Thank you for exploring the Sucuri dashboard demo.
To gain full access, please sign up or contact us.
| Domain: | example.com |
| API Key (for plugin): | key Refresh |
| API Key (API_KEY): | key |
| API Secret (API_SECRET): | Secret |
With the introduction of the second version for the Website Firewall API the structure of the responses was unified and now all of them are JSON-encoded. Every request you send will be responded with the same attributes and the values will only be changed when your request is executed successfully.
| Attribute | Type | Description |
|---|---|---|
status |
boolean |
Either a one or a zero. This property indicates the success or fail of the operation, you will find an explanation of this accessing the messages property and looping through all the messages added there (if not empty). |
messages |
[]string |
A list of messages collected through the execution of the action specified in the request. |
action |
string |
The official name of the action executed, the old action names from the first API version will be available in this one but is recommended to change them and start using the values returned in this attribute. |
request_time |
timestamp |
The Unix Time of the moment when the request reached our servers. |
verbose |
boolean |
Either a one or a zero. This property indicates the state of the verbosing for the responses, you can modify it adding verbose a verbose parameter in the request to force the return of the output object instead of all the response properties. |
output |
[]object |
If the request was processed by the API successfully then this attribute will be filled with data resulting from the operation executed internally by our services. If status is reporting an error then this attribute will be returned as empty. |
property |
string |
This is not a property of the response but a parameter that you can use to filter the result of the operation and the data returned after you send the request. If set, this parameter will cause the response to be simplified automatically without the use of the parameter verbose. If the string passed as the value is found as an attribute of the output object then it will be shown in the response, if not found a null will be returned instead. |
This action allows you to retrieve from our service your current account settings for the domain associated with the API Key passed in the request. Note that not all the settings of your account will be returned only the ones that we consider as public data.
| Option | Type | Description |
|---|---|---|
domain |
string |
The domain of the site. |
internal_ip_main |
string |
The internal IP address of the site. |
proxy_active |
integer |
One if the service is active, zero otherwise. |
whitelist_list |
[]string |
A list with all the IP addresses whitelisted so far. |
blacklist_list |
[]string |
A list with all the IP addresses blacklisted so far. |
security_level |
string |
The security level chosen for your site. |
cache_mode |
string |
The caching level chosen for your site. |
admin_access |
string |
Admin panel access for your site (open, restricted). |
comment_access |
string |
Comments access for your site (open, restricted). |
internal_domain_ip |
string |
Firewall IP. |
internal_domain_debug_list |
[]string |
Debug URL. |
compression_mode |
string |
Compression. |
brotli |
string |
Brotli. |
force_https |
string |
Protocol Redirection. |
spdy_mode |
string |
HTTP/2 Support. |
max_upload_size |
string |
Maximum Upload Size. |
force_sec_headers |
string |
Add Additional Security Headers. |
unfiltered_html |
string |
Stop unfiltered HTML from being sent to your site. |
block_php_upload |
string |
Stop upload of PHP or executable content. |
behind_cdn |
string |
Site is behind CDN. |
http_flood_protection |
string |
Flood protection. |
detect_adv_evasion |
string |
Advanced evasion detection. |
aggressive_bot_filter |
string |
Aggressive bot filter. |
This endpoint can be used to modify the value of all the settings available in the dashboard. Notice that some data might be restricted in which case you will have to contact our support team for assistance. In the example request the parameter SETTING is one of the names listed in the table below, you can modify multiple settings with the same request adding more parameters with the names that you want to modify.
curl 'https://waf.sucuri.net/api?v2' \ --data 'k=API_KEY' \ --data 's=API_SECRET' \ --data 'a=update_setting' \ --data 'SETTING=VALUE'
| Setting | Description | Values |
|---|---|---|
new_internal_ip |
Adds a new item to the list of hosting addresses. You must also send the type (if alternate or backup) using a parameter named "new_internal_ip_type" and an additional flag to tell the API to process the HTTP request named "manage_internal_ip". You can add a note to the address using the parameter "hosting_ip_notes". Additional to the notes, you can also add a tag, which is a unique identifier for the region where the address is going to be used, you can do this via another parameter named "new_internal_ip_tag". | IPv4, IPv6, TLD |
delete_internal_ip |
Deletes an item from the list of hosting addresses. | true |
pause_internal_ip |
Pauses an item from the list of hosting addresses. | true |
play_internal_ip |
Un-pauses an item from the list of hosting addresses. | true |
securitylevel |
Modifies the security level. | high, paranoid |
adminaccess |
Modifies the administration access mode. | open, restricted |
force_sec_headers |
Enables or disables the HTTP security headers. | enabled, disabled |
commentaccess |
Enables or disables the ability to leave comments. | open, restricted |
unfiltered_html |
Enables or disables the ability HTML filters. | allow_unfilter, block_unfilter |
block_php_upload |
Enables or disables the ability to upload files. | allow_uploads, block_uploads |
detect_adv_evasion |
Enables or disables the detection of advanced evasion. | enabled, disabled |
ids_monitoring |
Enables or disables the intrusion detection system. | enabled, disabled |
aggressive_bot_filter |
Enables or disables aggressive filters against robots. | enabled, disabled |
http_flood_protection |
Enables or disables the HTTP flood protection. | js_filter, disabled |
docache |
Modifies the cache mode for the website. | docache, nocache, sitecache, nocacheatall |
compression_mode |
Enables or disables the data compression. | enabled, disabled |
brotli |
Enables or disables brotli support. | enabled, disabled |
failover_time |
Configures the time in seconds for a fail-over. | 5, 10, 30, 60 |
forwardquerystrings_mode |
Enables or disables the HTTP query strings forwarding. | enabled, disabled |
force_https |
Configures the HTTP protocol redirection. | http, https, null |
spdy_mode |
Enables or disables the HTTP2 support. | enabled, disabled |
max_upload_size |
Configures the maximum size for uploaded files in megabytes. | 5m, 10m, 50m, 100m, 200m, 400m |
behind_cdn |
Configures the CDN being used by the website. | none, behind_akamai, behind_cloudflare, behind_maxcdn, behind_cdn |
block_attacker_country |
Denies access to the top attacker countries via GeoIP. | enabled, disabled |
domain_alias |
Adds a new item to the list of domain aliases. | TLD |
remove_domain_alias[] |
Deletes an item from the list of domain aliases. | []TLD |
whitelist_dir |
Adds a new item to the list of whitelisted URLs. You must also send the pattern that will be used to match the URL, the parameter is named "whitelist_dir_pattern" and accepts these values: matches, begins_with, ends_with, equals. The API only accepts one URL and one pattern per request. | URL |
remove_whitelist_dir[] |
Deletes an item from the list of whitelisted URLs. | []URL |
blacklist_dir |
Adds a new item to the list of blacklisted URLs. You must also send the pattern that will be used to match the URL, the parameter is named "blacklist_dir_pattern" and accepts these values: matches, begins_with, ends_with, equals. The API only accepts one URL and one pattern per request. | URL |
remove_blacklist_dir[] |
Deletes an item from the list of blacklisted URLs. | []URL |
noncache_dir |
Adds a new item to the list of non-cacheable URLs. You must also send the pattern that will be used to match the URL, the parameter is named "noncache_dir_pattern" and accepts these values: matches, begins_with, ends_with, equals. The API only accepts one URL and one pattern per request. | URL |
remove_noncache_dir[] |
Deletes an item from the list of non-cacheable URLs. | []URL |
block_from_viewing[] |
Configures the countries that will be blocked from sending a GET request to the website. Notice that this option overrides the value of the setting, this means that you can not add individual countries to the list but the complete list of countries that will be blocked. You must send another parameter named "update_geo_blocking" with any value in order to force the API to process the request. | US, CA, BR, etc |
block_from_posting[] |
Configures the countries that will be blocked from sending a POST request to the website. Notice that this option overrides the value of the setting, this means that you can not add individual countries to the list but the complete list of countries that will be blocked. You must send another parameter named "update_geo_blocking" with any value in order to force the API to process the request. | US, CA, BR, etc |
block_useragent |
Adds a new item to the list of blocked user-agents. | string |
remove_block_useragent[] |
Deletes an item from the list of blocked user-agents. | []string |
block_referer |
Adds a new item to the list of blocked HTTP referers. | string |
remove_block_referer[] |
Deletes an item from the list of blocked HTTP referers. | []string |
block_cookie |
Adds a new item to the list of blocked browser cookies. | string |
remove_block_cookie[] |
Deletes an item from the list of blocked browser cookies. | []string |
ahttp_method |
Adds a new item to the list of allowed HTTP methods. | |
remove_ahttp_method[] |
Deletes an item from the list of allowed HTTP methods. | []string |
twofactorauth_path |
Adds a new item to the list of protected pages via 2Factor-Auth. You must also specify which protection will be applied to the page, the parameter is named "twofactorauth_type" and accepts these values: password, googleauth, captcha, ip. If you choose to protect the URL with "IP" the firewall will expect that the address is among the whitelisted IP addresses. The API only accepts one URL and one pattern per request. | URL |
item_twofactorauth_path |
Deletes an item from the list of protected pages. If you also include the parameter "twofactorauth_update_pwd" in the request, the API will not delete the URLs from the list, but instead will re-generate the keys. This applies to the URLs protected by a password or by Google Auth. | []URL |
origin_protocol_port |
Configures the port number for the connection. | 80, 443 |
Whitelists your current IP address (or another defined IP address) so it won't be blocked by some of our security rules. It will also have access your admin panels if you have it restricted to only trusted IP Addresses on the security settings. By default this endpoint will whitelist the IP address associated to the HTTP request of the client. If you want to specify a custom IP, you have to pass the parameter ip with a valid IPv4/IPv6 address. If an IP address isn't set your current IP is used.
curl 'https://waf.sucuri.net/api?v2' \ --data 'k=API_KEY' \ --data 's=API_SECRET' \ --data 'a=whitelist_ip' \ --data 'ip=IP_ADDRESS'
Note. The line --data 'ip=IP_ADDRESS' is optional, when it is not set, your current IP Address will be used.
Deletes your current IP (or another defined IP address) from the whitelist. By default this endpoint will delete the IP address associated to the HTTP request of the client. If you want to specify a custom IP, you have to pass the parameter ip with a valid IPv4/IPv6 address. If an IP address isn't set your current IP is used.
curl 'https://waf.sucuri.net/api?v2' \ --data 'k=API_KEY' \ --data 's=API_SECRET' \ --data 'a=delete_whitelist_ip' \ --data 'ip=IP_ADDRESS'
Note. The line --data 'ip=IP_ADDRESS' is optional, when it is not set, your current IP Address will be used.
Blacklists an IP address, so it can't reach your website.
curl 'https://waf.sucuri.net/api?v2' \ --data 'k=API_KEY' \ --data 's=API_SECRET' \ --data 'a=blacklist_ip' \ --data 'ip=IP_ADDRESS'
Note. The line --data 'ip=IP_ADDRESS' is optional, when it is not set, your current IP Address will be used.
Deletes the defined IP address from the blacklist. The IP address has to be a valid IPv4/IPv6 address.
curl 'https://waf.sucuri.net/api?v2' \ --data 'k=API_KEY' \ --data 's=API_SECRET' \ --data 'a=delete_blacklist_ip' \ --data 'ip=IP_ADDRESS'
Adds one or more sites to your account.
curl 'https://waf.sucuri.net/api?v2' \ --data 'k=API_KEY' \ --data 'under_ddos_attack=(0 or 1)' \ --data 'restrict_admin_access=(0 or 1)' \ --data 'use_sucuri_dns=(0 or 1)' \ --data 'a=add_site' \ --data 'domains=domain1.tld,domain2.tld,domainn.tld'
Removes one site from your account.
curl 'https://waf.sucuri.net/api?v2' \ --data 'k=API_KEY' \ --data 'a=delete_site' \ --data 'domain=domain.tld'
Note: The line --data 'ip=IP_ADDRESS' is optional, when it is not set, your current IP Address will be used.
This option can be used to clear the Website Firewall cache after any website changes have been made.
This will reflect live as soon as you click the clear cache button.
This option can be used to remove a file from the Website Firewall cache.
This will reflect live as soon as you click the clear cache button.
This action allows you to retrieve the latest audit log entries caught by our service. You will get a dump of all the blocked events for the date specified (or for the current day if you don't specify this parameter) allowing you to integrate our data in your own dashboard.
Note. The parameters date, query, offset and limit are optionals and currently they are not fully implemented so if you have an issue with one of them please report it to our development team.
This action allows you to retrieve the list of protected URLs set in the Access Control / Protected Pages
| Field | Description |
|---|---|
path |
The protected path without the domain |
password |
The password generated automatically when it applies |
state |
It can be 'unused' or the type of protection applied |
provisioning_uri |
Only when the state is googleauth |
qrcode_image |
Only when the state is googleauth |
This action allows you to add one or more protected URLs.
To add more than one, use the following:
protected_page[]=URL&protected_page[]=URL
This action allows you to update the password automatically for some protected URLs.
This action allows you to remove one or more protected URLs.
This action allows you to set the status of the email reports for your domain. If the new status is enabled, you can also set the following settings.
| Setting | Accepted values |
|---|---|
| period | day, week, month (default) |
| format | pdf (default), csv, html |
| emails | All emails separated by comma (account email when empty) |
| Sites | |
|---|---|
| example.com |