wafs
wafs
Each row mirrors a Sucuri WAF site. domain is the canonical key — Sucuri normalizes www. and *. to the apex, so we hold one row per apex.
See Sucuri apex normalization.
Selected columns
| Column | Type | Notes |
|---|---|---|
app_id |
integer | FK to apps |
domain |
string | Canonical apex domain |
whitelist_dir_list |
jsonb | Mirror of Sucuri allowlist directories |
blacklist_dir_list |
jsonb | Mirror of Sucuri blocklist directories |
noncache_dir_list |
jsonb | Mirror of paths excluded from cache |
block_from_posting_list |
jsonb | Country codes blocked from POST |
block_from_viewing_list |
jsonb | Country codes blocked from GET |
block_cookie_list |
jsonb | Cookie patterns to block |
block_useragent_list |
jsonb | UA strings to block (sanitized — no (, ), ,, +) |
block_referer_list |
jsonb | Referer patterns to block |
ahttp_method_list |
jsonb | Allowed HTTP verbs |
forwardquerystrings_mode |
string | enabled / disabled |
ids_monitoring |
string | enabled / disabled |
block_attacker_country |
string | enabled / disabled |
Sync pattern
After every successful Sucuri API write, the corresponding *_list column is updated locally (Waf.add_to_list / Waf.remove_from_list). DB and Sucuri can drift if a write succeeds in only one place — reconciliation is by Sucuri.show_settings calls.