Trellix Web Gateway Policy API
API for creating, updating, and managing security policies, rules, and configurations for web filtering, anti-malware, SSL inspection, DLP, and threat prevention.
OpenAPI Specification
openapi: 3.1.0
info:
title: Trellix Web Gateway Policy API
description: >-
API for creating, updating, and managing security policies, rule sets,
and configurations for web filtering and threat prevention on Trellix
Web Gateway (formerly McAfee Web Gateway). Provides programmatic access
to policy rules, URL filter settings, anti-malware settings, and SSL
scanning configurations.
version: '1.0'
contact:
name: Trellix Support
url: https://www.trellix.com/support/
email: support@trellix.com
termsOfService: https://www.trellix.com/legal/terms-of-use/
externalDocs:
description: Trellix Web Gateway Policy API Documentation
url: https://docs.trellix.com/bundle/web-gateway-policy-api
servers:
- url: https://{mwg-server}:{port}/Konfigurator/REST/policy
description: Trellix Web Gateway Policy Endpoint
variables:
mwg-server:
default: mwg.example.com
description: Hostname or IP address of the Web Gateway appliance
port:
default: '4712'
description: Management port for the REST API
tags:
- name: Anti-Malware
description: Anti-malware scanning configuration
- name: Authentication
description: Authentication policy settings
- name: Data Loss Prevention
description: DLP policy configuration
- name: Rule Sets
description: Manage policy rule sets
- name: Rules
description: Manage individual policy rules within rule sets
- name: SSL Scanning
description: SSL/TLS inspection configuration
- name: URL Filtering
description: URL categorization and filtering settings
security:
- cookieAuth: []
paths:
/rulesets:
get:
operationId: listRuleSets
summary: List all rule sets
description: >-
Retrieve the list of all configured rule sets, including their
status, order, and basic configuration.
tags:
- Rule Sets
parameters:
- name: type
in: query
description: Filter by rule set type
schema:
type: string
enum:
- request
- response
- error
- name: enabled
in: query
description: Filter by enabled status
schema:
type: boolean
responses:
'200':
description: List of rule sets
content:
application/json:
schema:
type: object
properties:
ruleSets:
type: array
items:
$ref: '#/components/schemas/RuleSet'
'401':
description: Unauthorized
post:
operationId: createRuleSet
summary: Create a new rule set
description: >-
Create a new rule set with the specified configuration. The rule
set must be committed before it becomes active.
tags:
- Rule Sets
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RuleSetCreate'
responses:
'201':
description: Rule set created
content:
application/json:
schema:
$ref: '#/components/schemas/RuleSet'
'400':
description: Invalid rule set definition
'401':
description: Unauthorized
/rulesets/{ruleSetId}:
get:
operationId: getRuleSet
summary: Get a rule set
description: >-
Retrieve the full configuration of a specific rule set, including
all contained rules and their conditions.
tags:
- Rule Sets
parameters:
- $ref: '#/components/parameters/ruleSetId'
responses:
'200':
description: Rule set details
content:
application/json:
schema:
$ref: '#/components/schemas/RuleSet'
'401':
description: Unauthorized
'404':
description: Rule set not found
put:
operationId: updateRuleSet
summary: Update a rule set
description: >-
Update the configuration of an existing rule set. Changes must be
committed to take effect.
tags:
- Rule Sets
parameters:
- $ref: '#/components/parameters/ruleSetId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RuleSetUpdate'
responses:
'200':
description: Rule set updated
content:
application/json:
schema:
$ref: '#/components/schemas/RuleSet'
'400':
description: Invalid rule set configuration
'401':
description: Unauthorized
'404':
description: Rule set not found
delete:
operationId: deleteRuleSet
summary: Delete a rule set
description: >-
Delete a rule set and all its contained rules. Changes must be
committed to take effect.
tags:
- Rule Sets
parameters:
- $ref: '#/components/parameters/ruleSetId'
responses:
'200':
description: Rule set deleted
'401':
description: Unauthorized
'404':
description: Rule set not found
/rulesets/{ruleSetId}/enable:
post:
operationId: enableRuleSet
summary: Enable a rule set
description: >-
Enable a disabled rule set. Changes must be committed to take effect.
tags:
- Rule Sets
parameters:
- $ref: '#/components/parameters/ruleSetId'
responses:
'200':
description: Rule set enabled
'401':
description: Unauthorized
'404':
description: Rule set not found
/rulesets/{ruleSetId}/disable:
post:
operationId: disableRuleSet
summary: Disable a rule set
description: >-
Disable an active rule set without deleting it. Changes must be
committed to take effect.
tags:
- Rule Sets
parameters:
- $ref: '#/components/parameters/ruleSetId'
responses:
'200':
description: Rule set disabled
'401':
description: Unauthorized
'404':
description: Rule set not found
/rulesets/{ruleSetId}/rules:
get:
operationId: listRules
summary: List rules in a rule set
description: >-
Retrieve all rules within a specific rule set, including their
conditions, actions, and order.
tags:
- Rules
parameters:
- $ref: '#/components/parameters/ruleSetId'
responses:
'200':
description: List of rules
content:
application/json:
schema:
type: object
properties:
rules:
type: array
items:
$ref: '#/components/schemas/Rule'
'401':
description: Unauthorized
'404':
description: Rule set not found
post:
operationId: createRule
summary: Create a new rule
description: >-
Add a new rule to a rule set with the specified conditions and
actions. Changes must be committed to take effect.
tags:
- Rules
parameters:
- $ref: '#/components/parameters/ruleSetId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RuleCreate'
responses:
'201':
description: Rule created
content:
application/json:
schema:
$ref: '#/components/schemas/Rule'
'400':
description: Invalid rule definition
'401':
description: Unauthorized
'404':
description: Rule set not found
/rulesets/{ruleSetId}/rules/{ruleId}:
get:
operationId: getRule
summary: Get a specific rule
description: >-
Retrieve the full configuration of a specific rule within a rule set.
tags:
- Rules
parameters:
- $ref: '#/components/parameters/ruleSetId'
- $ref: '#/components/parameters/ruleId'
responses:
'200':
description: Rule details
content:
application/json:
schema:
$ref: '#/components/schemas/Rule'
'401':
description: Unauthorized
'404':
description: Rule or rule set not found
put:
operationId: updateRule
summary: Update a rule
description: >-
Update the configuration of an existing rule. Changes must be
committed to take effect.
tags:
- Rules
parameters:
- $ref: '#/components/parameters/ruleSetId'
- $ref: '#/components/parameters/ruleId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RuleUpdate'
responses:
'200':
description: Rule updated
content:
application/json:
schema:
$ref: '#/components/schemas/Rule'
'400':
description: Invalid rule configuration
'401':
description: Unauthorized
'404':
description: Rule or rule set not found
delete:
operationId: deleteRule
summary: Delete a rule
description: >-
Delete a specific rule from a rule set. Changes must be committed
to take effect.
tags:
- Rules
parameters:
- $ref: '#/components/parameters/ruleSetId'
- $ref: '#/components/parameters/ruleId'
responses:
'200':
description: Rule deleted
'401':
description: Unauthorized
'404':
description: Rule or rule set not found
/urlfilter/categories:
get:
operationId: listUrlCategories
summary: List URL categories
description: >-
Retrieve the list of available URL categories used for web
filtering and policy decisions.
tags:
- URL Filtering
responses:
'200':
description: List of URL categories
content:
application/json:
schema:
type: object
properties:
categories:
type: array
items:
$ref: '#/components/schemas/UrlCategory'
'401':
description: Unauthorized
/urlfilter/lookup:
get:
operationId: lookupUrl
summary: Look up URL categorization
description: >-
Look up the category and reputation of a specific URL against
the Trellix Global Threat Intelligence database.
tags:
- URL Filtering
parameters:
- name: url
in: query
required: true
description: URL to look up
schema:
type: string
responses:
'200':
description: URL categorization result
content:
application/json:
schema:
$ref: '#/components/schemas/UrlLookupResult'
'401':
description: Unauthorized
/urlfilter/settings:
get:
operationId: getUrlFilterSettings
summary: Get URL filter settings
description: >-
Retrieve the current URL filtering configuration including
blocked categories, allowed exceptions, and safe search settings.
tags:
- URL Filtering
responses:
'200':
description: URL filter settings
content:
application/json:
schema:
$ref: '#/components/schemas/UrlFilterSettings'
'401':
description: Unauthorized
put:
operationId: updateUrlFilterSettings
summary: Update URL filter settings
description: >-
Update the URL filtering configuration. Changes must be committed
to take effect.
tags:
- URL Filtering
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UrlFilterSettings'
responses:
'200':
description: Settings updated
'400':
description: Invalid settings
'401':
description: Unauthorized
/antimalware/engines:
get:
operationId: listAntiMalwareEngines
summary: List anti-malware engines
description: >-
Retrieve the list of configured anti-malware scanning engines and
their current status.
tags:
- Anti-Malware
responses:
'200':
description: List of anti-malware engines
content:
application/json:
schema:
type: object
properties:
engines:
type: array
items:
$ref: '#/components/schemas/AntiMalwareEngine'
'401':
description: Unauthorized
/antimalware/settings:
get:
operationId: getAntiMalwareSettings
summary: Get anti-malware settings
description: >-
Retrieve the current anti-malware scanning configuration including
enabled engines, scan behavior, and file type handling.
tags:
- Anti-Malware
responses:
'200':
description: Anti-malware settings
content:
application/json:
schema:
$ref: '#/components/schemas/AntiMalwareSettings'
'401':
description: Unauthorized
put:
operationId: updateAntiMalwareSettings
summary: Update anti-malware settings
description: >-
Update the anti-malware scanning configuration. Changes must be
committed to take effect.
tags:
- Anti-Malware
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AntiMalwareSettings'
responses:
'200':
description: Settings updated
'400':
description: Invalid settings
'401':
description: Unauthorized
/ssl/settings:
get:
operationId: getSslSettings
summary: Get SSL scanning settings
description: >-
Retrieve the current SSL/TLS inspection configuration including
certificate handling, bypass lists, and protocol settings.
tags:
- SSL Scanning
responses:
'200':
description: SSL scanning settings
content:
application/json:
schema:
$ref: '#/components/schemas/SslSettings'
'401':
description: Unauthorized
put:
operationId: updateSslSettings
summary: Update SSL scanning settings
description: >-
Update the SSL/TLS inspection configuration. Changes must be
committed to take effect.
tags:
- SSL Scanning
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SslSettings'
responses:
'200':
description: Settings updated
'400':
description: Invalid settings
'401':
description: Unauthorized
/ssl/certificates:
get:
operationId: listSslCertificates
summary: List SSL certificates
description: >-
Retrieve the list of SSL/TLS certificates used by the gateway
for SSL inspection.
tags:
- SSL Scanning
responses:
'200':
description: List of certificates
content:
application/json:
schema:
type: object
properties:
certificates:
type: array
items:
$ref: '#/components/schemas/SslCertificate'
'401':
description: Unauthorized
post:
operationId: uploadSslCertificate
summary: Upload an SSL certificate
description: >-
Upload a new SSL/TLS certificate for use in SSL inspection.
tags:
- SSL Scanning
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SslCertificateUpload'
responses:
'201':
description: Certificate uploaded
content:
application/json:
schema:
$ref: '#/components/schemas/SslCertificate'
'400':
description: Invalid certificate
'401':
description: Unauthorized
/dlp/settings:
get:
operationId: getDlpSettings
summary: Get DLP settings
description: >-
Retrieve the current Data Loss Prevention configuration including
enabled classifiers, actions, and sensitivity levels.
tags:
- Data Loss Prevention
responses:
'200':
description: DLP settings
content:
application/json:
schema:
$ref: '#/components/schemas/DlpSettings'
'401':
description: Unauthorized
put:
operationId: updateDlpSettings
summary: Update DLP settings
description: >-
Update the Data Loss Prevention configuration. Changes must be
committed to take effect.
tags:
- Data Loss Prevention
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/DlpSettings'
responses:
'200':
description: Settings updated
'400':
description: Invalid settings
'401':
description: Unauthorized
/dlp/classifiers:
get:
operationId: listDlpClassifiers
summary: List DLP classifiers
description: >-
Retrieve the list of available data classifiers for content
inspection and data loss prevention.
tags:
- Data Loss Prevention
responses:
'200':
description: List of DLP classifiers
content:
application/json:
schema:
type: object
properties:
classifiers:
type: array
items:
$ref: '#/components/schemas/DlpClassifier'
'401':
description: Unauthorized
/authentication/settings:
get:
operationId: getAuthenticationSettings
summary: Get authentication settings
description: >-
Retrieve the current user authentication configuration including
authentication methods, directory services, and bypass rules.
tags:
- Authentication
responses:
'200':
description: Authentication settings
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticationSettings'
'401':
description: Unauthorized
put:
operationId: updateAuthenticationSettings
summary: Update authentication settings
description: >-
Update the user authentication configuration. Changes must be
committed to take effect.
tags:
- Authentication
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticationSettings'
responses:
'200':
description: Settings updated
'400':
description: Invalid settings
'401':
description: Unauthorized
components:
securitySchemes:
cookieAuth:
type: apiKey
in: cookie
name: JSESSIONID
description: >-
Session cookie obtained via the Konfigurator REST /login endpoint.
parameters:
ruleSetId:
name: ruleSetId
in: path
required: true
description: Unique identifier of the rule set
schema:
type: string
ruleId:
name: ruleId
in: path
required: true
description: Unique identifier of the rule
schema:
type: string
schemas:
RuleSet:
type: object
properties:
id:
type: string
description: Unique rule set identifier
name:
type: string
description: Rule set name
description:
type: string
description: Rule set description
type:
type: string
enum:
- request
- response
- error
description: Processing phase for the rule set
enabled:
type: boolean
description: Whether the rule set is active
order:
type: integer
description: Processing order of the rule set
ruleCount:
type: integer
description: Number of rules in the set
rules:
type: array
items:
$ref: '#/components/schemas/Rule'
description: Rules contained in this rule set
RuleSetCreate:
type: object
required:
- name
- type
properties:
name:
type: string
description: Rule set name
description:
type: string
description: Rule set description
type:
type: string
enum:
- request
- response
- error
description: Processing phase
enabled:
type: boolean
default: true
description: Whether the rule set is enabled
RuleSetUpdate:
type: object
properties:
name:
type: string
description: Updated rule set name
description:
type: string
description: Updated description
enabled:
type: boolean
description: Enable or disable the rule set
order:
type: integer
description: Updated processing order
Rule:
type: object
properties:
id:
type: string
description: Unique rule identifier
name:
type: string
description: Rule name
description:
type: string
description: Rule description
enabled:
type: boolean
description: Whether the rule is active
order:
type: integer
description: Processing order within the rule set
condition:
$ref: '#/components/schemas/RuleCondition'
action:
$ref: '#/components/schemas/RuleAction'
RuleCreate:
type: object
required:
- name
- condition
- action
properties:
name:
type: string
description: Rule name
description:
type: string
description: Rule description
enabled:
type: boolean
default: true
description: Whether the rule is enabled
condition:
$ref: '#/components/schemas/RuleCondition'
action:
$ref: '#/components/schemas/RuleAction'
RuleUpdate:
type: object
properties:
name:
type: string
description: Updated rule name
description:
type: string
description: Updated description
enabled:
type: boolean
description: Enable or disable the rule
order:
type: integer
description: Updated processing order
condition:
$ref: '#/components/schemas/RuleCondition'
action:
$ref: '#/components/schemas/RuleAction'
RuleCondition:
type: object
properties:
property:
type: string
description: >-
Property to evaluate (e.g., URL.Host, URL.Categories,
Antimalware.Infected, Client.IP)
operator:
type: string
enum:
- equals
- not_equals
- contains
- not_contains
- matches
- in_list
- not_in_list
- greater_than
- less_than
description: Comparison operator
value:
type: string
description: Value to compare against
listRef:
type: string
description: Reference to a custom list for in_list operations
RuleAction:
type: object
properties:
type:
type: string
enum:
- allow
- block
- redirect
- authenticate
- log
- continue
- stop_rule_set
- stop_cycle
description: Action to take when the rule matches
blockTemplate:
type: string
description: Block page template to display
redirectUrl:
type: string
description: URL to redirect to
UrlCategory:
type: object
properties:
id:
type: string
description: Category identifier
name:
type: string
description: Category name
description:
type: string
description: Category description
parentCategory:
type: string
description: Parent category name for subcategories
UrlLookupResult:
type: object
properties:
url:
type: string
description: Looked up URL
categories:
type: array
items:
type: string
description: Assigned URL categories
reputation:
type: string
enum:
- trusted
- neutral
- suspicious
- high_risk
- malicious
description: URL reputation score
riskLevel:
type: integer
minimum: 0
maximum: 127
description: Numeric risk level (0-127)
UrlFilterSettings:
type: object
properties:
enabled:
type: boolean
description: Whether URL filtering is enabled
blockedCategories:
type: array
items:
type: string
description: List of blocked URL category IDs
allowedExceptions:
type: array
items:
type: string
description: URLs or patterns excepted from filtering
safeSearchEnabled:
type: boolean
description: Whether safe search enforcement is enabled
blockUncategorized:
type: boolean
description: Whether to block uncategorized URLs
AntiMalwareEngine:
type: object
properties:
name:
type: string
description: Engine name
version:
type: string
description: Engine version
signatureDate:
type: string
format: date-time
description: Last signature update timestamp
enabled:
type: boolean
description: Whether the engine is enabled
status:
type: string
enum:
- active
- updating
- error
description: Current engine status
AntiMalwareSettings:
type: object
properties:
enabled:
type: boolean
description: Whether anti-malware scanning is enabled
engines:
type: array
items:
type: string
description: List of enabled engine names
scanDirection:
type: string
enum:
- both
- request_only
- response_only
description: Direction of traffic to scan
maxScanSize:
type: integer
description: Maximum file size to scan in bytes
blockOnError:
type: boolean
description: Whether to block if scanning fails
gatewayAntiMalwareEnabled:
type: boolean
description: Whether Gateway Anti-Malware (GAM) engine is enabled
SslSettings:
type: object
properties:
enabled:
type: boolean
description: Whether SSL inspection is enabled
verifyServerCertificates:
type: boolean
description: Whether to verify upstream server certificates
bypassDomains:
type: array
items:
type: string
description: Domains to bypass SSL inspection
bypassCategories:
type: array
items:
type: string
description: URL categories to bypass SSL inspection
minimumProtocolVersion:
type: string
enum:
- TLSv1.0
- TLSv1.1
- TLSv1.2
- TLSv1.3
description: Minimum TLS protocol version to accept
SslCertificate:
type: object
properties:
id:
type: string
description: Certificate identifier
subject:
type: string
description: Certificate subject
issuer:
type: string
description: Certificate issuer
validFrom:
type: string
format: date-time
description: Certificate validity start date
validTo:
type: string
format: date-time
description: Certificate expiration date
serialNumber:
type: string
description: Certificate serial number
fingerprint:
type: string
description: Certificate SHA-256 fingerprint
SslCertificateUpload:
type: object
required:
- certificate
properties:
certificate:
type: string
description: PEM-encoded certificate data
privateKey:
type: string
description: PEM-encoded private key (for CA certificates)
passphrase:
type: string
description: Private key passphrase if encrypted
DlpSettings:
type: object
properties:
enabled:
type: boolean
description: Whether DLP is enabled
action:
type: string
enum:
- block
- log
- quarantine
description: Default action when sensitive data is detected
enabledClassifiers:
type: array
items:
type: string
description: List of enabled classifier IDs
scanUploads:
type: boolean
description: Whether to scan file uploads
scanFormData:
type: boolean
description: Whether to scan form data submissions
DlpClassifier:
type: object
properties:
id:
type: string
description: Classifier identifier
name:
type: string
description: Classifier name
description:
type: string
description: What the classifier detects
type:
type: string
enum:
- builtin
- custom
- regex
description: Classifier type
enabled:
type: boolean
description: Whether the classifier is active
AuthenticationSettings:
type: object
properties:
enabled:
type: boolean
description: Whether user authentication is enabled
method:
type: string
enum:
- ntlm
- kerberos
- ldap
- radius
- basic
- cookie
description: Primary authentication method
fallbackMethod:
type: string
enum:
- ntlm
- kerberos
- ldap
- radius
- basic
- cookie
- none
description: Fallback authentication method
directoryServer:
type: string
description: LDAP/AD directory server address
directoryBaseDn:
type: string
description: Base DN for directory searches
bypassIps:
type: array
items:
type: string
description: IP addresses exempt from au
# --- truncated at 32 KB (32 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/trellix-web-gateway/refs/heads/main/openapi/trellix-web-gateway-policy-openapi.yml