AI-Powered Web Application Firewall - REST API Documentation

Important Notice: This API is provided for testing purposes only. Please do not use it in production environments. Sandbox the testing environment.

Back to Home

Home

Base URL

https://restapiwaf.leagueofcoders.app

Authentication

No authentication is required for testing purposes.

Endpoints

POST

Create a new resource in the testing environment.

Request Body Format

{
    "data": {
        "field1": "value1",
        "field2": "value2",
        "fieldN": "valueN"  // Any number of simple key-value pairs
    }
}

Example Request

curl -X POST https://restapiwaf.leagueofcoders.app/predict \
  -H "Content-Type: application/json" \
  -d '{
        "data": {
            "name": "John",
            "email": "test@test.com",
            "age": "47",
            "occupation": "engineer",
            "city": "New York",
            "isActive": true
            }
        }'

Response

"malicious"  or "non-malicious"

GET

Query for malicious content detection using URL parameters.

Example Request

https://restapiwaf.leagueofcoders.app/predict?param1=hello&param2=world&param3=1234&param4=5678

Response

"malicious"  or "non-malicious"

Field Guidelines

Allowed value types:

Example Valid Field Types

{
    "data": {
        "string_field": "text value",
        "number_field": 42,
        "boolean_field": true,
        "null_field": null
    }
}

Response Description

Response Description
malicious The provided data has been flagged as malicious
non-malicious The provided data has been identified as non-malicious

Error Responses

Status Code Description
400 Bad Request - Invalid input
500 Internal Server Error

Error Response Format

{
    "status": "error",
    "message": "Description of the error",
    "error_code": "ERROR_CODE"
}

WAF Test Guidelines

  1. Sandbox your testing environment
  2. Clear all data regularly from the testing environment
  3. No sensitive or production data should be used
  4. Service availability is not guaranteed

WAF Test Results CSV Download

All your test data would be logged as "logginginput_v36.csv" and you can download it to see how it performance.

  1. WAF test log record - https://withwaf.leagueofcoders.app/logginginput_v36.csv
  2. WAF Rest API test log record - https://restapiwaf.leagueofcoders.app/download_logs

Web Application Attack Vectors Test Results

  1. Download the SQLi, XSS, SSRF, Command Injection, Directory Traversal and Local File Inclusion from Dropbox https://www.dropbox.com/scl/fo/f6r493yylu5p5osnenfme/AOhU6uObejrvH848NN2DU_Y?rlkey=uhdhx0sgqv4s4visesmkpefb2&st=pnagt45b&dl=0

Support

For testing-related questions, reach to me at www.linkedin.com/in/naiwah or email naiwah@loc.com.sg

Back to main page Home