Sucuri API v2 — Advanced Settings (update_setting)
API v2 - Advanced Settings
This endpoint modifies the value of all settings available in the dashboard. Some data may be restricted — in which case you must contact Sucuri support. In the example request the parameter SETTING is one of the names listed in the table below; multiple settings can be modified in the same request by adding more name=value parameters.
sh
curl 'https://waf.sucuri.net/api?v2' \
--data 'k=API_KEY' \
--data 's=API_SECRET' \
--data 'a=update_setting' \
--data 'SETTING=VALUE'
Settings
Origin / hosting addresses
| Setting |
Description |
Values |
new_internal_ip |
Adds a new item to the list of hosting addresses. Must also send new_internal_ip_type (alternate or backup) and the flag manage_internal_ip to tell the API to process the request. Optional: hosting_ip_notes (note) and new_internal_ip_tag (unique identifier for the region the address is used in). |
IPv4, IPv6, TLD |
delete_internal_ip |
Deletes an item from the list of hosting addresses. |
true |
pause_internal_ip |
Pauses an item from the list of hosting addresses. |
true |
play_internal_ip |
Un-pauses an item from the list of hosting addresses. |
true |
origin_protocol_port |
Configures the port number for the connection. |
80, 443 |
Security & access
| Setting |
Description |
Values |
securitylevel |
Modifies the security level. |
high, paranoid |
adminaccess |
Modifies admin access mode. |
open, restricted |
commentaccess |
Enables/disables comments. |
open, restricted |
force_sec_headers |
Enables/disables HTTP security headers. |
enabled, disabled |
unfiltered_html |
Enables/disables HTML filters. |
allow_unfilter, block_unfilter |
block_php_upload |
Enables/disables file uploads. |
allow_uploads, block_uploads |
detect_adv_evasion |
Enables/disables detection of advanced evasion. |
enabled, disabled |
ids_monitoring |
Enables/disables intrusion detection. |
enabled, disabled |
aggressive_bot_filter |
Enables/disables aggressive bot filters. |
enabled, disabled |
http_flood_protection |
HTTP flood protection. |
js_filter, disabled |
| Setting |
Description |
Values |
docache |
Modifies the cache mode. |
docache, nocache, sitecache, nocacheatall |
compression_mode |
Enables/disables data compression. |
enabled, disabled |
forwardquerystrings_mode |
Enables/disables HTTP query string forwarding. |
enabled, disabled |
force_https |
HTTP protocol redirection. |
http, https, null |
spdy_mode |
Enables/disables HTTP/2 support. |
enabled, disabled |
max_upload_size |
Max upload size in megabytes. |
5m, 10m, 50m, 100m, 200m, 400m |
behind_cdn |
CDN sitting in front of Sucuri. |
none, behind_akamai, behind_cloudflare, behind_cdn |
Geo blocking
| Setting |
Description |
Values |
block_attacker_country |
Denies access to top attacker countries via GeoIP. |
enabled, disabled |
block_from_viewing[] |
Countries blocked from GET. Overrides the list — send the full list each call. Also send update_geo_blocking with any value to force processing. |
US, CA, BR, ... |
block_from_posting[] |
Countries blocked from POST. Overrides the list — send the full list each call. Also send update_geo_blocking. |
US, CA, BR, ... |
Domain aliases
| Setting |
Description |
Values |
domain_alias |
Adds an item to the list of domain aliases. |
TLD |
remove_domain_alias[] |
Deletes an item from the list of domain aliases. |
[]TLD |
Allow / block / no-cache directories
| Setting |
Description |
Values |
allowlist_dir |
Adds an allowed URL. Also send allowlist_dir_pattern: matches, begins_with, ends_with, equals. One URL + one pattern per request. |
URL |
remove_allowlist_dir[] |
Deletes from the allowed URLs list. |
[]URL |
blocklist_dir |
Adds a blocked URL. Also send blocklist_dir_pattern: matches, begins_with, ends_with, equals. One URL + one pattern per request. |
URL |
remove_blocklist_dir[] |
Deletes from the blocked URLs list. |
[]URL |
noncache_dir |
Adds a non-cacheable URL. Also send noncache_dir_pattern: matches, begins_with, ends_with, equals. One URL + one pattern per request. |
URL |
remove_noncache_dir[] |
Deletes from the non-cacheable URLs list. |
[]URL |
User-agent / referer / cookie / HTTP method blocks
| Setting |
Description |
Values |
block_useragent |
Adds a blocked user-agent. |
string |
remove_block_useragent[] |
Removes blocked user-agents. |
[]string |
block_referer |
Adds a blocked HTTP referer. |
string |
remove_block_referer[] |
Removes blocked referers. |
[]string |
block_cookie |
Adds a blocked cookie. |
string |
remove_block_cookie[] |
Removes blocked cookies. |
[]string |
ahttp_method |
Adds an allowed HTTP method. |
|
remove_ahttp_method[] |
Removes allowed HTTP methods. |
[]string |
Protected pages (2FA)
| Setting |
Description |
Values |
twofactorauth_path |
Adds a 2FA-protected page. Also send twofactorauth_type: password, googleauth, captcha, ip. With ip, the firewall expects the request to come from an allowlisted IP. One URL + one pattern per request. |
URL |
item_twofactorauth_path |
Deletes a protected page. With twofactorauth_update_pwd in the request, the URL is not deleted — instead the keys (password / Google Auth) are re-generated. |
[]URL |