{"id":163,"date":"2025-06-26T01:38:29","date_gmt":"2025-06-26T01:38:29","guid":{"rendered":"https:\/\/r229.rookiessportsbarny.com\/?p=163"},"modified":"2025-06-26T01:38:29","modified_gmt":"2025-06-26T01:38:29","slug":"web-application-firewall-waf-your-first-line-of-defense-for-website-security","status":"publish","type":"post","link":"https:\/\/r229.rookiessportsbarny.com\/?p=163","title":{"rendered":"Web Application Firewall (WAF): Your First Line of Defense for Website Security"},"content":{"rendered":"<p data-start=\"379\" data-end=\"579\">In today\u2019s digital world, your web application is more than just code \u2014 it\u2019s your storefront, your customer portal, your brand. And unfortunately, it\u2019s also one of the most targeted assets by hackers.<\/p>\n<p data-start=\"581\" data-end=\"825\">From SQL injections and cross-site scripting (XSS) to automated bot attacks and DDoS floods, attackers are constantly scanning for weaknesses. That\u2019s where the <strong data-start=\"741\" data-end=\"775\">Web Application Firewall (WAF)<\/strong> becomes your essential first layer of protection.<\/p>\n<hr data-start=\"827\" data-end=\"830\" \/>\n<h2 data-start=\"832\" data-end=\"870\">What Is a Web Application Firewall?<\/h2>\n<p data-start=\"872\" data-end=\"1157\">A <strong data-start=\"874\" data-end=\"908\">Web Application Firewall (WAF)<\/strong> is a security system that <strong data-start=\"935\" data-end=\"981\">monitors, filters, and blocks HTTP traffic<\/strong> to and from a web application. Unlike traditional firewalls that protect the network perimeter, a WAF focuses specifically on <strong data-start=\"1108\" data-end=\"1139\">layer 7 (application layer)<\/strong> of the OSI model.<\/p>\n<p data-start=\"1159\" data-end=\"1171\">A WAF helps:<\/p>\n<ul data-start=\"1173\" data-end=\"1384\">\n<li data-start=\"1173\" data-end=\"1212\">\n<p data-start=\"1175\" data-end=\"1212\">Detect and block malicious requests<\/p>\n<\/li>\n<li data-start=\"1213\" data-end=\"1272\">\n<p data-start=\"1215\" data-end=\"1272\">Prevent exploitation of web application vulnerabilities<\/p>\n<\/li>\n<li data-start=\"1273\" data-end=\"1333\">\n<p data-start=\"1275\" data-end=\"1333\">Reduce the risk of data breaches and service disruptions<\/p>\n<\/li>\n<li data-start=\"1334\" data-end=\"1384\">\n<p data-start=\"1336\" data-end=\"1384\">Meet compliance standards (PCI-DSS, HIPAA, GDPR)<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"1386\" data-end=\"1389\" \/>\n<h2 data-start=\"1391\" data-end=\"1431\">Common Threats a WAF Protects Against<\/h2>\n<div class=\"_tableContainer_16hzy_1\">\n<div class=\"_tableWrapper_16hzy_14 group flex w-fit flex-col-reverse\" tabindex=\"-1\">\n<table class=\"w-fit min-w-(--thread-content-width)\" data-start=\"1433\" data-end=\"2174\">\n<thead data-start=\"1433\" data-end=\"1523\">\n<tr data-start=\"1433\" data-end=\"1523\">\n<th data-start=\"1433\" data-end=\"1459\" data-col-size=\"sm\">Threat Type<\/th>\n<th data-start=\"1459\" data-end=\"1523\" data-col-size=\"md\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody data-start=\"1616\" data-end=\"2174\">\n<tr data-start=\"1616\" data-end=\"1708\">\n<td data-start=\"1616\" data-end=\"1644\" data-col-size=\"sm\"><strong data-start=\"1618\" data-end=\"1642\">SQL Injection (SQLi)<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"1644\" data-end=\"1708\">Injecting malicious SQL code into input fields<\/td>\n<\/tr>\n<tr data-start=\"1709\" data-end=\"1802\">\n<td data-start=\"1709\" data-end=\"1742\" data-col-size=\"sm\"><strong data-start=\"1711\" data-end=\"1741\">Cross-Site Scripting (XSS)<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"1742\" data-end=\"1802\">Injecting malicious scripts to steal session cookies<\/td>\n<\/tr>\n<tr data-start=\"1803\" data-end=\"1896\">\n<td data-start=\"1803\" data-end=\"1837\" data-col-size=\"sm\"><strong data-start=\"1805\" data-end=\"1836\">Remote File Inclusion (RFI)<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"1837\" data-end=\"1896\">Loading unauthorized external files on a web server<\/td>\n<\/tr>\n<tr data-start=\"1897\" data-end=\"1988\">\n<td data-start=\"1897\" data-end=\"1925\" data-col-size=\"sm\"><strong data-start=\"1899\" data-end=\"1914\">Bot Attacks<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"1925\" data-end=\"1988\">Scraping, credential stuffing, brute force<\/td>\n<\/tr>\n<tr data-start=\"1989\" data-end=\"2081\">\n<td data-start=\"1989\" data-end=\"2017\" data-col-size=\"sm\"><strong data-start=\"1991\" data-end=\"2012\">Zero-Day Exploits<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"2017\" data-end=\"2081\">Protecting unknown vulnerabilities using behavior analysis<\/td>\n<\/tr>\n<tr data-start=\"2082\" data-end=\"2174\">\n<td data-start=\"2082\" data-end=\"2110\" data-col-size=\"sm\"><strong data-start=\"2084\" data-end=\"2110\">DDoS Attacks (Layer 7)<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"2110\" data-end=\"2174\">Flooding applications with HTTP requests<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"sticky end-(--thread-content-margin) h-0 self-end select-none\">\n<div class=\"absolute end-0 flex items-end\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"2176\" data-end=\"2323\">A good WAF not only <strong data-start=\"2196\" data-end=\"2220\">blocks known threats<\/strong>, but also adapts to <strong data-start=\"2241\" data-end=\"2277\">new and emerging attack patterns<\/strong> using behavioral and machine learning models.<\/p>\n<hr data-start=\"2325\" data-end=\"2328\" \/>\n<h2 data-start=\"2330\" data-end=\"2360\">Key Features of Modern WAFs<\/h2>\n<ol data-start=\"2362\" data-end=\"3084\">\n<li data-start=\"2362\" data-end=\"2471\">\n<p data-start=\"2365\" data-end=\"2412\"><strong data-start=\"2365\" data-end=\"2410\">Signature-Based and Behavioral Protection<\/strong><\/p>\n<ul data-start=\"2416\" data-end=\"2471\">\n<li data-start=\"2416\" data-end=\"2471\">\n<p data-start=\"2418\" data-end=\"2471\">Blocks known attack patterns and identifies anomalies<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2473\" data-end=\"2553\">\n<p data-start=\"2476\" data-end=\"2498\"><strong data-start=\"2476\" data-end=\"2496\">Custom Rule Sets<\/strong><\/p>\n<ul data-start=\"2502\" data-end=\"2553\">\n<li data-start=\"2502\" data-end=\"2553\">\n<p data-start=\"2504\" data-end=\"2553\">Tailor policies for specific applications or APIs<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2555\" data-end=\"2668\">\n<p data-start=\"2558\" data-end=\"2578\"><strong data-start=\"2558\" data-end=\"2576\">Bot Management<\/strong><\/p>\n<ul data-start=\"2582\" data-end=\"2668\">\n<li data-start=\"2582\" data-end=\"2668\">\n<p data-start=\"2584\" data-end=\"2668\">Identifies and blocks malicious bots while allowing good ones (e.g., search engines)<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2670\" data-end=\"2765\">\n<p data-start=\"2673\" data-end=\"2705\"><strong data-start=\"2673\" data-end=\"2703\">Rate Limiting &amp; Throttling<\/strong><\/p>\n<ul data-start=\"2709\" data-end=\"2765\">\n<li data-start=\"2709\" data-end=\"2765\">\n<p data-start=\"2711\" data-end=\"2765\">Prevents brute-force and API abuse by limiting traffic<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2767\" data-end=\"2860\">\n<p data-start=\"2770\" data-end=\"2805\"><strong data-start=\"2770\" data-end=\"2803\">Real-Time Logging &amp; Analytics<\/strong><\/p>\n<ul data-start=\"2809\" data-end=\"2860\">\n<li data-start=\"2809\" data-end=\"2860\">\n<p data-start=\"2811\" data-end=\"2860\">Provides actionable insights and incident reports<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2862\" data-end=\"2964\">\n<p data-start=\"2865\" data-end=\"2901\"><strong data-start=\"2865\" data-end=\"2899\">Geo-Blocking and IP Reputation<\/strong><\/p>\n<ul data-start=\"2905\" data-end=\"2964\">\n<li data-start=\"2905\" data-end=\"2964\">\n<p data-start=\"2907\" data-end=\"2964\">Blocks traffic from high-risk regions or known bad actors<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2966\" data-end=\"3084\">\n<p data-start=\"2969\" data-end=\"3002\"><strong data-start=\"2969\" data-end=\"3000\">Cloud and Hybrid Deployment<\/strong><\/p>\n<ul data-start=\"3006\" data-end=\"3084\">\n<li data-start=\"3006\" data-end=\"3084\">\n<p data-start=\"3008\" data-end=\"3084\">Supports on-premises, public cloud (AWS, Azure, GCP), or hybrid environments<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<hr data-start=\"3086\" data-end=\"3089\" \/>\n<h2 data-start=\"3091\" data-end=\"3123\">Leading WAF Solutions in 2025<\/h2>\n<div class=\"_tableContainer_16hzy_1\">\n<div class=\"_tableWrapper_16hzy_14 group flex w-fit flex-col-reverse\" tabindex=\"-1\">\n<table class=\"w-fit min-w-(--thread-content-width)\" data-start=\"3125\" data-end=\"3971\">\n<thead data-start=\"3125\" data-end=\"3230\">\n<tr data-start=\"3125\" data-end=\"3230\">\n<th data-start=\"3125\" data-end=\"3153\" data-col-size=\"sm\">Vendor<\/th>\n<th data-start=\"3153\" data-end=\"3230\" data-col-size=\"md\">Strengths<\/th>\n<\/tr>\n<\/thead>\n<tbody data-start=\"3337\" data-end=\"3971\">\n<tr data-start=\"3337\" data-end=\"3442\">\n<td data-start=\"3337\" data-end=\"3366\" data-col-size=\"sm\"><strong data-start=\"3339\" data-end=\"3357\">Cloudflare WAF<\/strong><\/td>\n<td data-start=\"3366\" data-end=\"3442\" data-col-size=\"md\">Global CDN integration, automatic updates, strong bot protection<\/td>\n<\/tr>\n<tr data-start=\"3443\" data-end=\"3548\">\n<td data-start=\"3443\" data-end=\"3472\" data-col-size=\"sm\"><strong data-start=\"3445\" data-end=\"3456\">AWS WAF<\/strong><\/td>\n<td data-start=\"3472\" data-end=\"3548\" data-col-size=\"md\">Deep integration with AWS services, scalable for large applications<\/td>\n<\/tr>\n<tr data-start=\"3549\" data-end=\"3654\">\n<td data-start=\"3549\" data-end=\"3578\" data-col-size=\"sm\"><strong data-start=\"3551\" data-end=\"3566\">Imperva WAF<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"3578\" data-end=\"3654\">Advanced analytics, threat intelligence, and compliance support<\/td>\n<\/tr>\n<tr data-start=\"3655\" data-end=\"3760\">\n<td data-start=\"3655\" data-end=\"3684\" data-col-size=\"sm\"><strong data-start=\"3657\" data-end=\"3674\">F5 BIG-IP WAF<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"3684\" data-end=\"3760\">Enterprise-grade performance, customizable policies<\/td>\n<\/tr>\n<tr data-start=\"3761\" data-end=\"3865\">\n<td data-start=\"3761\" data-end=\"3794\" data-col-size=\"sm\"><strong data-start=\"3763\" data-end=\"3793\">Akamai App &amp; API Protector<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"3794\" data-end=\"3865\">Optimized for high-volume apps and edge protection<\/td>\n<\/tr>\n<tr data-start=\"3866\" data-end=\"3971\">\n<td data-start=\"3866\" data-end=\"3895\" data-col-size=\"sm\"><strong data-start=\"3868\" data-end=\"3885\">Barracuda WAF<\/strong><\/td>\n<td data-col-size=\"md\" data-start=\"3895\" data-end=\"3971\">Easy to deploy, strong DDoS mitigation and affordability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"sticky end-(--thread-content-margin) h-0 self-end select-none\">\n<div class=\"absolute end-0 flex items-end\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<hr data-start=\"3973\" data-end=\"3976\" \/>\n<h2 data-start=\"3978\" data-end=\"4012\">WAF Use Cases Across Industries<\/h2>\n<ul data-start=\"4014\" data-end=\"4415\">\n<li data-start=\"4014\" data-end=\"4097\">\n<p data-start=\"4016\" data-end=\"4097\"><strong data-start=\"4016\" data-end=\"4030\">E-commerce<\/strong>: Protect checkout flows and customer data from injection attacks<\/p>\n<\/li>\n<li data-start=\"4098\" data-end=\"4172\">\n<p data-start=\"4100\" data-end=\"4172\"><strong data-start=\"4100\" data-end=\"4111\">Finance<\/strong>: Block API scraping and credential stuffing on login pages<\/p>\n<\/li>\n<li data-start=\"4173\" data-end=\"4253\">\n<p data-start=\"4175\" data-end=\"4253\"><strong data-start=\"4175\" data-end=\"4189\">Healthcare<\/strong>: Ensure HIPAA-compliant traffic filtering and data protection<\/p>\n<\/li>\n<li data-start=\"4254\" data-end=\"4337\">\n<p data-start=\"4256\" data-end=\"4337\"><strong data-start=\"4256\" data-end=\"4269\">Education<\/strong>: Defend public-facing portals and forms against bots and exploits<\/p>\n<\/li>\n<li data-start=\"4338\" data-end=\"4415\">\n<p data-start=\"4340\" data-end=\"4415\"><strong data-start=\"4340\" data-end=\"4358\">SaaS Providers<\/strong>: Secure APIs and user data without affecting performance<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"4417\" data-end=\"4420\" \/>\n<h2 data-start=\"4422\" data-end=\"4467\">WAF vs Traditional Firewall vs API Gateway<\/h2>\n<div class=\"_tableContainer_16hzy_1\">\n<div class=\"_tableWrapper_16hzy_14 group flex w-fit flex-col-reverse\" tabindex=\"-1\">\n<table class=\"w-fit min-w-(--thread-content-width)\" data-start=\"4469\" data-end=\"5154\">\n<thead data-start=\"4469\" data-end=\"4604\">\n<tr data-start=\"4469\" data-end=\"4604\">\n<th data-start=\"4469\" data-end=\"4495\" data-col-size=\"sm\">Feature<\/th>\n<th data-start=\"4495\" data-end=\"4530\" data-col-size=\"sm\">WAF<\/th>\n<th data-start=\"4530\" data-end=\"4566\" data-col-size=\"sm\">Traditional Firewall<\/th>\n<th data-start=\"4566\" data-end=\"4604\" data-col-size=\"sm\">API Gateway<\/th>\n<\/tr>\n<\/thead>\n<tbody data-start=\"4744\" data-end=\"5154\">\n<tr data-start=\"4744\" data-end=\"4880\">\n<td data-start=\"4744\" data-end=\"4770\" data-col-size=\"sm\">Layer Protected<\/td>\n<td data-col-size=\"sm\" data-start=\"4770\" data-end=\"4805\">Application (Layer 7)<\/td>\n<td data-col-size=\"sm\" data-start=\"4805\" data-end=\"4841\">Network\/Transport (Layer 3\u20134)<\/td>\n<td data-col-size=\"sm\" data-start=\"4841\" data-end=\"4880\">Application + API control<\/td>\n<\/tr>\n<tr data-start=\"4881\" data-end=\"5017\">\n<td data-start=\"4881\" data-end=\"4907\" data-col-size=\"sm\">Focus<\/td>\n<td data-col-size=\"sm\" data-start=\"4907\" data-end=\"4942\">HTTP\/S traffic &amp; web security<\/td>\n<td data-col-size=\"sm\" data-start=\"4942\" data-end=\"4978\">Port\/IP filtering, access control<\/td>\n<td data-col-size=\"sm\" data-start=\"4978\" data-end=\"5017\">API routing, rate limiting<\/td>\n<\/tr>\n<tr data-start=\"5018\" data-end=\"5154\">\n<td data-start=\"5018\" data-end=\"5044\" data-col-size=\"sm\">Attack Prevention<\/td>\n<td data-col-size=\"sm\" data-start=\"5044\" data-end=\"5079\">XSS, SQLi, CSRF, bots, zero-days<\/td>\n<td data-col-size=\"sm\" data-start=\"5079\" data-end=\"5115\">Port scans, DoS, malware<\/td>\n<td data-col-size=\"sm\" data-start=\"5115\" data-end=\"5154\">Abuse of API endpoints<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"sticky end-(--thread-content-margin) h-0 self-end select-none\">\n<div class=\"absolute end-0 flex items-end\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"5156\" data-end=\"5245\">These tools <strong data-start=\"5168\" data-end=\"5193\">complement each other<\/strong> and should be deployed in tandem for full coverage.<\/p>\n<hr data-start=\"5247\" data-end=\"5250\" \/>\n<h2 data-start=\"5252\" data-end=\"5288\">Best Practices for WAF Deployment<\/h2>\n<ol data-start=\"5290\" data-end=\"5888\">\n<li data-start=\"5290\" data-end=\"5390\">\n<p data-start=\"5293\" data-end=\"5323\"><strong data-start=\"5293\" data-end=\"5321\">Start in monitoring mode<\/strong><\/p>\n<ul data-start=\"5327\" data-end=\"5390\">\n<li data-start=\"5327\" data-end=\"5390\">\n<p data-start=\"5329\" data-end=\"5390\">Observe traffic and adjust rules before blocking live traffic<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"5392\" data-end=\"5496\">\n<p data-start=\"5395\" data-end=\"5428\"><strong data-start=\"5395\" data-end=\"5426\">Enable logging and alerting<\/strong><\/p>\n<ul data-start=\"5432\" data-end=\"5496\">\n<li data-start=\"5432\" data-end=\"5496\">\n<p data-start=\"5434\" data-end=\"5496\">Use dashboards to track attack attempts and rule effectiveness<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"5498\" data-end=\"5588\">\n<p data-start=\"5501\" data-end=\"5527\"><strong data-start=\"5501\" data-end=\"5525\">Tune false positives<\/strong><\/p>\n<ul data-start=\"5531\" data-end=\"5588\">\n<li data-start=\"5531\" data-end=\"5588\">\n<p data-start=\"5533\" data-end=\"5588\">Refine rules to avoid blocking legitimate user behavior<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"5590\" data-end=\"5679\">\n<p data-start=\"5593\" data-end=\"5629\"><strong data-start=\"5593\" data-end=\"5627\">Integrate with SIEM\/SOAR tools<\/strong><\/p>\n<ul data-start=\"5633\" data-end=\"5679\">\n<li data-start=\"5633\" data-end=\"5679\">\n<p data-start=\"5635\" data-end=\"5679\">Improve incident response and threat hunting<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"5681\" data-end=\"5774\">\n<p data-start=\"5684\" data-end=\"5716\"><strong data-start=\"5684\" data-end=\"5714\">Regularly update rule sets<\/strong><\/p>\n<ul data-start=\"5720\" data-end=\"5774\">\n<li data-start=\"5720\" data-end=\"5774\">\n<p data-start=\"5722\" data-end=\"5774\">Keep up with new attack patterns and vulnerabilities<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"5776\" data-end=\"5888\">\n<p data-start=\"5779\" data-end=\"5808\"><strong data-start=\"5779\" data-end=\"5806\">Protect APIs separately<\/strong><\/p>\n<ul data-start=\"5812\" data-end=\"5888\">\n<li data-start=\"5812\" data-end=\"5888\">\n<p data-start=\"5814\" data-end=\"5888\">Use WAF with API gateway features or combine with an API security solution<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>In today\u2019s digital world, your web application is more than just code \u2014 it\u2019s your storefront, your customer portal, your brand. And unfortunately, it\u2019s also one of the most targeted assets by hackers. From SQL injections and cross-site scripting (XSS)&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-163","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=\/wp\/v2\/posts\/163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=163"}],"version-history":[{"count":1,"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=\/wp\/v2\/posts\/163\/revisions"}],"predecessor-version":[{"id":164,"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=\/wp\/v2\/posts\/163\/revisions\/164"}],"wp:attachment":[{"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/r229.rookiessportsbarny.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}