Get website denylog

Returns denylog entries for a given website.

URL

/api/v1/website/[website_id]/denylog

HTTP Method

GET

URL Parameters

Parameter	Required	Type	Description
website_id	true	integer	Specifies the website ID to return denylog entries for.

Response Parameters

Returns an array of denylog_entry.

denylog_entry

A denylog_entry object is an array containing the following:

Index	Parameter	Type	Description
0	id	string containing integer	ID of the deny log entry
1	time	string containing integer	Timestamp of the denied request
2	source	string containing integer	The source IP address represented as an integer
3	host	string containing hostname/IP address	The target host of the denied request
4	path	string containing URL path	The target path of the denied request
5	violation_id	string containing integer	ID of the violation that occurred
6	status	string containing integer	Indicates whether the deny entry has been added to the ACL "0" → has not been added to ACL "1" → has been added to ACL
7	attack_class_id	string containing integer	ID of the attack class "1" → SQL injection "2" → XPath injection "3" → SSI injection "4" → OS commanding "5" → XSS "6" → Path traversal "7" → Enumeration "8" → Format string "9" → Buffer overflow "10" → DoS attempt "11" → Worm probe "12" → Access violation "13" → Malformed request "14" → HTML tags "15" → Session invalid "16" → XSRF "17" → Session expired "18" → Detection evasion "19" → File inclusion "20" → CRLF injection "21" → HTTP request smuggling "22" → XQuery injection "23" → LDAP injection "24" → XML injection "25" → Null byte injection "35" → Information leak "50" → Backend error "51" → Broken robot "52" → Broken int. link "53" → Broken ext. link "54" → Other "60" → None "70" → False positive "99" → Friendly
8	resp_status	string containing integer	HTTP status code returned by the response
9	resp_time	string containing integer	The time from when the WSM received the request and forwarded it to the backend server until the response is sent to the client from WSM Measured in milliseconds
10	backend_host	string containing integer	Indicates which backend host received the request (0 for 1st host, 1 for 2nd, etc)
11	action	string containing integer	Action applied to the request "-1" → Block IP "0" → Block "1" → Strip "2" → Allow
12	risk	string containing integer	Indicates risk level associated with the deny entry "1" → Critical "2" → High "3" → Medium "4" → Low "5" → None
13	ccode	string containing country code	Country code for origin of the denied request
14	proto	string containing integer	Protocol of the request "1" → http "2" → https
15	normality_score	string containing integer	Expresses the normality in parts per million
16	normality_flag	string containing integer	Indicates the normality of the denied request "0" → Normal less than "0" → Abnormal
17	compromise_score	string containing integer	Expresses the fidelity of the compromise observation

Example: Get available websites

Request

GET

/api/v1/website/1/denylog

cURL

curl -kv -u api_ninja:ninja_password -X GET https://172.31.1.172:4849/api/v1/website/1/denylog

Response

[
    [
        "10000",
        "1477424180",
        "30348151",
        "www.example.com",
        "/a/path",
        "5",
        "0",
        "99",
        "200",
        "285",
        "0",
        "0",
        "0",
        "CN",
        "1",
        "0",
        "0",
        "0"
    ],
    [
        "9999",
        "1477424180",
        "18663245",
        "www.anotherexample.com",
        "/another/path",
        "8",
        "0",
        "99",
        "200",
        "285",
        "0",
        "0",
        "0",
        "CN",
        "1",
        "0",
        "0",
        "0"
    ]
]