Akamai API Security · JSON Structure
Api Security Custom Rule Structure
Contains settings for a custom rule.
Type: object
Properties: 16
Required: 3
API DiscoveryAPI SecurityCloud SecurityPosture ManagementRuntime ProtectionThreat Protection
custom-rule is a JSON Structure definition published by Akamai API Security, describing 16 properties, of which 3 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
Properties
conditions
description
effectiveTimePeriod
id
inspectRequest
inspectResponse
loggingOptions
metadata
name
operation
ruleActivated
samplingRate
stagingOnly
structured
tag
version
Meta-schema: https://json-structure.org/meta/core/v0/#
JSON Structure
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/akamai-api-security/refs/heads/main/json-structure/api-security-custom-rule-structure.json",
"name": "custom-rule",
"description": "Contains settings for a custom rule.",
"type": "object",
"properties": {
"conditions": {
"description": "Contains the details about the condition that triggers the custom rule.",
"items": {
"additionalProperties": false,
"properties": {
"name": {
"description": "The name you assign to the custom rule.",
"oneOf": [
{
"items": {
"type": "string"
},
"name": "Array",
"type": "array"
},
{
"name": "String",
"type": "string"
}
]
},
"nameCase": {
"description": "Whether to consider the case-sensitivity of the provided query parameter `name`. This only applies to the `uriQueryMatch` condition `type`.",
"type": "boolean"
},
"nameWildcard": {
"description": "Whether the provided header `name` is a wildcard. This only applies to the `requestHeaderMatch` condition `type`.",
"type": "boolean"
},
"positiveMatch": {
"description": "Whether the condition should trigger on a match (`true`) or a lack of match (`false`).",
"type": "boolean"
},
"type": {
"description": "The type of condition. See [CustomRule condition type values](https://techdocs.akamai.com/application-security/reference/condition-type-values).",
"enum": [
"cookieMatch",
"extensionMatch",
"filenameMatch",
"ipMatch",
"pathMatch",
"requestHeaderMatch",
"requestMethodMatch",
"requestProtocolVersionMatch",
"uriQueryMatch",
"headerOrderMatch",
"argsPostMatch",
"argsPostNamesMatch",
"clientCertPresentMatch",
"clientCertValidMatch",
"clientTlsFingerprintMatch",
"hostMatch",
"ipAddressMatch",
"geoMatch",
"asNumberMatch",
"clientListMatch"
],
"type": "string"
},
"useXForwardForHeaders": {
"description": "Whether the condition should include `X-Forwarded-For` (XFF) header. This only applies when the `type` is `ipAddressMatch`, `geoMatch`, `asNumberMatch`, or `clientListMatch`.",
"type": "boolean"
},
"value": {
"description": "The value that triggers the condition when matched or not matched. Specify a string for the `requestProtocolVersionMatch`, `clientCertPresentMatch`, `clientCertValidMatch`, and `headerOrderMatch` conditions. For all other conditions, specify an array of strings.",
"oneOf": [
{
"items": {
"type": "string"
},
"name": "Array",
"type": "array"
},
{
"name": "String",
"type": "string"
}
],
"type": "string"
},
"valueCase": {
"description": "Whether to consider the case-sensitivity of the provided header `value`. This only applies to the `requestHeaderMatch` condition `type`.",
"type": "boolean"
},
"valueExactMatch": {
"description": "Whether to consider only exact matches of the header `value`.",
"type": "boolean"
},
"valueIgnoreSegment": {
"description": "Whether to ignore path segments when matching. This only applies when the `type` is `pathMatch`.",
"type": "boolean"
},
"valueNormalize": {
"description": "Whether to normalize the value of the header when matching. This only applies to type values of `extensionMatch` and `pathMatch`.",
"type": "boolean"
},
"valueRecursive": {
"description": "Whether to use recursion when matching. When `false`, you can only match on the filename in the root folder. This only applies when the condition `type` is `filenameMatch`.",
"type": "boolean"
},
"valueWildcard": {
"description": "Whether the provided header `value` is a wildcard. This only applies when the condition `type` is `requestHeaderMatch`.",
"type": "boolean"
}
},
"required": [
"type",
"positiveMatch"
],
"type": "object"
},
"type": "array"
},
"description": {
"description": "The custom rule description.",
"type": "string"
},
"effectiveTimePeriod": {
"additionalProperties": false,
"description": "The time period during which the custom rule is active.",
"properties": {
"endDate": {
"description": "An ISO 8601 timestamp that sets when the rule expires or deactivates.",
"type": "string"
},
"startDate": {
"description": "An ISO 8601 timestamp that sets when the rule activates.",
"type": "datetime"
},
"status": {
"description": "The current status of the rule based on its `startDate` and `endDate`. By default, rules are active for 30 days. When `ACTIVE`, the rule triggers when conditions are met. When `INACTIVE`, the rule doesn't trigger. When `EXPIRING`, the rule still triggers because it's still active until its specified expiration date. When the rule's status is `EXPIRED`, the rule is inactive and doesn't trigger. If your rule expires and you want to use it again, make a PUT request to [Modify a custom rule](https://techdocs.akamai.com/application-security/reference/put-config-custom-rule) with the new dates you'd like the rule to be active.",
"enum": [
"active",
"inactive",
"expiring",
"expired"
],
"type": "string"
}
},
"required": [
"endDate",
"startDate"
],
"type": "object"
},
"id": {
"description": "Uniquely identifies the rule.",
"type": "int32"
},
"inspectRequest": {
"description": "Whether to inspect the HTTP request for unstructured custom rules.",
"type": "boolean"
},
"inspectResponse": {
"description": "Whether to inspect the HTTP response for unstructured custom rules.",
"type": "boolean"
},
"loggingOptions": {
"description": "The specific conditions to be logged.",
"items": {
"additionalProperties": false,
"description": "Condition to be logged.",
"properties": {
"id": {
"description": "The unique identifier for each logging option. See [Logging option values](https://techdocs.akamai.com/application-security/reference/logging-option-values).",
"enum": [
"CLIENT_TLS_FINGERPRINT_MATCH",
"HEADER_ORDER_MATCH",
"REQUEST_HEADER_MATCH",
"COOKIE_MATCH",
"URI_QUERY_MATCH",
"ARGS_POST_MATCH"
],
"type": "string"
},
"name": {
"description": "A description of the logging option type.",
"type": "string"
},
"value": {
"description": "The value on which to match when determining whether to log the custom rule condition.",
"type": "string"
}
},
"required": [
"id"
],
"type": "object",
"x-akamai": {
"file-path": "schemas/logging-option.yaml"
}
},
"type": "array"
},
"metadata": {
"description": "The metadata you provided for unstructured custom rules.",
"type": "string"
},
"name": {
"description": "The custom rule name.",
"type": "string"
},
"operation": {
"description": "Specify `AND` logic to require all conditions, or `OR` logic to require at least one condition to match.",
"enum": [
"AND",
"OR"
],
"type": "string"
},
"ruleActivated": {
"description": "Whether the rule is active in the configuration.",
"type": "boolean"
},
"samplingRate": {
"description": "The portion of traffic to sample, expressed as a percent.",
"maximum": 100,
"minimum": 0,
"type": "int32"
},
"stagingOnly": {
"default": false,
"description": "Whether to show traffic from only the staging network, or all traffic. The default setting is `false` and only shows in the response when `true`. ",
"type": "boolean"
},
"structured": {
"description": "Whether you created the rule with the structured custom rule builder or free-form XML. This needs to be `true`.",
"type": "boolean"
},
"tag": {
"description": "The list of labels you assigned to the custom rule.",
"items": {
"type": "string"
},
"type": "array"
},
"version": {
"description": "The custom rule version.",
"type": "int32"
}
},
"required": [
"name",
"operation",
"structured"
],
"additionalProperties": false
}