKtYkQ4GPtYi62",
    "type": "configuration_set",
    "attributes": {
      "active": true,
      "name": "v2 2017-04-17T21:04:00+00:00"
    }
  },
  {
    "id": "20Z3oX04WvubaaZto5H5Ch",
    "type": "configuration_set",
    "attributes": {
      "active": false,
      "name": "v1 2017-02-17T21:04:00+00:00"
    }
   }],
   "links": {
     "last": "http://api.fastly.com/wafs/configuration_sets?page[number]=1&page[size]=100",
     "first": "http://api.fastly.com/wafs/configuration_sets?page[number]=1&page[size]=100"
   }
}
GET /wafs/configuration_sets/configuration_set_id/relationships/wafs

List the WAF objects currently using the specified configuration set.

Authentication

API token with at least Billing permissions.

Request Example
GET /wafs/configuration_sets/70xVgu04fKtYkQ4GPtYi62/relationships/wafs HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": [{
    "id": "4MYgVaNHjh8UhQ8feFR8Sz",
    "type": "waf"
  }],
  "links": {
    "first": "http://api.fastly.com/wafs/configuration_sets/70xVgu04fKtYkQ4GPtYi62/relationships/wafs?page[number]=1&page[size]=100",
    "last": "http://api.fastly.com/wafs/configuration_sets/70xVgu04fKtYkQ4GPtYi62/relationships/wafs?page[number]=1&page[size]=100"
  }
}
PATCH /wafs/configuration_sets/configuration_set_id/relationships/wafs

Update one or more WAF objects to use the specified configuration set.

Authentication

API token with at least Billing permissions.

Request Example
PATCH /wafs/configuration_sets/70xVgu04fKtYkQ4GPtYi62/relationships/wafs HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
 {
   "data": [
     {
       "id": "4MYgVaNHjh8UhQ8feFR8Sz",
       "type": "waf"
     },
     {
       "id": "gSeSQlDFZv9qcXNQvcaNW",
       "type": "waf"
     }
   ]
 }
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": [
    {
      "id": "4MYgVaNHjh8UhQ8feFR8Sz",
      "type": "waf"
    }
  ],
  "links": {
    "first": "http://api.fastly.com/wafs/configuration_sets/70xVgu04fKtYkQ4GPtYi62/relationships/wafs?page[number]=1&page[size]=100",
    "last": "http://api.fastly.com/wafs/configuration_sets/70xVgu04fKtYkQ4GPtYi62/relationships/wafs?page[number]=1&page[size]=100"
  }
}

Update statuses

Update status indicates the status of an asynchronous process for updating a firewall object.

Fields

field type description
completed_at string

Date and time that job was completed.

created_at string

Date and time that job was created.

data string

This field can contain data passed to the background worker as

well -

as output from the background job.

message string

Message with information about the status of the update.

status string

Current status of the update.

updated_at string

Date and time that job was last updated.

Actions

GET /service/service_id/wafs/waf_id/update_statuses

List all update statuses for a particular service and firewall object.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
page[size] integer

Limit the number of returned tags.

page[number] integer

Request a specific page of tags.

include string

Include relationships. Optional, comma separated values. Permitted values: waf.

Request Example
GET /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/update_statuses HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "links": {
    "last": "https://api.fastly.com/service/4CkNe7DSkapn8huuYZqpIK/wafs/6hBXhHGly9nQT9PvnA1cRo/update_statuses",
    "next": "https://api.fastly.com/service/4CkNe7DSkapn8huuYZqpIK/wafs/6hBXhHGly9nQT9PvnA1cRo/update_statuses",
    "first": "https://api.fastly.com/service/4CkNe7DSkapn8huuYZqpIK/wafs/6hBXhHGly9nQT9PvnA1cRo/update_statuses"
  },
  "data": [
    {
      "type": "waf_update_status",
      "id": "4VCeAYJS32HTWxSWMItJav",
      "attributes": {
        "created_at": "2016-09-28 21:01:29 UTC",
        "status": "complete",
        "data": null,
        "message": null,
        "completed_at": "2016-09-28 21:01:30 UTC",
        "updated_at": "2016-09-28 21:01:30 UTC"
      },
      "relationships": {
        "waf": {
          "data": {
            "type": "waf",
            "id": "x4xCwxxJxGCx123Rx5xTx"
          }
        }
      }
    },
    {
      "type": "waf_update_status",
      "id": "2tFRS2wX75drVS28750KlM",
      "attributes": {
        "status": "complete",
        "created_at": "2016-09-27 23:09:50 UTC",
        "completed_at": "2016-09-27 23:09:50 UTC",
        "message": null,
        "data": null,
        "updated_at": "2016-09-27 23:09:50 UTC"
      },
      "relationships": {
        "waf": {
          "data": {
            "type": "waf",
            "id": "x4xCwxxJxGCx123Rx5xTx"
          }
        }
      }
    }
  ]
}
GET /service/service_id/wafs/waf_id/update_statuses/update_status_id

Get a specific update status object for a particular service and firewall object.

Authentication

API token with at least Billing permissions.

Parameters
parameter type description
service_id string

The ID of the service.

waf_id string

The firewall ID.

update_status_id string

The update status ID.

Request Example
GET /service/SU1Z0isxPaozGVKXdv0eY/wafs/3N9YFqslrxuURkTPXGwQbX/update_statuses/2pdQfKTKioi2wa7HZaMR7A HTTP/1.1
Fastly-Key: YOUR_FASTLY_TOKEN
Accept: application/vnd.api+json
Response Example
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
  "data": {
    "id": "2pdQfKTKioi2wa7HZaMR7A",
    "type": "waf_update_status",
    "attributes": {
      "completed_at": "2016-09-09 16:10:49 UTC",
      "created_at": "2016-09-09 16:10:49 UTC",
      "data": null,
      "message": null,
      "status": "complete",
      "updated_at": "2016-09-09 16:10:49 UTC"
    },
    "relationships": {
      "waf": {
        "data": {
          "type": "waf",
          "id": "x4xCwxxJxGCx123Rx5xTx"
        }
      }
    }
  }
}