diff --git a/api-ref/source/apis/certificate_management/creating_a_certificate.rst b/api-ref/source/apis/certificate_management/creating_a_certificate.rst index d2eef58..88bacad 100644 --- a/api-ref/source/apis/certificate_management/creating_a_certificate.rst +++ b/api-ref/source/apis/certificate_management/creating_a_certificate.rst @@ -108,8 +108,8 @@ Example Requests { "name" : "demo", - "content" : "-----BEGIN CERTIFICATE----- MIIDyzCCArOgAwIBAgIJAN5U0Z4Bh5ccMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV BAYTAlpIMRIwEAYDVQQIDAlHVUFOR0RPTkcxETAPBgNVBAcMCERPTkdHVUFOMQ0w CwYDVQQKDARERUtFMQswCQYDVQQLDAJESzELMAkGA1UEAwwCT0QxHTAbBgkqhkiG 9w0BCQEWDk8IZC5odWF3ZWkuY29tMB4XDTIxMTExNTA4MTk0MVoXDTIyMTExNTA4 MTk0MVowfDELMAkGA1UEBhMCWkgxEjAQBgNVBAgMCUdVQU5HRE9ORzERMA8GA1UE BwwIRE9OR0dVQU4xDTALBgNVBAoMBERFS0UxCzAJBgNVBAsMAkRLMQswCQYDVQQD DAJPRDEdMBsGCSqGSIb3DQEJARYOTwhkLmh1YXdlaS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDcoLFK62//r0RHFyweYBj97S4NsJ8Qj0RG+Y02 OgwhQmRiNNjubJwP8Nqqyd86zr+fsSQxKBaBCosn1PcN2Pj2vPJD6NEk4I6VdOWr /kFYMlOcimhSfW4wt6VakniOKIYGrCxxvQe1X2OyBxT+ocTLRgEIB8ZbvJyPNseg feLEUuPYRpQ5kXLgJH2/3NwZFOgBHVv/b07l4fR+sWJMnIA2yIjSBQ0DEAOSusXo FQ/WRbBRH7DrQmxGiXsq4VELEr9Nnc/Kywq+9pYi8L+mKeRL+lcMMbXC/3k6OfMB tVTiwcmS1Mkr3iG03i8u6H7RSvRwyBz9G9sE+tmJZTPH6lYtAgMBAAGjUDBOMB0G A1UdDgQWBBQprUUFXW+gIkpzXdrYlsWjfSahWjAfBgNVHSMEGDAWgBQprUUFXW+g IkpzXdrYlsWjfSahWjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA2 603KozsQoIKeLvqDJlcAXwWRfNW8SvlaSJAulhHgneMt9bQgIL+3PJWA/iMniOhU o/kVwkiUIcxw4t7RwP0hVms0OZw59MuqKd3oCSWkYO4vEHs3t40JDWnGDnmQ4sol RkOWJwL4w8tnPe3qY9JSupjlsu6Y1hlvKtEfN2vEKFnsuMhidkUpUAJWodHhWBQH wgIDo4/6yTnWZNGK8JDal86Dm5IchXea1EoYBJsHxiJb7HeWQlkre+MCYi1RHOin 4mIXTr0oT4/jWlgklSz6/ZhGRq+7W7tIl7cvzCe+4XsVZIenAcYoNd/WLfo91PD4 yAsRXrOjW1so1Bj0BkDz -----END CERTIFICATE-----", - "key" : "-----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcoLFK62//r0RH FyweYBj97S4NsJ8Qj0RG+Y02OgwhQmRiNNjubJwP8Nqqyd86zr+fsSQxKBaBCosn 1PcN2Pj2vPJD6NEk4I6VdOWr/kFYMlOcimhSfW4wt6VakniOKIYGrCxxvQe1X2Oy BxT+ocTLRgEIB8ZbvJyPNsegfeLEUuPYRpQ5kXLgJH2/3NwZFOgBHVv/b07l4fR+ sWJMnIA2yIjSBQ0DEAOSusXoFQ/WRbBRH7DrQmxGiXsq4VELEr9Nnc/Kywq+9pYi 8L+mKeRL+lcMMbXC/3k6OfMBtVTiwcmS1Mkr3iG03i8u6H7RSvRwyBz9G9sE+tmJ ZTPH6lYtAgMBAAECggEBAL+xZxm/QoqXT+2stoqV2GEYaMFASpRqxlocjZMmEE/9 jZa+cBWIjHhVPsjRqYFBDcHEebu0JwlrjcjIAvgnIvnO5XgXm1A9Q+WbscokmcX1 xCvpHgc+MDVn+uWdCd4KW5kEk4EnSsFN5iNSf+1VxNURN+gwSSp/0E+muwA5IISO G6HQ+p6qs52JAitX5t/7ruKoHYXJxBnf7TUs7768qrh++KPKpPlq044qoYlcGO1n 4urPBHuNLy04GgGw+vkaqjqOvZrNLVOMMaFWBxsDWBehgSSBQTj+f3NCxneGYtt8 3SCTZQI5nIkb+r/M455EwKTSXuEsNHoIwx7L6GEPbQECgYEA8IxgK2fYykloICoh TFJaRAvyjyKa2+Aza4qT9SGY9Y30VPClPjBB1vUu5M9KrFufzlv06nGEcHmpEwOe 8vbRu7nLAQTGYFi8VK63q8w6FlFdAyCG6Sx+BWCfWxJzXsZLAJTfklwi8HsOSlqh 6QNv0xbE2fLjXKf8MHvtrufip40CgYEA6sy87eDrkVgtq4ythAik3i1C5Z3v0fvx mTblG52Z21OyocNq3Tf/b1ZwoIc1ik6cyBzY6z1bIrbSzArCqm0sb2iD+kJL81O0 /qqdXjBxZUkKiVAMNNp7xJGZHHFKWUxT2+UX/tlyx4tT4dzrFIkdDXkcMmqfsRxd 1NEVaAaT8SECgYAoU7BPtpIun43YTpfUfr3pSIN6oZeKoxSbw9i4MNC+4fSDRPC+ 80ImcmZRL7taF+Y7p0jxAOTuIkdJC8NbAiv5J9WzrwQ+5MF2BPB/2bYnRa6tNofH kZDy/9bXYsl6qw2p5Ety8wVcgZTMvFMGiG/32IpZ65FYWEU8L5qSRwfFhQKBgQC9 ihjZTj/bTHtRiHZppzCvyYm/Igd+Uwtsy0uXR1n0G1SQENgrTBD/J6AzdfJae6tE P0U8YIM5Oqxf2i/as9ay+IPRecMl4eSxz7jJWAGx6Yx/3AZ+hAB1ZbNbqniCLYNk d0MvjwmA25ATO+ro4OZ7AdEpQbk3l9aG/WFyYBz9AQKBgQCucFPA1l5eslL8196V WMr2Qo0tqzl7CGSoWQk2Sa2HZtZdfofXAaaqo+zvJ6RPHtJh0jgJtx536DVV3egI 37YrdQyJbCPZXQ3SPgqWCorUnXBwq/nxS06uwu6JBxUFc57ijmMU4fWYNrvkkmWb 7keAg/r5Uy1joMAvBN1I6lB8pg== -----END PRIVATE KEY-----" + "content" : "-----BEGIN CERTIFICATE-----\nMIICUjCCAbugAwIBAgIJANxRp4YpWj66MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg Q29tcGFueSBMdGQwHhcNMjMwMzA2MTMwNDI2WhcNMjQwMzA1MTMwNDI2WjBCMQsw CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4KoXA HK8ZcmOMl+FDDnzBKhD/RcSdjqtie47YZYX9T9XNtfuvmJf78JQC3X18xAJdutyP tvX6RwqITLItD6DsI/x6vkMJDLGOfuMpxjHwm6VOILIVIMUVWsZqTk4NdaFRpBCN VpzQdy/j3WUg0l86dYna0GdkOHuk6l1pgk52RwIDAQABo1AwTjAdBgNVHQ4EFgQU 9/usGS95WL1qUuq5F8XiDXA8Fq4wHwYDVR0jBBgwFoAU9/usGS95WL1qUuq5F8Xi DXA8Fq4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQCXIvTibia/fGlf IaraBMH313Z+xBlkBX5X8y2wYRa+RRVR4OB8zTY2Rm0OXOHMgPPEs5xpYXPBK/CH i+kodHIq+0AxYzMlDs3j+V7FzUrZQbItPYXtgQStZjdOvtM129ecuKWRRtmNNSBZ sj9VBsvsMrI1S2bZo5wJMPuR/TGGOQ==\n-----END CERTIFICATE-----", + "key" : "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALgqhcAcrxlyY4yX 4UMOfMEqEP9FxJ2Oq2J7jthlhf1P1c21+6+Yl/vwlALdfXzEAl263I+29fpHCohM si0PoOwj/Hq+QwkMsY5+4ynGMfCbpU4gshUgxRVaxmpOTg11oVGkEI1WnNB3L+Pd ZSDSXzp1idrQZ2Q4e6TqXWmCTnZHAgMBAAECgYEAh/YknirO/ktbwQzTqczFP1oO CFd6ixMr5d3wHEP/Qn6xCliCwiU2dzIqI19faD/Qu1/bu2HIgQf3d56fn/K8yrgq tmd7BZvXcZuK/LXOLfpAXAdMl5bgOW+ejJvf9LsA6xYWsxmki6+VYbJ+XVr4w2yH nBiimwp7v4eoBlMqVQECQQDeJw6o15p30MEzj5t3oVLL86rY20HZfqnpS6S10CHx l0W/0ah7S4QnvXi6NhvS0o3mj+VNzeYvoHII9DP28IyBAkEA1DnSyH7D5W4GUmsr NfDOBYuKUaahDtdN/Qx2JF1jEvLluLC7Nr1ETzrKodN/+lOYwfIOWx5tkXPpLFMu rko+xwJAWV7DEf+yn7L2loSWWbknsu7y80y5oALJ3hXVTGNP1H4zzChPLFLD9qzN rbPo25ZjCbcn23YSvWRBnAKKCTTagQJBAKWvgxVOimfrLvpXesPA/Ucs+s7mNSVe CCAAA5g+ZGPdyGUZbP++Yb8tWhdfBLINY9w+uuB+b/I3uRoG0xH1Gu8CQQCpEIYC DUNO98ylm4QOAkyC0nv6x33gQqcu6ExtK7ptbdFZT1QdOAwm5SBaE50rWjyTO4gL Cpsd6f0baeGAxNAw\n-----END PRIVATE KEY-----" } Example Responses diff --git a/api-ref/source/apis/certificate_management/querying_the_certificate_list.rst b/api-ref/source/apis/certificate_management/querying_the_certificate_list.rst index 3232e77..aba069d 100644 --- a/api-ref/source/apis/certificate_management/querying_the_certificate_list.rst +++ b/api-ref/source/apis/certificate_management/querying_the_certificate_list.rst @@ -89,27 +89,31 @@ Response Parameters .. table:: **Table 5** ListCertificateBody - +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ - | Parameter | Type | Description | - +=======================+========================================================================+==================================================+ - | id | String | Certificate ID | - +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ - | name | String | Certificate name | - +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ - | expire_time | Long | Timestamp when the certificate expire | - +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ - | exp_status | Integer | Certificate expiration status. The value can be: | - | | | | - | | | - 0: The certificate is valid. | - | | | | - | | | - 1: The certificate has expired. | - | | | | - | | | - 2: The certificate is about to expire. | - +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ - | timestamp | Long | Timestamp when the certificate is uploaded | - +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ - | bind_host | Array of :ref:`BindHost ` objects | Domain name associated with the certificate | - +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+========================================================================+==========================================================================================================================================================+ + | id | String | Certificate ID | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Certificate name | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificateid | String | Certificate ID, which is a redundant parameter. Please ignore it. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificatename | String | Certificate name, which is a redundant parameter. Please ignore it. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | expire_time | Long | Timestamp when the certificate expire. This parameter is returned in the response body only when the value of host in the URL request is true. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | exp_status | Integer | Certificate expiration status. This parameter is returned in the response body only when the value of host in the URL request is true. The value can be: | + | | | | + | | | - 0: The certificate is valid. | + | | | | + | | | - 1: The certificate has expired. | + | | | | + | | | - 2: The certificate is about to expire. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp when the certificate is uploaded | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Domain name associated with the certificate. This parameter is returned in the response body only when the value of host in the URL request is true. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _listcertificates__response_bindhost: @@ -163,7 +167,7 @@ Example Requests .. code-block:: text - GET https://{Endpoint}/v1/{project_id}/waf/certificate? + GET https://{Endpoint}/v1/{project_id}/waf/certificate?page=1&pagesize=10&host=true&enterprise_project_id=0 Example Responses ----------------- diff --git a/api-ref/source/apis/dashboard/querying_bandwidth_usage_statistics.rst b/api-ref/source/apis/dashboard/querying_bandwidth_usage_statistics.rst index a66741e..34642ad 100644 --- a/api-ref/source/apis/dashboard/querying_bandwidth_usage_statistics.rst +++ b/api-ref/source/apis/dashboard/querying_bandwidth_usage_statistics.rst @@ -25,19 +25,27 @@ GET /v1/{project_id}/waf/overviews/bandwidth/timeline .. table:: **Table 2** Query Parameters - +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +===========+===========+========+===============================================================================================+ - | from | Yes | Long | Start time (13-digit timestamp in millisecond). This parameter must be used together with to. | - +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ - | to | Yes | Long | End time (13-digit timestamp in millisecond). This parameter must be used together with from. | - +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ - | hosts | No | String | List of domain names to query, which can be obtained by calling the ListHost API | - +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ - | instances | No | String | List of instance to query (only for the instantiation mode). | - +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ - | group_by | No | String | Display dimension. For example, the value is DAY if data is displayed by the day. | - +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+======================================================================================================================================================+ + | from | Yes | Long | Start time (13-digit timestamp in millisecond). This parameter must be used together with to. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ + | to | Yes | Long | End time (13-digit timestamp in millisecond). This parameter must be used together with from. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | No | String | List of domain names to query, which can be obtained by calling the ListHost API | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instances | No | String | This parameter is used to query the bandwidth of the protected domain name protected by a specific dedicated WAF engine instance. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ + | group_by | No | String | Data aggregation interval. If this parameter is not specified, data is displayed by a time range calculated based on parameters **from** and **to**. | + | | | | | + | | | | - If the time range between **from** and **to** is fewer than or equal to 1 day, the interval is one minute. | + | | | | | + | | | | - If the time range between **from** and **to** is greater than 1 day but fewer than or equal to 3 days, the interval is 5 minutes. | + | | | | | + | | | | - If the time range between **from** and **to** is greater than 3 days but fewer than or equal 7 days, the interval is 10 minutes. | + | | | | | + | | | | - If the time range between **from** and **to** is greater than 7 days but fewer than or equal to 30 days, the interval is 1 hour. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ Request Parameters ------------------ diff --git a/api-ref/source/apis/dedicated_instance_management/creating_a_dedicated_waf_engine.rst b/api-ref/source/apis/dedicated_instance_management/creating_a_dedicated_waf_engine.rst index c658482..3081baf 100644 --- a/api-ref/source/apis/dedicated_instance_management/creating_a_dedicated_waf_engine.rst +++ b/api-ref/source/apis/dedicated_instance_management/creating_a_dedicated_waf_engine.rst @@ -31,7 +31,7 @@ Request Parameters +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ | Parameter | Mandatory | Type | Description | +=================+=================+=================+==========================================================================================================+ - | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ | Content-Type | Yes | String | Content type. | | | | | | @@ -40,31 +40,47 @@ Request Parameters .. table:: **Table 3** Request body parameters - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +================+===========+==================+=========================================================================================================================================================================================================================================================================================================+ - | chargemode | No | Integer | Billing mode. Currently, only pay-per-use billing (30) is supported. Make sure your account balance is enough, or the dedicated WAF engine will forward requests directly to the origin server without inspection. | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | region | Yes | String | Region where a dedicated engine is to be created. Its value is EU-DE. | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | available_zone | Yes | String | AZ where the dedicated engine is to be created. | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | arch | Yes | String | Dedicated engine CPU architecture. Its value can be x86 . | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instancename | Yes | String | Prefix of the dedicated WAF engine name, which is user-defined. | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | specification | Yes | String | Specifications of the dedicated engine version. The value can be waf.instance.enterprise or waf.instance.professional. An enterprise edition dedicated engine has more functions than a professional edition one. For more details, see the Web Application Firewall (WAF) User Guide. | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cpu_flavor | Yes | String | ID of the specifications of the ECS hosting the dedicated engine. It can be obtained by calling the ECS ListFlavors API. For the enterprise edition, ECS specifications with 8 vCPUs and 16 GB memory are used. For the professional edition, ECS specifications with 2 vCPUs and 4 GB memory are used. | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | vpc_id | Yes | String | ID of the VPC where the dedicated engine is located. It can be obtained by calling the ListVpcs API. | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | subnet_id | Yes | String | ID of the VPC subnet where the dedicated engine is located. It can be obtained by calling the **ListSubnets API**. **subnet_id** has the same value as **network_id** obtained by calling the OpenStack APIs | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | security_group | Yes | Array of strings | ID of the security group where the dedicated engine is located. It can be obtained by calling the ListSecurityGroups API. | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | count | Yes | Integer | Number of dedicated engines to be provisioned | - +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+==============================================================================================================================================================================================================+ + | region | Yes | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | available_zone | Yes | String | AZ where the dedicated engine is to be created. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | Yes | String | Dedicated engine CPU architecture. Its value has to be x86. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | Yes | String | Prefix of the dedicated WAF engine name, which is user-defined. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | Yes | String | Specifications of the dedicated engine version. The value can be **waf.instance.enterprise** or **waf.instance.professional**. | + | | | | | + | | | | - **waf.instance.professional**: WI-100. Performance: 100 Mbit/s of throughput and 2,000 QPS. | + | | | | | + | | | | - **waf.instance.enterprise**: WI-100. Performance: 500 Mbit/s of throughput and 10,000 QPS. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **waf.instance.professional** | + | | | | | + | | | | - **waf.instance.enterprise** | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | Yes | String | ID of the specifications of the ECS hosting the dedicated engine. You can go to the management console and confirm supported specifications. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | Yes | String | ID of the VPC where the dedicated engine is located. It can be obtained by calling the ListVpcs API. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | Yes | String | ID of the VPC subnet where the dedicated engine is located. It can be obtained by calling the **ListSubnets API**. **subnet_id** has the same value as **network_id** obtained by calling the OpenStack APIs | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group | Yes | Array of strings | ID of the security group where the dedicated engine is located. It can be obtained by calling the ListSecurityGroups API. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | count | Yes | Integer | Number of dedicated engines to be provisioned | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | res_tenant | Yes | Boolean | Whether to create a dedicated engine instance of the network interface type. Its value has to be true. | + | | | | | + | | | | - **Network Interface**: Your WAF instance will be connected to your network via a VPC. (If ELB is used, only dedicated load balancers can be used.) | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **true** | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Response Parameters ------------------- @@ -131,7 +147,6 @@ Example Requests POST https://{endpoint}/v1/{project_id}/premium-waf/instance { - "chargemode" : 30, "region" : "region-01-4", "available_zone" : "region-01-4a", "arch" : "x86", @@ -141,7 +156,8 @@ Example Requests "vpc_id" : "d7b6a5ff-6c53-4cd4-9d57-f20ee8753056", "subnet_id" : "e59ccd18-7e15-4588-b689-04b856f4e78b", "security_group" : [ "09b156a2-f0f0-41fd-9891-60e594601cfd" ], - "count" : 1 + "count" : 1, + "res_tenant" : true } Example Responses diff --git a/api-ref/source/apis/dedicated_instance_management/deleting_a_dedicated_waf_engine.rst b/api-ref/source/apis/dedicated_instance_management/deleting_a_dedicated_waf_engine.rst index 9a9421b..e9b8e38 100644 --- a/api-ref/source/apis/dedicated_instance_management/deleting_a_dedicated_waf_engine.rst +++ b/api-ref/source/apis/dedicated_instance_management/deleting_a_dedicated_waf_engine.rst @@ -33,9 +33,9 @@ Request Parameters +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ | Parameter | Mandatory | Type | Description | +=================+=================+=================+==========================================================================================================+ - | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ - | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | | | | | | | | | | Default: **application/json;charset=utf8** | +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ @@ -47,81 +47,77 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+====================================================================================+==================================================================================================================================================================================================+ - | id | String | ID of the dedicated WAF engine | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instance_name | String | Name of the dedicated WAF engine. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | zone | String | AZ ID. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | arch | String | CPU architecture | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cpu_flavor | String | ECS specification ID | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | vpc_id | String | ID of the VPC where the dedicated engine is located | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ip | String | Service plane IP address of the dedicated engine | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | - | | | | - | | | - 0: The billing is normal. | - | | | | - | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | - | | | | - | | | - 2: The billing is terminated. Resources and data will be cleared. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | - | | | | - | | | - 0: the dedicated engine is not connected. | - | | | | - | | | - 1: the dedicated engine is connected. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | server_id | String | ID of the ECS hosting the dedicated engine. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _deleteinstance__response_idhostnameentry: - -.. table:: **Table 4** IdHostnameEntry - - +-----------+--------+---------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +===========+========+=============================================================================================+ - | id | String | ID of the protected domain name. This is a unique ID automatically generated by the system. | - +-----------+--------+---------------------------------------------------------------------------------------------+ - | hostname | String | Protected domain name | - +-----------+--------+---------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instance_name | String | Name of the dedicated WAF engine. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | Running status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. | + | | | | + | | | - 0: the dedicated engine is non-upgradable | + | | | | + | | | - 1: the dedicated engine is upgradable | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. 8vCPUs \| 16GB maps to waf.instance.enterprise, and 2vCPUs \| 4GB to waf.instance. professional. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | create_time | Long | Timestamp when the dedicated WAF engine was created. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | data_volume_size | Integer | Size of the data disk, in GB. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | res_tenant_type | Integer | Type of the dedicated WAF instance. Its value is always **1**, which means the type of the dedicated WAF instance is **Network Interface**. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** -.. table:: **Table 5** Response body parameters +.. table:: **Table 4** Response body parameters ========== ====== ============= Parameter Type Description @@ -132,7 +128,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 6** Response body parameters +.. table:: **Table 5** Response body parameters ========== ====== ============= Parameter Type Description @@ -143,7 +139,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 7** Response body parameters +.. table:: **Table 6** Response body parameters ========== ====== ============= Parameter Type Description @@ -188,10 +184,6 @@ Request succeeded. "cpu_flavor" : "Si2.2xlarge.2", "run_status" : 2, "access_status" : 1, - "hosts" : [ { - "id" : "c3be17bbe3a641c7a1ded6019c377402", - "hostname" : "demo.www.com" - } ], "instancename" : "0412elb", "instance_name" : "0412elb" } diff --git a/api-ref/source/apis/dedicated_instance_management/operations_on_a_dedicated_waf_instance.rst b/api-ref/source/apis/dedicated_instance_management/operations_on_a_dedicated_waf_instance.rst index badb58d..96d2382 100644 --- a/api-ref/source/apis/dedicated_instance_management/operations_on_a_dedicated_waf_instance.rst +++ b/api-ref/source/apis/dedicated_instance_management/operations_on_a_dedicated_waf_instance.rst @@ -36,7 +36,7 @@ Request Parameters | | | | | | | | | Default: **application/json;charset=utf8** | +-----------------+-----------------+-----------------+------------------------------------------------------------+ - | X-Auth-Token | No | String | User token. | + | X-Auth-Token | Yes | String | User token. | +-----------------+-----------------+-----------------+------------------------------------------------------------+ .. table:: **Table 3** Request body parameters @@ -56,81 +56,77 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=====================================================================================+==================================================================================================================================================================================================+ - | id | String | ID of the dedicated WAF engine | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instance_name | String | Name of the dedicated WAF engine. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | zone | String | AZ ID. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | arch | String | CPU architecture | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cpu_flavor | String | ECS specification ID | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | vpc_id | String | ID of the VPC where the dedicated engine is located | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ip | String | Service plane IP address of the dedicated engine | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | - | | | | - | | | - 0: The billing is normal. | - | | | | - | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | - | | | | - | | | - 2: The billing is terminated. Resources and data will be cleared. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | - | | | | - | | | - 0: the dedicated engine is not connected. | - | | | | - | | | - 1: the dedicated engine is connected. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | server_id | String | ID of the ECS hosting the dedicated engine. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | - +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _upgradeinstance__response_idhostnameentry: - -.. table:: **Table 5** IdHostnameEntry - - +-----------+--------+---------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +===========+========+=============================================================================================+ - | id | String | ID of the protected domain name. This is a unique ID automatically generated by the system. | - +-----------+--------+---------------------------------------------------------------------------------------------+ - | hostname | String | Protected domain name | - +-----------+--------+---------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instance_name | String | Name of the dedicated WAF engine. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | Running status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. | + | | | | + | | | - 0: the dedicated engine is non-upgradable | + | | | | + | | | - 1: the dedicated engine is upgradable | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. 8vCPUs \| 16GB maps to waf.instance.enterprise, and 2vCPUs \| 4GB to waf.instance. professional. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | create_time | Long | Timestamp when the dedicated WAF engine was created. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | data_volume_size | Integer | Size of the data disk, in GB. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | res_tenant_type | Integer | Type of the dedicated WAF instance. If the type is **Network Interface**, this field is returned and its value is **1**. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** -.. table:: **Table 6** Response body parameters +.. table:: **Table 5** Response body parameters ========== ====== ============= Parameter Type Description @@ -141,7 +137,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 7** Response body parameters +.. table:: **Table 6** Response body parameters ========== ====== ============= Parameter Type Description @@ -152,7 +148,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 8** Response body parameters +.. table:: **Table 7** Response body parameters ========== ====== ============= Parameter Type Description @@ -201,10 +197,6 @@ Request succeeded. "cpu_flavor" : "Si2.2xlarge.2", "run_status" : 2, "access_status" : 1, - "hosts" : [ { - "id" : "c3be17bbe3a641c7a1ded6019c377402", - "hostname" : "demo.www.com" - } ], "instancename" : "0412elb", "instance_name" : "0412elb", "create_time" : 1649923548548 diff --git a/api-ref/source/apis/dedicated_instance_management/querying_details_about_a_dedicated_waf_engine.rst b/api-ref/source/apis/dedicated_instance_management/querying_details_about_a_dedicated_waf_engine.rst index 5bb97d3..8c3c465 100644 --- a/api-ref/source/apis/dedicated_instance_management/querying_details_about_a_dedicated_waf_engine.rst +++ b/api-ref/source/apis/dedicated_instance_management/querying_details_about_a_dedicated_waf_engine.rst @@ -33,7 +33,7 @@ Request Parameters +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ | Parameter | Mandatory | Type | Description | +=================+=================+=================+==========================================================================================================+ - | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | | | | | | @@ -47,83 +47,77 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+==================================================================================+==================================================================================================================================================================================================+ - | id | String | ID of the dedicated WAF engine | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instance_name | String | Name of the dedicated WAF engine. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | zone | String | AZ ID. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | arch | String | CPU architecture | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cpu_flavor | String | ECS specification ID | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | vpc_id | String | ID of the VPC where the dedicated engine is located | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ip | String | Service plane IP address of the dedicated engine | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | - | | | | - | | | - 0: The billing is normal. | - | | | | - | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | - | | | | - | | | - 2: The billing is terminated. Resources and data will be cleared. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | - | | | | - | | | - 0: the dedicated engine is not connected. | - | | | | - | | | - 1: the dedicated engine is connected. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | server_id | String | ID of the ECS hosting the dedicated engine. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | create_time | Long | Timestamp when the dedicated WAF engine was created. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _showinstance__response_idhostnameentry: - -.. table:: **Table 4** IdHostnameEntry - - +-----------+--------+---------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +===========+========+=============================================================================================+ - | id | String | ID of the protected domain name. This is a unique ID automatically generated by the system. | - +-----------+--------+---------------------------------------------------------------------------------------------+ - | hostname | String | Protected domain name | - +-----------+--------+---------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instance_name | String | Name of the dedicated WAF engine. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | Running status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. | + | | | | + | | | - 0: the dedicated engine is non-upgradable | + | | | | + | | | - 1: the dedicated engine is upgradable | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. 8vCPUs \| 16GB maps to waf.instance.enterprise, and 2vCPUs \| 4GB to waf.instance. professional. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | create_time | Long | Timestamp when the dedicated WAF engine was created. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | data_volume_size | Integer | Size of the data disk, in GB. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | res_tenant_type | Integer | Type of the dedicated WAF instance. Its value is always **1**, which means the type of the dedicated WAF instance is **Network Interface**. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** -.. table:: **Table 5** Response body parameters +.. table:: **Table 4** Response body parameters ========== ====== ============= Parameter Type Description @@ -134,7 +128,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 6** Response body parameters +.. table:: **Table 5** Response body parameters ========== ====== ============= Parameter Type Description @@ -145,7 +139,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 7** Response body parameters +.. table:: **Table 6** Response body parameters ========== ====== ============= Parameter Type Description @@ -190,10 +184,6 @@ Request succeeded. "cpu_flavor" : "Si2.2xlarge.2", "run_status" : 2, "access_status" : 1, - "hosts" : [ { - "id" : "c3be17bbe3a641c7a1ded6019c377402", - "hostname" : "demo.www.com" - } ], "instancename" : "0412elb", "instance_name" : "0412elb", "create_time" : 1649217360674 diff --git a/api-ref/source/apis/dedicated_instance_management/querying_the_list_of_dedicated_waf_engines.rst b/api-ref/source/apis/dedicated_instance_management/querying_the_list_of_dedicated_waf_engines.rst index 3ee4c7b..fb311d5 100644 --- a/api-ref/source/apis/dedicated_instance_management/querying_the_list_of_dedicated_waf_engines.rst +++ b/api-ref/source/apis/dedicated_instance_management/querying_the_list_of_dedicated_waf_engines.rst @@ -43,7 +43,7 @@ Request Parameters +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ | Parameter | Mandatory | Type | Description | +=================+=================+=================+==========================================================================================================+ - | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ | Content-Type | No | String | Content-Type | | | | | | @@ -57,81 +57,91 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+----------------------------------------------------------------------------+--------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+============================================================================+================================================================================+ - | total | Integer | Total number of dedicated engines | - +-----------------------+----------------------------------------------------------------------------+--------------------------------------------------------------------------------+ - | purchased | Boolean | Whether any dedicated engine has been created. The value can be false or true. | - | | | | - | | | - false: No dedicated WAF engine has been created. | - | | | | - | | | - true: At least one dedicated WAF engine has been created. | - +-----------------------+----------------------------------------------------------------------------+--------------------------------------------------------------------------------+ - | items | Array of :ref:`ListInstance ` objects | Details about the dedicated engine | - +-----------------------+----------------------------------------------------------------------------+--------------------------------------------------------------------------------+ + +-----------------------+----------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+============================================================================+=========================================================================================================================================+ + | total | Integer | Total number of dedicated engines | + +-----------------------+----------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | purchased | Boolean | Whether any dedicated engine has been created. This parameter is reserved and can be ignored currently. The value can be false or true. | + | | | | + | | | - false: No dedicated WAF engine has been created. | + | | | | + | | | - true: At least one dedicated WAF engine has been created. | + +-----------------------+----------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | items | Array of :ref:`ListInstance ` objects | Details about the dedicated engine | + +-----------------------+----------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ .. _listinstance__response_listinstance: .. table:: **Table 5** ListInstance - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+==================================================================================+==================================================================================================================================================================================================+ - | id | String | ID of the dedicated WAF engine | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | zone | String | AZ ID. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | arch | String | CPU architecture | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cpu_flavor | String | ECS specification ID | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | vpc_id | String | ID of the VPC where the dedicated engine is located | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ip | String | Service plane IP address of the dedicated engine | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | - | | | | - | | | - 0: The billing is normal. | - | | | | - | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | - | | | | - | | | - 2: The billing is terminated. Resources and data will be cleared. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | - | | | | - | | | - 0: the dedicated engine is not connected. | - | | | | - | | | - 1: the dedicated engine is connected. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | server_id | String | ID of the ECS hosting the dedicated engine. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | - +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==================================================================================+===================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | Running status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. | + | | | | + | | | - 0: the dedicated engine is non-upgradable | + | | | | + | | | - 1: the dedicated engine is upgradable | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. 8vCPUs \| 16GB maps to waf.instance.enterprise, and 2vCPUs \| 4GB to waf.instance. professional. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | create_time | Long | Timestamp when the dedicated WAF engine was created. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | data_volume_size | Integer | Size of the data disk, in GB. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | res_tenant_type | Integer | Type of the dedicated WAF instance. Its value is always **1**, which means the type of the dedicated WAF instance is **Network Interface**. | + +-----------------------+----------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _listinstance__response_idhostnameentry: @@ -222,7 +232,8 @@ Lists of dedicated WAF engines "hostname" : "demo.www.com" } ], "instancename" : "0412elb", - "instance_name" : "0412elb" + "instance_name" : "0412elb", + "create_time" : 1649217360674 } ] } diff --git a/api-ref/source/apis/dedicated_instance_management/renaming_a_dedicated_waf_engine.rst b/api-ref/source/apis/dedicated_instance_management/renaming_a_dedicated_waf_engine.rst index c273a71..185d059 100644 --- a/api-ref/source/apis/dedicated_instance_management/renaming_a_dedicated_waf_engine.rst +++ b/api-ref/source/apis/dedicated_instance_management/renaming_a_dedicated_waf_engine.rst @@ -33,7 +33,7 @@ Request Parameters +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ | Parameter | Mandatory | Type | Description | +=================+=================+=================+==========================================================================================================+ - | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | | | | | | @@ -55,81 +55,77 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+====================================================================================+==================================================================================================================================================================================================+ - | id | String | ID of the dedicated WAF engine | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instance_name | String | Name of the dedicated WAF engine. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | zone | String | AZ ID. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | arch | String | CPU architecture | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cpu_flavor | String | ECS specification ID | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | vpc_id | String | ID of the VPC where the dedicated engine is located | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ip | String | Service plane IP address of the dedicated engine | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | - | | | | - | | | - 0: The billing is normal. | - | | | | - | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | - | | | | - | | | - 2: The billing is terminated. Resources and data will be cleared. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | - | | | | - | | | - 0: the dedicated engine is not connected. | - | | | | - | | | - 1: the dedicated engine is connected. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | server_id | String | ID of the ECS hosting the dedicated engine. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | - +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _renameinstance__response_idhostnameentry: - -.. table:: **Table 5** IdHostnameEntry - - +-----------+--------+---------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +===========+========+=============================================================================================+ - | id | String | ID of the protected domain name. This is a unique ID automatically generated by the system. | - +-----------+--------+---------------------------------------------------------------------------------------------+ - | hostname | String | Protected domain name | - +-----------+--------+---------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instance_name | String | Name of the dedicated WAF engine. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | Running status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. | + | | | | + | | | - 0: the dedicated engine is non-upgradable | + | | | | + | | | - 1: the dedicated engine is upgradable | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. 8vCPUs \| 16GB maps to waf.instance.enterprise, and 2vCPUs \| 4GB to waf.instance. professional. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | create_time | Long | Timestamp when the dedicated WAF engine was created. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | data_volume_size | Integer | Size of the data disk, in GB. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | res_tenant_type | Integer | Type of the dedicated WAF instance. Its value is always **1**, which means the type of the dedicated WAF instance is **Network Interface**. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** -.. table:: **Table 6** Response body parameters +.. table:: **Table 5** Response body parameters ========== ====== ============= Parameter Type Description @@ -140,7 +136,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 7** Response body parameters +.. table:: **Table 6** Response body parameters ========== ====== ============= Parameter Type Description @@ -151,7 +147,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 8** Response body parameters +.. table:: **Table 7** Response body parameters ========== ====== ============= Parameter Type Description @@ -200,10 +196,6 @@ Request succeeded. "cpu_flavor" : "Si2.2xlarge.2", "run_status" : 2, "access_status" : 1, - "hosts" : [ { - "id" : "c3be17bbe3a641c7a1ded6019c377402", - "hostname" : "demo.www.com" - } ], "instancename" : "0412elb", "instance_name" : "0412elb" } diff --git a/api-ref/source/apis/event_management/querying_attack_event_details.rst b/api-ref/source/apis/event_management/querying_attack_event_details.rst index 522875d..a6dff5b 100644 --- a/api-ref/source/apis/event_management/querying_attack_event_details.rst +++ b/api-ref/source/apis/event_management/querying_attack_event_details.rst @@ -58,81 +58,83 @@ Response Parameters .. table:: **Table 4** ShowEventItems - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=====================================================+============================================================================+ - | id | String | Event ID | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | time | Integer | Occurrences | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | sip | String | Source IP address | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | host | String | Domain name | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | url | String | Attacked URL | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | attack | String | Attack type. The value of attack type can be: | - | | | | - | | | - xss or sqli: XSS attacks | - | | | | - | | | - cmdi: Command injection | - | | | | - | | | - robot: Malicious crawlers | - | | | | - | | | - lfi: Local file inclusion | - | | | | - | | | - rfi: Remote file inclusion | - | | | | - | | | - webshell: Website Trojans | - | | | | - | | | - cc: CC attacks | - | | | | - | | | - custom_custom: Precise protection | - | | | | - | | | - custom_whiteblackip: IP address blacklist and whitelist | - | | | | - | | | - custom_geoip: Geolocation access control | - | | | | - | | | - antitamper: Web tamper protection | - | | | | - | | | - anticrawler: Anti-crawler protection | - | | | | - | | | - leakage: Data leakage prevention | - | | | | - | | | - illegal: Illegal requests | - | | | | - | | | - vuln: Other attack types | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | rule | String | ID of the matched rule. Note that there is no ID for a precise protection. | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | payload | String | Hit payload | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | payload_location | String | Malicious load location | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | action | String | Protective action | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | request_line | String | Request method and path | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | headers | :ref:`Headers ` object | Request header | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | cookie | String | Request cookie | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | status | String | Response code status | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | process_time | Integer | The time of the WAF service processing the request. | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | region | String | Geographical location of the source IP address. | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | host_id | String | Domain name ID | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | response_time | Long | Time to response | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | response_size | Integer | Response body size | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | response_body | String | Response body content. | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=====================================================+=========================================================================================+ + | id | String | Event ID | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | time | Integer | Occurrences | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | sip | String | Source IP address | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | host | String | Domain name | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | url | String | Attacked URL | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | attack | String | Attack type. The value of attack type can be: | + | | | | + | | | - xss or sqli: XSS attacks | + | | | | + | | | - cmdi: Command injection | + | | | | + | | | - robot: Malicious crawlers | + | | | | + | | | - lfi: Local file inclusion | + | | | | + | | | - rfi: Remote file inclusion | + | | | | + | | | - webshell: Website Trojans | + | | | | + | | | - cc: CC attacks | + | | | | + | | | - custom_custom: attack protected by the precise protection rules | + | | | | + | | | - custom_whiteblackip: attack protected by the blacklist and whitelist protection rule | + | | | | + | | | - custom_geoip: attack protected by the geolocation access control protection rule | + | | | | + | | | - antitamper: attack protected by the web tamper protection rules | + | | | | + | | | - anticrawler: attack protected by the anti-crawler protection rules | + | | | | + | | | - leakage: attack protected by the information leakage protection rule | + | | | | + | | | - illegal: Illegal requests | + | | | | + | | | - vuln: Other attack types | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | rule | String | ID of the matched rule. Note that there is no ID for a precise protection. | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | payload | String | Hit payload | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | payload_location | String | Malicious load location | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | action | String | Protective action | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | request_line | String | Request method and path | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | headers | :ref:`Headers ` object | Request header | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | cookie | String | Request cookie | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | status | String | Response code status | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | process_time | Integer | The time of the WAF service processing the request. | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | region | String | Geographical location of the source IP address. | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | host_id | String | Domain name ID | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | response_time | Long | Time to response | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | response_size | Integer | Response body size | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | response_body | String | Response body content. | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | request_body | String | Request body | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ .. _showevent__response_headers: diff --git a/api-ref/source/apis/event_management/querying_the_list_of_attack_events.rst b/api-ref/source/apis/event_management/querying_the_list_of_attack_events.rst index 338d565..979aea0 100644 --- a/api-ref/source/apis/event_management/querying_the_list_of_attack_events.rst +++ b/api-ref/source/apis/event_management/querying_the_list_of_attack_events.rst @@ -8,7 +8,7 @@ Querying the List of Attack Events Function -------- -This API is used to query the list of attack events for a specific period. It cannot be used to query all attack events. The pagesize parameter cannot be set to -1. +This API is used to query the list of attack events for a specific period. URI --- @@ -87,81 +87,83 @@ Response Parameters .. table:: **Table 5** ListEventItems - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=====================================================+============================================================================+ - | id | String | Event ID | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | time | Integer | Occurrences | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | sip | String | Source IP address | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | host | String | Domain name | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | url | String | Attacked URL | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | attack | String | Attack type. The value of attack type can be: | - | | | | - | | | - xss or sqli: XSS attacks | - | | | | - | | | - cmdi: Command injection | - | | | | - | | | - robot: Malicious crawlers | - | | | | - | | | - lfi: Local file inclusion | - | | | | - | | | - rfi: Remote file inclusion | - | | | | - | | | - webshell: Website Trojans | - | | | | - | | | - cc: CC attacks | - | | | | - | | | - custom_custom: Precise protection | - | | | | - | | | - custom_whiteblackip: IP address blacklist and whitelist | - | | | | - | | | - custom_geoip: Geolocation access control | - | | | | - | | | - antitamper: Web tamper protection | - | | | | - | | | - anticrawler: Anti-crawler protection | - | | | | - | | | - leakage: Data leakage prevention | - | | | | - | | | - illegal: Illegal requests | - | | | | - | | | - vuln: Other attack types | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | rule | String | ID of the matched rule. Note that there is no ID for a precise protection. | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | payload | String | Hit payload | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | payload_location | String | Malicious load location | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | action | String | Protective action | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | request_line | String | Request method and path | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | headers | :ref:`Headers ` object | Request header | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | cookie | String | Request cookie | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | status | String | Response code status | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | process_time | Integer | The time of the WAF service processing the request. | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | region | String | Geographical location of the source IP address. | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | host_id | String | Domain name ID | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | response_time | Long | Time to response | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | response_size | Integer | Response body size | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ - | response_body | String | Response body content. | - +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=====================================================+=========================================================================================+ + | id | String | Event ID | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | time | Integer | Occurrences | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | sip | String | Source IP address | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | host | String | Domain name | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | url | String | Attacked URL | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | attack | String | Attack type. The value of attack type can be: | + | | | | + | | | - xss or sqli: XSS attacks | + | | | | + | | | - cmdi: Command injection | + | | | | + | | | - robot: Malicious crawlers | + | | | | + | | | - lfi: Local file inclusion | + | | | | + | | | - rfi: Remote file inclusion | + | | | | + | | | - webshell: Website Trojans | + | | | | + | | | - cc: CC attacks | + | | | | + | | | - custom_custom: attack protected by the precise protection rules | + | | | | + | | | - custom_whiteblackip: attack protected by the blacklist and whitelist protection rule | + | | | | + | | | - custom_geoip: attack protected by the geolocation access control protection rule | + | | | | + | | | - antitamper: attack protected by the web tamper protection rules | + | | | | + | | | - anticrawler: attack protected by the anti-crawler protection rules | + | | | | + | | | - leakage: attack protected by the information leakage protection rule | + | | | | + | | | - illegal: Illegal requests | + | | | | + | | | - vuln: Other attack types | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | rule | String | ID of the matched rule. Note that there is no ID for a precise protection. | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | payload | String | Hit payload | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | payload_location | String | Malicious load location | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | action | String | Protective action | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | request_line | String | Request method and path | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | headers | :ref:`Headers ` object | Request header | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | cookie | String | Request cookie | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | status | String | Response code status | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | process_time | Integer | The time of the WAF service processing the request. | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | region | String | Geographical location of the source IP address. | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | host_id | String | Domain name ID | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | response_time | Long | Time to response | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | response_size | Integer | Response body size | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | response_body | String | Response body content. | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ + | request_body | String | Request body | + +-----------------------+-----------------------------------------------------+-----------------------------------------------------------------------------------------+ .. _listevent__response_headers: diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/adding_a_protected_domain_name.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/adding_a_protected_domain_name.rst index d58f171..4850311 100644 --- a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/adding_a_protected_domain_name.rst +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/adding_a_protected_domain_name.rst @@ -8,7 +8,7 @@ Adding a Protected Domain Name Function -------- -Adding a Protected Domain Name +This API is used to add a domain name to WAF. URI --- @@ -43,18 +43,22 @@ Request Parameters +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Parameter | Mandatory | Type | Description | +=================+===========+========================================================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================+ - | certificateid | No | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API.This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS. | + | certificateid | No | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS. | +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | certificatename | No | String | Certificate name. Certifacteid and certificatename are required at the same. If certificateid does not match certificatename, an error is reported.This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS. | + | certificatename | No | String | Certificate name. Certifacteid and certificatename are required at the same. If certificateid does not match certificatename, an error is reported. This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS. | +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | hostname | Yes | String | Protected domain name or IP address (port allowed) | +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | proxy | Yes | Boolean | Whether a proxy is used for the domain name. If your website has no layer-7 proxy server such as CDN and cloud acceleration service deployed in front of WAF and uses only layer-4 load balancers (or NAT), set Proxy Configured to No. Otherwise, Proxy Configured must be set to Yes. This ensures that WAF obtains real IP addresses of website visitors and takes protective actions configured in protection policies. | +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | No | String | ID of the policy initially used to the domain name. It can be obtained by calling the API described in 2.1.1 Querying Protection Policies. | + | policyid | No | String | ID of the policy initially used to the domain name. It can be obtained by calling the API **Querying Protection Policies**. | +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | server | Yes | Array of :ref:`PremiumWafServer ` objects | Server configuration in dedicated mode | +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | web_tag | No | String | website name | + +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | website remarks | + +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createpremiumhost__request_premiumwafserver: @@ -97,6 +101,8 @@ Request Parameters | | | | | | | | | - Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area. | +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | weight | No | Integer | This parameter is reserved and can be ignored currently. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Response Parameters ------------------- @@ -118,7 +124,13 @@ Response Parameters +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ | projectid | String | Project ID | +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | protocol | String | HTTP protocol | + | protocol | String | Client protocol, which is the protocol used by a client (for example, a browser) to access your website. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **HTTPS** | + | | | | + | | | - **HTTP** | +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ | protect_status | Integer | WAF status of the protected domain name. | | | | | @@ -140,11 +152,19 @@ Response Parameters +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ | server | Array of :ref:`PremiumWafServer ` objects | Origin server list | +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configuration. | + | flag | :ref:`Flag ` object | Feature switch for configuring compliance certification checks for domain names protected with the dedicated WAF instance. | +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ | block_page | :ref:`BlockPage ` object | Alarm configuration page | +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | extend | Map | This parameter is redundant in this version. It will be used in the later versions. | + | extend | :ref:`Extend ` object | This parameter includes some extended information about the protected domain name. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | web_tag | String | website name | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | website remarks | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | locked | Integer | This parameter is reserved, which will be used to freeze a domain name. | + | | | | + | | | Default: **0** | +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ | timestamp | Long | Creation time. | +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -190,40 +210,60 @@ Response Parameters | | | | | | | - Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area. | +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | weight | Integer | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createpremiumhost__response_flag: .. table:: **Table 7** Flag - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================================+ - | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | - | | | | - | | | - true: PCI 3DS check is enabled. | - | | | | - | | | - false: PCI 3DS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | - | | | | - | | | - true: PCI DDS check is enabled. | - | | | | - | | | - false: PCI DDS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | pci_3ds | String | Whether to enable PCI 3DS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI 3DS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Once PCI 3DS is enabled, it cannot be disabled. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether to enable PCI DSS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI DSS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createpremiumhost__response_blockpage: .. table:: **Table 8** BlockPage - +--------------+-------------------------------------------------------------------+-------------------+ - | Parameter | Type | Description | - +==============+===================================================================+===================+ - | template | String | Template name | - +--------------+-------------------------------------------------------------------+-------------------+ - | custom_page | :ref:`CustomPage ` object | Custom alarm page | - +--------------+-------------------------------------------------------------------+-------------------+ - | redirect_url | String | Redirection URL | - +--------------+-------------------------------------------------------------------+-------------------+ + +-----------------------+-------------------------------------------------------------------+-------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+===================================================================+===============================================================================+ + | template | String | Template type. The value can be: | + | | | | + | | | - **default**: The default block page is returned when a request is blocked. | + | | | | + | | | - **custom**: Your custom block page is returned when a request is blocked. | + | | | | + | | | - **redirect**: The request is redirected to the URL you specify. | + +-----------------------+-------------------------------------------------------------------+-------------------------------------------------------------------------------+ + | custom_page | :ref:`CustomPage ` object | Custom alarm page | + +-----------------------+-------------------------------------------------------------------+-------------------------------------------------------------------------------+ + | redirect_url | String | Redirection URL | + +-----------------------+-------------------------------------------------------------------+-------------------------------------------------------------------------------+ .. _createpremiumhost__response_custompage: @@ -237,19 +277,19 @@ Response Parameters content String Page content ============ ====== ========================== +.. _createpremiumhost__response_extend: + +.. table:: **Table 10** Extend + + ========= ====== =============================== + Parameter Type Description + ========= ====== =============================== + ltsInfo String Details about LTS configuration + extend String Timeout configuration details. + ========= ====== =============================== + **Status code: 400** -.. table:: **Table 10** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -**Status code: 401** - .. table:: **Table 11** Response body parameters ========== ====== ============= @@ -259,7 +299,7 @@ Response Parameters error_msg String Error message ========== ====== ============= -**Status code: 500** +**Status code: 401** .. table:: **Table 12** Response body parameters @@ -270,6 +310,17 @@ Response Parameters error_msg String Error message ========== ====== ============= +**Status code: 500** + +.. table:: **Table 13** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + Example Requests ---------------- diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/deleting_a_domain_name_from_a_dedicated_waf_instance.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/deleting_a_domain_name_from_a_dedicated_waf_instance.rst index badd2f4..6cc2e49 100644 --- a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/deleting_a_domain_name_from_a_dedicated_waf_instance.rst +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/deleting_a_domain_name_from_a_dedicated_waf_instance.rst @@ -57,69 +57,89 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================================================+================================================================================================================================================+ - | id | String | Domain name ID | - +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | hostname | String | Domain name | - +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | protect_status | Integer | WAF status of the protected domain name. The value can be: | - | | | | - | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | - | | | | - | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | - | | | | - | | | - 1: Enabled. WAF detects attacks based on the configured policy. | - +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | access_status | Integer | Domain name access status. The value can be 0 or 1. | - | | | | - | | | - 0: The domain name has not been added to WAF, and no traffic is routed to the WAF engine. | - | | | | - | | | - 1: The domain name has been added to WAF, and traffic destined for the domain name has been routed to the WAF engine and the origin server. | - +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configurations. | - +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | hostid | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | - +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | hostId | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | - +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+===========================================================+============================================================================================================================+ + | id | String | Domain name ID | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | protect_status | Integer | WAF status of the protected domain name. The value can be: | + | | | | + | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | + | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | + | | | | + | | | - 1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Whether a domain name is connected to WAF. | + | | | | + | | | - **0**: The domain name is not connected to the engine instance. | + | | | | + | | | - **1**: The domain name is connected to the engine instance. | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | flag | :ref:`Flag ` object | Feature switch for configuring compliance certification checks for domain names protected with the dedicated WAF instance. | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | extend | :ref:`Extend ` object | This parameter includes some extended information about the protected domain name. | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | web_tag | String | website name | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | description | String | website remarks | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time a domain name is added to WAF | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | region | String | region ID | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ + | hostid | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | + +-----------------------+-----------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ .. _deletepremiumhost__response_flag: .. table:: **Table 5** Flag - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================================+ - | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | - | | | | - | | | - true: PCI 3DS check is enabled. | - | | | | - | | | - false: PCI 3DS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | - | | | | - | | | - true: PCI DDS check is enabled. | - | | | | - | | | - false: PCI DDS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | pci_3ds | String | Whether to enable PCI 3DS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI 3DS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Once PCI 3DS is enabled, it cannot be disabled. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether to enable PCI DSS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI DSS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deletepremiumhost__response_extend: + +.. table:: **Table 6** Extend + + ========= ====== =============================== + Parameter Type Description + ========= ====== =============================== + ltsInfo String Details about LTS configuration + extend String Timeout configuration details. + ========= ====== =============================== **Status code: 400** -.. table:: **Table 6** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -**Status code: 401** - .. table:: **Table 7** Response body parameters ========== ====== ============= @@ -129,7 +149,7 @@ Response Parameters error_msg String Error message ========== ====== ============= -**Status code: 500** +**Status code: 401** .. table:: **Table 8** Response body parameters @@ -140,6 +160,17 @@ Response Parameters error_msg String Error message ========== ====== ============= +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + Example Requests ---------------- diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/index.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/index.rst index 0d026b5..6666162 100644 --- a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/index.rst +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/index.rst @@ -10,6 +10,7 @@ Managing Websites Protected in Dedicated Mode - :ref:`Querying Domain Name Settings in Dedicated Mode ` - :ref:`Modifying a Domain Name Protected by a Dedicated WAF Instance ` - :ref:`Deleting a Domain Name from a Dedicated WAF Instance ` +- :ref:`Modifying the Protection Status of a Domain Name in Dedicated Mode ` .. toctree:: :maxdepth: 1 @@ -20,3 +21,4 @@ Managing Websites Protected in Dedicated Mode querying_domain_name_settings_in_dedicated_mode modifying_a_domain_name_protected_by_a_dedicated_waf_instance deleting_a_domain_name_from_a_dedicated_waf_instance + modifying_the_protection_status_of_a_domain_name_in_dedicated_mode diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_a_domain_name_protected_by_a_dedicated_waf_instance.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_a_domain_name_protected_by_a_dedicated_waf_instance.rst index 7f5a732..c6330b3 100644 --- a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_a_domain_name_protected_by_a_dedicated_waf_instance.rst +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_a_domain_name_protected_by_a_dedicated_waf_instance.rst @@ -42,53 +42,73 @@ Request Parameters .. table:: **Table 3** Request body parameters - +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+================================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================+ - | proxy | No | Boolean | Whether a proxy is used for the domain name. If your website has no layer-7 proxy server such as CDN and cloud acceleration service deployed in front of WAF and uses only layer-4 load balancers (or NAT), set Proxy Configured to No. Otherwise, Proxy Configured must be set to Yes. This ensures that WAF obtains real IP addresses of website visitors and takes protective actions configured in protection policies. | - +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | certificateid | No | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. | - +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | certificatename | No | String | HTTPS certificate name. It can be obtained by calling the ListCertificates API. Certifacteid and certificatename are required at the same. If certificateid does not match certificatename, an error is reported. | - +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tls | No | String | Minimum TLS version supported. | - | | | | | - | | | | - TLS v1.0 is used by default. | - | | | | | - | | | | - The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3 | - +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cipher | No | String | Cipher suite. The value can be: | - | | | | | - | | | | - cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH | - | | | | | - | | | | - cipher_2: EECDH+AESGCM:EDH+AESGCM | - | | | | | - | | | | - cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH | - | | | | | - | | | | - cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH n - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM | - +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | protect_status | No | Integer | WAF status of the protected domain name. | - | | | | | - | | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | - | | | | | - | | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. -1: Enabled. WAF detects attacks based on the configured policy. | - +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | block_page | No | :ref:`BlockPage ` object | Alarm configuration page | - +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==========================================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================+ + | proxy | No | Boolean | Whether a proxy is used for the domain name. If your website has no layer-7 proxy server such as CDN and cloud acceleration service deployed in front of WAF and uses only layer-4 load balancers (or NAT), set Proxy Configured to No. Otherwise, Proxy Configured must be set to Yes. This ensures that WAF obtains real IP addresses of website visitors and takes protective actions configured in protection policies. | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificateid | No | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificatename | No | String | HTTPS certificate name. It can be obtained by calling the ListCertificates API. Certifacteid and certificatename are required at the same. If certificateid does not match certificatename, an error is reported. | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tls | No | String | Minimum TLS version supported. | + | | | | | + | | | | - TLS v1.0 is used by default. | + | | | | | + | | | | - The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3 | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cipher | No | String | Cipher suite. The value can be: | + | | | | | + | | | | - cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH | + | | | | | + | | | | - cipher_2: EECDH+AESGCM:EDH+AESGCM | + | | | | | + | | | | - cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH | + | | | | | + | | | | - cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH | + | | | | | + | | | | - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | No | Integer | WAF status of the protected domain name. | + | | | | | + | | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | | + | | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. -1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_page | No | :ref:`BlockPage ` object | Alarm configuration page | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | flag | No | :ref:`Flag ` object | Feature switch for configuring compliance certification checks for domain names protected with the dedicated WAF instance. | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | traffic_mark | No | :ref:`TrafficMark ` object | Traffic identifier | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | circuit_breaker | No | :ref:`CircuitBreaker ` object | Circuit breaker configuration | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timeout_config | No | :ref:`TimeoutConfig ` object | Timeout settings | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | web_tag | No | String | website name | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | website remarks | + +-----------------+-----------------+--------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updatepremiumhost__request_blockpage: .. table:: **Table 4** BlockPage - +--------------+-----------+------------------------------------------------------------------+-------------------+ - | Parameter | Mandatory | Type | Description | - +==============+===========+==================================================================+===================+ - | template | Yes | String | Template name | - +--------------+-----------+------------------------------------------------------------------+-------------------+ - | custom_page | No | :ref:`CustomPage ` object | Custom alarm page | - +--------------+-----------+------------------------------------------------------------------+-------------------+ - | redirect_url | No | String | Redirection URL | - +--------------+-----------+------------------------------------------------------------------+-------------------+ + +-----------------+-----------------+------------------------------------------------------------------+-------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================================================================+===============================================================================+ + | template | Yes | String | Template type. The value can be: | + | | | | | + | | | | - **default**: The default block page is returned when a request is blocked. | + | | | | | + | | | | - **custom**: Your custom block page is returned when a request is blocked. | + | | | | | + | | | | - **redirect**: The request is redirected to the URL you specify. | + +-----------------+-----------------+------------------------------------------------------------------+-------------------------------------------------------------------------------+ + | custom_page | No | :ref:`CustomPage ` object | Custom alarm page | + +-----------------+-----------------+------------------------------------------------------------------+-------------------------------------------------------------------------------+ + | redirect_url | No | String | Redirection URL | + +-----------------+-----------------+------------------------------------------------------------------+-------------------------------------------------------------------------------+ .. _updatepremiumhost__request_custompage: @@ -102,82 +122,196 @@ Request Parameters content Yes String Page content ============ ========= ====== ========================== +.. _updatepremiumhost__request_flag: + +.. table:: **Table 6** Flag + + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | pci_3ds | No | String | Whether to enable PCI 3DS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI 3DS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Once PCI 3DS is enabled, it cannot be disabled. Before you enable it, ensure that your website services will not be affected. | + | | | | | + | | | | - **true**: Enable this check. | + | | | | | + | | | | - **false**: Disable this check. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **true** | + | | | | | + | | | | - **false** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | No | String | Whether to enable PCI DSS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI DSS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Before you enable it, ensure that your website services will not be affected. | + | | | | | + | | | | - **true**: Enable this check. | + | | | | | + | | | | - **false**: Disable this check. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **true** | + | | | | | + | | | | - **false** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__request_trafficmark: + +.. table:: **Table 7** TrafficMark + + +-----------+-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+==================+================================================================================================================================================================================================================================+ + | sip | No | Array of strings | IP tag. HTTP request header field of the original client IP address. | + +-----------+-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cookie | No | String | Session tag. This tag is used by known attack source rules to block malicious attacks based on cookie attributes. This parameter must be configured in known attack source rules to block requests based on cookie attributes. | + +-----------+-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | params | No | String | User tag. This tag is used by known attack source rules to block malicious attacks based on params attributes. This parameter must be configured to block requests based on the params attributes. | + +-----------+-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__request_circuitbreaker: + +.. table:: **Table 8** CircuitBreaker + + +-------------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===================+=================+=================+============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | switch | No | Boolean | Whether to enable connection protection. | + | | | | | + | | | | - **true**: Enable connection protection. | + | | | | | + | | | | - **false**: Disable the connection protection. | + +-------------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | dead_num | No | Integer | 502/504 error threshold. 502/504 errors allowed for every 30 seconds. | + +-------------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | dead_ratio | No | Number | A breakdown protection is triggered when the 502/504 error threshold and percentage threshold have been reached. | + +-------------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_time | No | Integer | Protection period upon the first breakdown. During this period, WAF stops forwarding client requests. | + +-------------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | superposition_num | No | Integer | The maximum multiplier you can use for consecutive breakdowns. The number of breakdowns are counted from 0 every time the accumulated breakdown protection duration reaches 3,600s. For example, assume that Initial Downtime (s) is set to 180s and **Multiplier for Consecutive Breakdowns** is set to 3. If the breakdown is triggered for the second time, that is, less than 3, the protection duration is 360s (180s X 2). If the breakdown is triggered for the third or fourth time, that is, equal to or greater than 3, the protection duration is 540s (180s X 3). When the accumulated downtime duration exceeds 1 hour (3,600s), the number of breakdowns are counted from 0. | + +-------------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | suspend_num | No | Integer | Threshold of the number of pending URL requests. Connection protection is triggered when the threshold has been reached. | + +-------------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | sus_block_time | No | Integer | Downtime duration after the connection protection is triggered. During this period, WAF stops forwarding website requests. | + +-------------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__request_timeoutconfig: + +.. table:: **Table 9** TimeoutConfig + + +-----------------+-----------+---------+--------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+===========+=========+==============================================================+ + | connect_timeout | No | Integer | Timeout for WAF to connect to the origin server. | + +-----------------+-----------+---------+--------------------------------------------------------------+ + | send_timeout | No | Integer | Timeout for WAF to send requests to the origin server. | + +-----------------+-----------+---------+--------------------------------------------------------------+ + | read_timeout | No | Integer | Timeout for WAF to receive responses from the origin server. | + +-----------------+-----------+---------+--------------------------------------------------------------+ + Response Parameters ------------------- **Status code: 200** -.. table:: **Table 6** Response body parameters +.. table:: **Table 10** Response body parameters - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=========================================================================================+================================================================================================================================================================================================================================================================+ - | id | String | Domain name ID | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | ID of the policy initially used to the domain name. It can be obtained by calling the API described in 2.1.1 Querying Protection Policies. | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | hostname | String | Domain name added to cloud WAF. | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | domainid | String | User domain ID | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | project_id | String | Project ID | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | protocol | String | HTTP protocol | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tls | String | Minimum TLS version supported. | - | | | | - | | | - TLS v1.0 is used by default. | - | | | | - | | | - The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3 | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cipher | String | Cipher suite. The value can be: | - | | | | - | | | - cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH | - | | | | - | | | - cipher_2: EECDH+AESGCM:EDH+AESGCM | - | | | | - | | | - cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH | - | | | | - | | | - cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH n - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | server | Array of :ref:`PremiumWafServer ` objects | Origin server details | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | certificateid | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. n - This parameter is not required when the client protocol is HTTP. n - This parameter is mandatory when the client protocol is HTTPS. | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | certificatename | String | Certificate name. n - This parameter is not required when the client protocol is HTTP. n - This parameter is mandatory when the client protocol is HTTPS. | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | proxy | Boolean | Whether the proxy is enabled | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | locked | Integer | Lock status. This parameter is redundant and can be ignored. Default value: 0 | - | | | | - | | | Default: **0** | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | protect_status | Integer | WAF status of the protected domain name. The value can be: | - | | | | - | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | - | | | | - | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | - | | | | - | | | - 1: Enabled. WAF detects attacks based on the configured policy. | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | access_status | Integer | Whether a domain name is connected to WAF. | - | | | | - | | | - **0**: The domain name is not connected to the engine instance. | - | | | | - | | | - **1**: The domain name is connected to the engine instance. | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Time a domain name is added to WAF | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configurations | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | block_page | :ref:`BlockPage ` object | Alarm configuration page | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | extend | Map | Extended attribute | - +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=========================================================================================+===================================================================================================================================================+ + | id | String | Domain name ID | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | ID of the policy initially used to the domain name. It can be obtained by calling the API described in 2.1.1 Querying Protection Policies. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name added to cloud WAF. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | domainid | String | User domain ID | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | project_id | String | Project ID | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | protocol | String | Client protocol, which is the protocol used by a client (for example, a browser) to access your website. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **HTTPS** | + | | | | + | | | - **HTTP** | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | tls | String | Minimum TLS version supported. | + | | | | + | | | - TLS v1.0 is used by default. | + | | | | + | | | - The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3 | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | cipher | String | Cipher suite. The value can be: | + | | | | + | | | - cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH | + | | | | + | | | - cipher_2: EECDH+AESGCM:EDH+AESGCM | + | | | | + | | | - cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH | + | | | | + | | | - cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH | + | | | | + | | | - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | server | Array of :ref:`PremiumWafServer ` objects | Origin server details | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificateid | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. | + | | | | + | | | - This parameter is not required when the client protocol is HTTP. | + | | | | + | | | - This parameter is mandatory when the client protocol is HTTPS. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificatename | String | Certificate name. | + | | | | + | | | - This parameter is not required when the client protocol is HTTP. | + | | | | + | | | - This parameter is mandatory when the client protocol is HTTPS. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | proxy | Boolean | Whether the proxy is enabled | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | locked | Integer | Lock status. This parameter is redundant and can be ignored. Default value: 0 | + | | | | + | | | Default: **0** | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | Integer | WAF status of the protected domain name. The value can be: | + | | | | + | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | + | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | + | | | | + | | | - 1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Whether a domain name is connected to WAF. | + | | | | + | | | - **0**: The domain name is not connected to the engine instance. | + | | | | + | | | - **1**: The domain name is connected to the engine instance. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_progress | Array of :ref:`Access_progress ` objects | Access progress, which is used only for the new console (frontend). | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | flag | :ref:`Flag ` object | Feature switch for configuring compliance certification checks for domain names protected with the dedicated WAF instance. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_page | :ref:`BlockPage ` object | Alarm configuration page | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | :ref:`Extend ` object | This parameter includes some extended information about the protected domain name. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | traffic_mark | :ref:`TrafficMark ` object | Traffic identifier | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | circuit_breaker | :ref:`CircuitBreaker ` object | Circuit breaker configuration | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | timeout_config | :ref:`TimeoutConfig ` object | Timeout settings | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | web_tag | String | website name | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | website remarks | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time a domain name is added to WAF | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updatepremiumhost__response_premiumwafserver: -.. table:: **Table 7** PremiumWafServer +.. table:: **Table 11** PremiumWafServer +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Parameter | Type | Description | @@ -216,44 +350,86 @@ Response Parameters | | | | | | | - Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area. | +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | weight | Integer | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__response_access_progress: + +.. table:: **Table 12** Access_progress + + +-----------------------+-----------------------+-------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================+ + | step | Integer | Step | + | | | | + | | | - **1**: whitelisting WAF IP addresses. | + | | | | + | | | - **2**: testing WAF. | + | | | | + | | | - **3**:modifying DNS record. | + +-----------------------+-----------------------+-------------------------------------------+ + | status | Integer | Status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The step has not been finished. | + | | | | + | | | - **1**: The step has finished. | + +-----------------------+-----------------------+-------------------------------------------+ .. _updatepremiumhost__response_flag: -.. table:: **Table 8** Flag +.. table:: **Table 13** Flag - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================================+ - | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | - | | | | - | | | - true: PCI 3DS check is enabled. | - | | | | - | | | - false: PCI 3DS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | - | | | | - | | | - true: PCI DDS check is enabled. | - | | | | - | | | - false: PCI DDS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | pci_3ds | String | Whether to enable PCI 3DS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI 3DS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Once PCI 3DS is enabled, it cannot be disabled. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether to enable PCI DSS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI DSS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updatepremiumhost__response_blockpage: -.. table:: **Table 9** BlockPage +.. table:: **Table 14** BlockPage - +--------------+-------------------------------------------------------------------+-------------------+ - | Parameter | Type | Description | - +==============+===================================================================+===================+ - | template | String | Template name | - +--------------+-------------------------------------------------------------------+-------------------+ - | custom_page | :ref:`CustomPage ` object | Custom alarm page | - +--------------+-------------------------------------------------------------------+-------------------+ - | redirect_url | String | Redirection URL | - +--------------+-------------------------------------------------------------------+-------------------+ + +-----------------------+-------------------------------------------------------------------+-------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+===================================================================+===============================================================================+ + | template | String | Template type. The value can be: | + | | | | + | | | - **default**: The default block page is returned when a request is blocked. | + | | | | + | | | - **custom**: Your custom block page is returned when a request is blocked. | + | | | | + | | | - **redirect**: The request is redirected to the URL you specify. | + +-----------------------+-------------------------------------------------------------------+-------------------------------------------------------------------------------+ + | custom_page | :ref:`CustomPage ` object | Custom alarm page | + +-----------------------+-------------------------------------------------------------------+-------------------------------------------------------------------------------+ + | redirect_url | String | Redirection URL | + +-----------------------+-------------------------------------------------------------------+-------------------------------------------------------------------------------+ .. _updatepremiumhost__response_custompage: -.. table:: **Table 10** CustomPage +.. table:: **Table 15** CustomPage ============ ====== ========================== Parameter Type Description @@ -263,9 +439,74 @@ Response Parameters content String Page content ============ ====== ========================== +.. _updatepremiumhost__response_extend: + +.. table:: **Table 16** Extend + + ========= ====== =============================== + Parameter Type Description + ========= ====== =============================== + ltsInfo String Details about LTS configuration + extend String Timeout configuration details. + ========= ====== =============================== + +.. _updatepremiumhost__response_trafficmark: + +.. table:: **Table 17** TrafficMark + + +-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+==================+================================================================================================================================================================================================================================+ + | sip | Array of strings | IP tag. HTTP request header field of the original client IP address. | + +-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cookie | String | Session tag. This tag is used by known attack source rules to block malicious attacks based on cookie attributes. This parameter must be configured in known attack source rules to block requests based on cookie attributes. | + +-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | params | String | User tag. This tag is used by known attack source rules to block malicious attacks based on params attributes. This parameter must be configured to block requests based on the params attributes. | + +-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__response_circuitbreaker: + +.. table:: **Table 18** CircuitBreaker + + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | switch | Boolean | Whether to enable connection protection. | + | | | | + | | | - **true**: Enable connection protection. | + | | | | + | | | - **false**: Disable the connection protection. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | dead_num | Integer | 502/504 error threshold. 502/504 errors allowed for every 30 seconds. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | dead_ratio | Number | A breakdown protection is triggered when the 502/504 error threshold and percentage threshold have been reached. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_time | Integer | Protection period upon the first breakdown. During this period, WAF stops forwarding client requests. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | superposition_num | Integer | The maximum multiplier you can use for consecutive breakdowns. The number of breakdowns are counted from 0 every time the accumulated breakdown protection duration reaches 3,600s. For example, assume that Initial Downtime (s) is set to 180s and **Multiplier for Consecutive Breakdowns** is set to 3. If the breakdown is triggered for the second time, that is, less than 3, the protection duration is 360s (180s X 2). If the breakdown is triggered for the third or fourth time, that is, equal to or greater than 3, the protection duration is 540s (180s X 3). When the accumulated downtime duration exceeds 1 hour (3,600s), the number of breakdowns are counted from 0. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | suspend_num | Integer | Threshold of the number of pending URL requests. Connection protection is triggered when the threshold has been reached. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | sus_block_time | Integer | Downtime duration after the connection protection is triggered. During this period, WAF stops forwarding website requests. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__response_timeoutconfig: + +.. table:: **Table 19** TimeoutConfig + + +-----------------+---------+--------------------------------------------------------------+ + | Parameter | Type | Description | + +=================+=========+==============================================================+ + | connect_timeout | Integer | Timeout for WAF to connect to the origin server. | + +-----------------+---------+--------------------------------------------------------------+ + | send_timeout | Integer | Timeout for WAF to send requests to the origin server. | + +-----------------+---------+--------------------------------------------------------------+ + | read_timeout | Integer | Timeout for WAF to receive responses from the origin server. | + +-----------------+---------+--------------------------------------------------------------+ + **Status code: 400** -.. table:: **Table 11** Response body parameters +.. table:: **Table 20** Response body parameters ========== ====== ============= Parameter Type Description @@ -276,7 +517,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 12** Response body parameters +.. table:: **Table 21** Response body parameters ========== ====== ============= Parameter Type Description @@ -287,7 +528,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 13** Response body parameters +.. table:: **Table 22** Response body parameters ========== ====== ============= Parameter Type Description diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_the_protection_status_of_a_domain_name_in_dedicated_mode.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_the_protection_status_of_a_domain_name_in_dedicated_mode.rst new file mode 100644 index 0000000..86c9391 --- /dev/null +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_the_protection_status_of_a_domain_name_in_dedicated_mode.rst @@ -0,0 +1,152 @@ +:original_name: UpdatePremiumHostProtectStatus.html + +.. _UpdatePremiumHostProtectStatus: + +Modifying the Protection Status of a Domain Name in Dedicated Mode +================================================================== + +Function +-------- + +This API is used to modify the protection status of a domain name connected to a dedicated WAF instance. + +URI +--- + +PUT /v1/{project_id}/premium-waf/host/{host_id}/protect_status + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+========================================================================================================================================================================================================================================+ + | project_id | Yes | String | Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose **My Credentials**.Then, in the **Projects** area, view **Project ID** of the corresponding project. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | host_id | Yes | String | ID of the domain name protected by the dedicated WAF engine | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=======================+===========+========+============================================================================+ + | enterprise_project_id | No | String | You can obtain the ID by calling the **ListEnterpriseProject** API of EPS. | + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==============================================================================================================+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of **X-Subject-Token** in the response header). | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 4** Request body parameters + + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=================================================================================================================================+ + | protect_status | Yes | Integer | WAF status of the protected domain name. | + | | | | | + | | | | - **0**: The WAF protection is suspended. WAF only forwards requests destined for the domain name and does not detect attacks. | + | | | | | + | | | | - **1**: The WAF protection is enabled. WAF detects attacks based on the policy you configure. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 5** Response body parameters + + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================+ + | protect_status | Integer | WAF status of the protected domain name. | + | | | | + | | | - **0**: The WAF protection is suspended. WAF only forwards requests destined for the domain name and does not detect attacks. | + | | | | + | | | - **1**: The WAF protection is enabled. WAF detects attacks based on the policy you configure. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/premium-waf/host/{host_id}/protect_status?enterprise_project_id=0 + + { + "protect_status" : 1 + } + +Example Responses +----------------- + +**Status code: 200** + +OK + +.. code-block:: + + { + "protect_status" : 1 + } + +Status Codes +------------ + +=========== ================================================ +Status Code Description +=========== ================================================ +200 OK +400 Invalid request +401 The token does not have the required permission. +500 Internal server error. +=========== ================================================ + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_name_settings_in_dedicated_mode.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_name_settings_in_dedicated_mode.rst index a3eda6c..bd2cb53 100644 --- a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_name_settings_in_dedicated_mode.rst +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_name_settings_in_dedicated_mode.rst @@ -47,71 +47,99 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================================================================================+================================================================================================================================================================================================================================================================+ - | id | String | Domain name ID | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | ID of the policy initially used to the domain name. It can be obtained by calling the API described in 2.1.1 Querying Protection Policies. | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | hostname | String | Domain name added to cloud WAF. | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | domainid | String | User domain ID | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | project_id | String | Project ID | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | protocol | String | HTTP protocol | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tls | String | Minimum TLS version supported. | - | | | | - | | | - TLS v1.0 is used by default. | - | | | | - | | | - The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3 | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cipher | String | Cipher suite. The value can be: | - | | | | - | | | - cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH | - | | | | - | | | - cipher_2: EECDH+AESGCM:EDH+AESGCM | - | | | | - | | | - cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH | - | | | | - | | | - cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH n - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | server | Array of :ref:`PremiumWafServer ` objects | Origin server details | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | certificateid | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. n - This parameter is not required when the client protocol is HTTP. n - This parameter is mandatory when the client protocol is HTTPS. | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | certificatename | String | Certificate name. n - This parameter is not required when the client protocol is HTTP. n - This parameter is mandatory when the client protocol is HTTPS. | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | proxy | Boolean | Whether the proxy is enabled | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | locked | Integer | Lock status. This parameter is redundant and can be ignored. Default value: 0 | - | | | | - | | | Default: **0** | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | protect_status | Integer | WAF status of the protected domain name. The value can be: | - | | | | - | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | - | | | | - | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | - | | | | - | | | - 1: Enabled. WAF detects attacks based on the configured policy. | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | access_status | Integer | Whether a domain name is connected to WAF. | - | | | | - | | | - **0**: The domain name is not connected to the engine instance. | - | | | | - | | | - **1**: The domain name is connected to the engine instance. | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Time a domain name is added to WAF | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configurations | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | block_page | :ref:`BlockPage ` object | Alarm configuration page | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | extend | Map | Extended attribute | - +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================================================================================+===================================================================================================================================================+ + | id | String | Domain name ID | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | ID of the policy initially used to the domain name. It can be obtained by calling the API described in 2.1.1 Querying Protection Policies. | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name added to cloud WAF. | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | domainid | String | User domain ID | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | project_id | String | Project ID | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | protocol | String | Client protocol, which is the protocol used by a client (for example, a browser) to access your website. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **HTTPS** | + | | | | + | | | - **HTTP** | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | tls | String | Minimum TLS version supported. | + | | | | + | | | - TLS v1.0 is used by default. | + | | | | + | | | - The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3 | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | cipher | String | Cipher suite. The value can be: | + | | | | + | | | - cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH | + | | | | + | | | - cipher_2: EECDH+AESGCM:EDH+AESGCM | + | | | | + | | | - cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH | + | | | | + | | | - cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH | + | | | | + | | | - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | server | Array of :ref:`PremiumWafServer ` objects | Origin server details | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificateid | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. | + | | | | + | | | - This parameter is not required when the client protocol is HTTP. | + | | | | + | | | - This parameter is mandatory when the client protocol is HTTPS. | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificatename | String | Certificate name. | + | | | | + | | | - This parameter is not required when the client protocol is HTTP. | + | | | | + | | | - This parameter is mandatory when the client protocol is HTTPS. | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | proxy | Boolean | Whether the proxy is enabled | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | locked | Integer | Lock status. This parameter is redundant and can be ignored. Default value: 0 | + | | | | + | | | Default: **0** | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | Integer | WAF status of the protected domain name. The value can be: | + | | | | + | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | + | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | + | | | | + | | | - 1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Whether a domain name is connected to WAF. | + | | | | + | | | - **0**: The domain name is not connected to the engine instance. | + | | | | + | | | - **1**: The domain name is connected to the engine instance. | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_progress | Array of :ref:`Access_progress ` objects | Access progress, which is used only for the new console (frontend). | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | flag | :ref:`Flag ` object | Feature switch for configuring compliance certification checks for domain names protected with the dedicated WAF instance. | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_page | :ref:`BlockPage ` object | Alarm configuration page | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | :ref:`Extend ` object | This parameter includes some extended information about the protected domain name. | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | traffic_mark | :ref:`TrafficMark ` object | Traffic identifier | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | circuit_breaker | :ref:`CircuitBreaker ` object | Circuit breaker configuration | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | timeout_config | :ref:`TimeoutConfig ` object | Timeout settings | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | web_tag | String | website name | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | website remarks | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Creation time. | + +-----------------------+---------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ .. _showpremiumhost__response_premiumwafserver: @@ -154,44 +182,86 @@ Response Parameters | | | | | | | - Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area. | +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | weight | Integer | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showpremiumhost__response_access_progress: + +.. table:: **Table 5** Access_progress + + +-----------------------+-----------------------+-------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================+ + | step | Integer | Step | + | | | | + | | | - **1**: whitelisting WAF IP addresses. | + | | | | + | | | - **2**: testing WAF. | + | | | | + | | | - **3**:modifying DNS record. | + +-----------------------+-----------------------+-------------------------------------------+ + | status | Integer | Status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The step has not been finished. | + | | | | + | | | - **1**: The step has finished. | + +-----------------------+-----------------------+-------------------------------------------+ .. _showpremiumhost__response_flag: -.. table:: **Table 5** Flag +.. table:: **Table 6** Flag - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================================+ - | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | - | | | | - | | | - true: PCI 3DS check is enabled. | - | | | | - | | | - false: PCI 3DS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | - | | | | - | | | - true: PCI DDS check is enabled. | - | | | | - | | | - false: PCI DDS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | pci_3ds | String | Whether to enable PCI 3DS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI 3DS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Once PCI 3DS is enabled, it cannot be disabled. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether to enable PCI DSS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI DSS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _showpremiumhost__response_blockpage: -.. table:: **Table 6** BlockPage +.. table:: **Table 7** BlockPage - +--------------+-----------------------------------------------------------------+-------------------+ - | Parameter | Type | Description | - +==============+=================================================================+===================+ - | template | String | Template name | - +--------------+-----------------------------------------------------------------+-------------------+ - | custom_page | :ref:`CustomPage ` object | Custom alarm page | - +--------------+-----------------------------------------------------------------+-------------------+ - | redirect_url | String | Redirection URL | - +--------------+-----------------------------------------------------------------+-------------------+ + +-----------------------+-----------------------------------------------------------------+-------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=================================================================+===============================================================================+ + | template | String | Template type. The value can be: | + | | | | + | | | - **default**: The default block page is returned when a request is blocked. | + | | | | + | | | - **custom**: Your custom block page is returned when a request is blocked. | + | | | | + | | | - **redirect**: The request is redirected to the URL you specify. | + +-----------------------+-----------------------------------------------------------------+-------------------------------------------------------------------------------+ + | custom_page | :ref:`CustomPage ` object | Custom alarm page | + +-----------------------+-----------------------------------------------------------------+-------------------------------------------------------------------------------+ + | redirect_url | String | Redirection URL | + +-----------------------+-----------------------------------------------------------------+-------------------------------------------------------------------------------+ .. _showpremiumhost__response_custompage: -.. table:: **Table 7** CustomPage +.. table:: **Table 8** CustomPage ============ ====== ========================== Parameter Type Description @@ -201,9 +271,74 @@ Response Parameters content String Page content ============ ====== ========================== +.. _showpremiumhost__response_extend: + +.. table:: **Table 9** Extend + + ========= ====== =============================== + Parameter Type Description + ========= ====== =============================== + ltsInfo String Details about LTS configuration + extend String Timeout configuration details. + ========= ====== =============================== + +.. _showpremiumhost__response_trafficmark: + +.. table:: **Table 10** TrafficMark + + +-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+==================+================================================================================================================================================================================================================================+ + | sip | Array of strings | IP tag. HTTP request header field of the original client IP address. | + +-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cookie | String | Session tag. This tag is used by known attack source rules to block malicious attacks based on cookie attributes. This parameter must be configured in known attack source rules to block requests based on cookie attributes. | + +-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | params | String | User tag. This tag is used by known attack source rules to block malicious attacks based on params attributes. This parameter must be configured to block requests based on the params attributes. | + +-----------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showpremiumhost__response_circuitbreaker: + +.. table:: **Table 11** CircuitBreaker + + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | switch | Boolean | Whether to enable connection protection. | + | | | | + | | | - **true**: Enable connection protection. | + | | | | + | | | - **false**: Disable the connection protection. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | dead_num | Integer | 502/504 error threshold. 502/504 errors allowed for every 30 seconds. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | dead_ratio | Number | A breakdown protection is triggered when the 502/504 error threshold and percentage threshold have been reached. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_time | Integer | Protection period upon the first breakdown. During this period, WAF stops forwarding client requests. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | superposition_num | Integer | The maximum multiplier you can use for consecutive breakdowns. The number of breakdowns are counted from 0 every time the accumulated breakdown protection duration reaches 3,600s. For example, assume that Initial Downtime (s) is set to 180s and **Multiplier for Consecutive Breakdowns** is set to 3. If the breakdown is triggered for the second time, that is, less than 3, the protection duration is 360s (180s X 2). If the breakdown is triggered for the third or fourth time, that is, equal to or greater than 3, the protection duration is 540s (180s X 3). When the accumulated downtime duration exceeds 1 hour (3,600s), the number of breakdowns are counted from 0. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | suspend_num | Integer | Threshold of the number of pending URL requests. Connection protection is triggered when the threshold has been reached. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | sus_block_time | Integer | Downtime duration after the connection protection is triggered. During this period, WAF stops forwarding website requests. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showpremiumhost__response_timeoutconfig: + +.. table:: **Table 12** TimeoutConfig + + +-----------------+---------+--------------------------------------------------------------+ + | Parameter | Type | Description | + +=================+=========+==============================================================+ + | connect_timeout | Integer | Timeout for WAF to connect to the origin server. | + +-----------------+---------+--------------------------------------------------------------+ + | send_timeout | Integer | Timeout for WAF to send requests to the origin server. | + +-----------------+---------+--------------------------------------------------------------+ + | read_timeout | Integer | Timeout for WAF to receive responses from the origin server. | + +-----------------+---------+--------------------------------------------------------------+ + **Status code: 400** -.. table:: **Table 8** Response body parameters +.. table:: **Table 13** Response body parameters ========== ====== ============= Parameter Type Description @@ -214,7 +349,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 9** Response body parameters +.. table:: **Table 14** Response body parameters ========== ====== ============= Parameter Type Description @@ -225,7 +360,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 10** Response body parameters +.. table:: **Table 15** Response body parameters ========== ====== ============= Parameter Type Description @@ -281,7 +416,8 @@ Request succeeded. "protect_status" : 1, "access_status" : 0, "certificateid" : "360f992501a64de0a65c50a64d1ca7b3", - "certificatename" : "certificatename75315" + "certificatename" : "certificatename75315", + "web_tag" : "" } Status Codes diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_names_protected_by_dedicated_waf_engines.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_names_protected_by_dedicated_waf_engines.rst index 38984b1..fb9a809 100644 --- a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_names_protected_by_dedicated_waf_engines.rst +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_names_protected_by_dedicated_waf_engines.rst @@ -8,7 +8,7 @@ Querying Domain Names Protected by Dedicated WAF Engines Function -------- -Querying Domain Names Protected by Dedicated WAF Engines +This API is used to query domain names protected by dedicated WAF engines. URI --- @@ -83,71 +83,83 @@ Response Parameters .. table:: **Table 5** SimplePremiumWafHost - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=====================================================+================================================================================================================================================+ - | id | String | Domain name ID | - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | hostname | String | Domain name | - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | protect_status | Integer | WAF status of the protected domain name. The value can be: | - | | | | - | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | - | | | | - | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | - | | | | - | | | - 1: Enabled. WAF detects attacks based on the configured policy. | - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | access_status | Integer | Domain name access status. The value can be 0 or 1. | - | | | | - | | | - 0: The domain name has not been added to WAF, and no traffic is routed to the WAF engine. | - | | | | - | | | - 1: The domain name has been added to WAF, and traffic destined for the domain name has been routed to the WAF engine and the origin server. | - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configurations. | - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | hostid | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | hostId | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ - | waf_type | String | WAF mode. The value is premium, indicating the dedicated WAF engine. | - +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=========================================================+=========================================================================================================================================================================+ + | id | String | Domain name ID | + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | Integer | WAF status of the protected domain name. The value can be: | + | | | | + | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | + | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | + | | | | + | | | - 1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Domain name access status. The value can be 0 or 1. | + | | | | + | | | - 0: The domain name has not been added to WAF, and no traffic is routed to the WAF engine. | + | | | | + | | | - 1: The domain name has been added to WAF, and traffic destined for the domain name has been routed to the WAF engine and the origin server. | + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configurations. Currently, this function is not supported. You can ignore this parameter. | + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostid | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | web_tag | String | website name | + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | :ref:`Extend ` object | This parameter includes some extended information about the protected domain name. | + +-----------------------+---------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _listpremiumhost__response_flag: .. table:: **Table 6** Flag - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================================+ - | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | - | | | | - | | | - true: PCI 3DS check is enabled. | - | | | | - | | | - false: PCI 3DS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | - | | | | - | | | - true: PCI DDS check is enabled. | - | | | | - | | | - false: PCI DDS check is disenabled. | - +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | pci_3ds | String | Whether to enable PCI 3DS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI 3DS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Once PCI 3DS is enabled, it cannot be disabled. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether to enable PCI DSS compliance check. This parameter must be used together with **tls** and **cipher**. **tls** must be set to **TLS v1.2**, and **cipher** must be set to **cipher_2**. Note: If PCI DSS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Before you enable it, ensure that your website services will not be affected. | + | | | | + | | | - **true**: Enable this check. | + | | | | + | | | - **false**: Disable this check. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listpremiumhost__response_extend: + +.. table:: **Table 7** Extend + + ========= ====== =============================== + Parameter Type Description + ========= ====== =============================== + ltsInfo String Details about LTS configuration + extend String Timeout configuration details. + ========= ====== =============================== **Status code: 400** -.. table:: **Table 7** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -**Status code: 401** - .. table:: **Table 8** Response body parameters ========== ====== ============= @@ -157,7 +169,7 @@ Response Parameters error_msg String Error message ========== ====== ============= -**Status code: 500** +**Status code: 401** .. table:: **Table 9** Response body parameters @@ -168,6 +180,17 @@ Response Parameters error_msg String Error message ========== ====== ============= +**Status code: 500** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + Example Requests ---------------- @@ -197,8 +220,8 @@ Request succeeded. "protect_status" : 1, "access_status" : 0, "hostid" : "ee896796e1a84f3f85865ae0853d8974", - "hostId" : "262d200fea74406cb0c1a52327122a2c", - "waf_type" : "premium" + "web_tag" : "", + "description" : "" } ] } diff --git a/api-ref/source/apis/policy_management/creating_a_policy.rst b/api-ref/source/apis/policy_management/creating_a_policy.rst index 64a2a71..ea95fe0 100644 --- a/api-ref/source/apis/policy_management/creating_a_policy.rst +++ b/api-ref/source/apis/policy_management/creating_a_policy.rst @@ -53,39 +53,43 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+====================================================================+===================================================================================================================================================================================================================================================================================================================+ - | id | String | Policy ID. This is the unique identifier generated by WAF. | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | name | String | Policy name. | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`PolicyAction ` object | PolicyAction | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | options | :ref:`PolicyOption ` object | PolicyOption | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: | - | | | | - | | | - **1**: Low | - | | | | - | | | - **2**: Medium | - | | | | - | | | - **3**: High | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | full_detection | Boolean | Detection mode in the precise protection rule | - | | | | - | | | - true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | - | | | | - | | | - false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bind_host | Array of :ref:`BindHost ` objects | Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | host | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | extend | Map | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+======================================================================+===================================================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID. This is the unique identifier generated by WAF. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Policy name. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: | + | | | | + | | | - **1**: Low | + | | | | + | | | - **2**: Medium | + | | | | + | | | - **3**: High | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | :ref:`PolicyExtend ` object | Switch for enabling or disabling **Deep Inspection** and **Header Inspection** in **Basic Web Protection**. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | share_info | :ref:`ShareInfo ` object | Whether to share a policy. This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_options | :ref:`ModulexOptions ` object | Whether to enable intelligent CC protection. This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createpolicy__response_policyaction: @@ -111,117 +115,129 @@ Response Parameters .. table:: **Table 6** PolicyOption - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+====================================================================================================================================================================================================================================================================================+ - | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | common | Boolean | Whether general check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | webshell | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | custom | Boolean | Whether precise protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | privacy | Boolean | Whether data masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | JavaScript anti-crawler function. | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether webshell check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | Whether the Known Attack Source protection is enabled.. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_enabled | Boolean | This parameter is reserved and can be ignored currently. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createpolicy__response_bindhost: @@ -237,9 +253,145 @@ Response Parameters | waf_type | String | WAF mode of the domain name. The value is premium. | +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ +.. _createpolicy__response_policyextend: + +.. table:: **Table 8** PolicyExtend + + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==========================================================================================================================================================================+ + | extend | String | Protection statuses for advanced settings in basic web protection. By default, this parameter is left blank, and the Deep Inspection and Header Inspection are disabled. | + | | | | + | | | - If **deep_decode** is set to **true**, the Deep Inspection is enabled. | + | | | | + | | | - If **check_all_headers** is set to **true**, the Header Inspection is enabled. | + | | | | + | | | - If **deep_decode** and **check_all_headers** are set to **false**, the Deep Inspection and Header Inspection are disabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createpolicy__response_shareinfo: + +.. table:: **Table 9** ShareInfo + + +----------------+---------+--------------------------------------------------------+ + | Parameter | Type | Description | + +================+=========+========================================================+ + | share_count | Integer | Total number of the users who share the address group. | + +----------------+---------+--------------------------------------------------------+ + | accept_count | Integer | Number of users who accept the sharing | + +----------------+---------+--------------------------------------------------------+ + | process_status | Integer | Status | + +----------------+---------+--------------------------------------------------------+ + +.. _createpolicy__response_modulexoptions: + +.. table:: **Table 10** ModulexOptions + + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +============================+=======================+=============================================================================================================+ + | global_rate_enabled | Boolean | Status of the global rate limiting function (counting requests to all WAF instances when limiting traffic). | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | global_rate_mode | String | Protection mode of the global rate limiting function. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_enabled | Boolean | Status of the intelligent precise protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_mode | String | Protection mode of the intelligent precise protection. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_managed_mode | String | Management mode of the intelligent precise protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_aging_mode | String | Aging mode of the intelligent precise protection. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_retention | Integer | Maximum age of the intelligent precise protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_enabled | Boolean | Status of the intelligent CC attack protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_mode | String | Protection mode of the intelligent CC attack protection rule. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_managed_mode | String | Management mode of the intelligent CC attack protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_aging_mode | String | Aging mode of the intelligent CC attack protection.. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_retention | Integer | Maximum age of the intelligent CC attack protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + **Status code: 400** -.. table:: **Table 8** Response body parameters +.. table:: **Table 11** Response body parameters ========== ====== ============= Parameter Type Description @@ -250,7 +402,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 9** Response body parameters +.. table:: **Table 12** Response body parameters ========== ====== ============= Parameter Type Description @@ -261,7 +413,7 @@ Response Parameters **Status code: 403** -.. table:: **Table 10** Response body parameters +.. table:: **Table 13** Response body parameters ========== ====== ============= Parameter Type Description @@ -272,7 +424,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 11** Response body parameters +.. table:: **Table 14** Response body parameters ========== ====== ============= Parameter Type Description diff --git a/api-ref/source/apis/policy_management/deleting_a_policy.rst b/api-ref/source/apis/policy_management/deleting_a_policy.rst index 18c0edb..8506616 100644 --- a/api-ref/source/apis/policy_management/deleting_a_policy.rst +++ b/api-ref/source/apis/policy_management/deleting_a_policy.rst @@ -47,37 +47,43 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+====================================================================+===============================================================================================================================================================================================================================================================================================+ - | id | String | Policy ID | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | name | String | Array of details of policies | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`PolicyAction ` object | PolicyAction | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | options | :ref:`PolicyOption ` object | PolicyOption | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | level | Integer | Protection level | - | | | | - | | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. | - | | | | - | | | - **2**: WAF detects remote file inclusion, third-party software vulnerabilities, web shell, and cp and ftp commands. This is the default value. | - | | | | - | | | - **3**: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill. | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | full_detection | Boolean | Detection mode in the precise protection rule | - | | | | - | | | - **true**: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | - | | | | - | | | - **false**: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bind_host | Array of :ref:`BindHost ` objects | Basic information about the protected domain. | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Integer | Time a policy is created | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | extend | Map | Extended field | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+======================================================================+===================================================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Array of details of policies | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level | + | | | | + | | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. | + | | | | + | | | - **2**: WAF detects remote file inclusion, third-party software vulnerabilities, web shell and ftp commands. This is the default value. | + | | | | + | | | - **3**: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - **true**: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - **false**: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Basic information about the protected domain. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | robot_action | :ref:`Action ` object | Feature-based anti-crawler protection mode. This parameter is unavailable for newly created protection policies. The default protection mode is **Log only**. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | :ref:`PolicyExtend ` object | Switch for enabling or disabling **Deep Inspection** and **Header Inspection** in **Basic Web Protection**. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_options | :ref:`ModulexOptions ` object | Whether to enable intelligent CC protection. This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Integer | Time a policy is created | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _deletepolicy__response_policyaction: @@ -103,117 +109,129 @@ Response Parameters .. table:: **Table 5** PolicyOption - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+====================================================================================================================================================================================================================================================================================+ - | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | common | Boolean | Whether general check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | webshell | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | custom | Boolean | Whether precise protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | privacy | Boolean | Whether data masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | JavaScript anti-crawler function. | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether webshell check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | Whether the Known Attack Source protection is enabled.. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_enabled | Boolean | This parameter is reserved and can be ignored currently. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _deletepolicy__response_bindhost: @@ -229,9 +247,151 @@ Response Parameters | waf_type | String | WAF mode of the domain name. The value is premium. | +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ +.. _deletepolicy__response_action: + +.. table:: **Table 7** Action + + +-----------------------+-----------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================+ + | category | String | Protective action for feature-based anti-crawler rules: | + | | | | + | | | - **log**: WAF only logs discovered attacks. | + | | | | + | | | - **block**: WAF blocks discovered attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +-----------------------+-----------------------+---------------------------------------------------------+ + +.. _deletepolicy__response_policyextend: + +.. table:: **Table 8** PolicyExtend + + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==========================================================================================================================================================================+ + | extend | String | Protection statuses for advanced settings in basic web protection. By default, this parameter is left blank, and the Deep Inspection and Header Inspection are disabled. | + | | | | + | | | - If **deep_decode** is set to **true**, the Deep Inspection is enabled. | + | | | | + | | | - If **check_all_headers** is set to **true**, the Header Inspection is enabled. | + | | | | + | | | - If **deep_decode** and **check_all_headers** are set to **false**, the Deep Inspection and Header Inspection are disabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deletepolicy__response_modulexoptions: + +.. table:: **Table 9** ModulexOptions + + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +============================+=======================+=============================================================================================================+ + | global_rate_enabled | Boolean | Status of the global rate limiting function (counting requests to all WAF instances when limiting traffic). | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | global_rate_mode | String | Protection mode of the global rate limiting function. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_enabled | Boolean | Status of the intelligent precise protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_mode | String | Protection mode of the intelligent precise protection. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_managed_mode | String | Management mode of the intelligent precise protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_aging_mode | String | Aging mode of the intelligent precise protection. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_retention | Integer | Maximum age of the intelligent precise protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_enabled | Boolean | Status of the intelligent CC attack protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_mode | String | Protection mode of the intelligent CC attack protection rule. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_managed_mode | String | Management mode of the intelligent CC attack protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_aging_mode | String | Aging mode of the intelligent CC attack protection.. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_retention | Integer | Maximum age of the intelligent CC attack protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + **Status code: 400** -.. table:: **Table 7** Response body parameters +.. table:: **Table 10** Response body parameters ========== ====== ============= Parameter Type Description @@ -242,7 +402,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 8** Response body parameters +.. table:: **Table 11** Response body parameters ========== ====== ============= Parameter Type Description @@ -253,7 +413,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 9** Response body parameters +.. table:: **Table 12** Response body parameters ========== ====== ============= Parameter Type Description diff --git a/api-ref/source/apis/policy_management/querying_a_policy_by_id.rst b/api-ref/source/apis/policy_management/querying_a_policy_by_id.rst index 6c9601a..6171097 100644 --- a/api-ref/source/apis/policy_management/querying_a_policy_by_id.rst +++ b/api-ref/source/apis/policy_management/querying_a_policy_by_id.rst @@ -47,39 +47,45 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+==================================================================+===================================================================================================================================================================================================================================================================================================================+ - | id | String | Policy ID. This is the unique identifier generated by WAF. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | name | String | Policy name. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`PolicyAction ` object | PolicyAction | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | options | :ref:`PolicyOption ` object | PolicyOption | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: | - | | | | - | | | - **1**: Low | - | | | | - | | | - **2**: Medium | - | | | | - | | | - **3**: High | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | full_detection | Boolean | Detection mode in the precise protection rule | - | | | | - | | | - true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | - | | | | - | | | - false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bind_host | Array of :ref:`BindHost ` objects | Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | host | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | extend | Map | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+====================================================================+===================================================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID. This is the unique identifier generated by WAF. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Policy name. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: | + | | | | + | | | - **1**: Low | + | | | | + | | | - **2**: Medium | + | | | | + | | | - **3**: High | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | robot_action | :ref:`Action ` object | Feature-based anti-crawler protection mode. This parameter is unavailable for newly created protection policies. The default protection mode is **Log only**. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | :ref:`PolicyExtend ` object | Switch for enabling or disabling **Deep Inspection** and **Header Inspection** in **Basic Web Protection**. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | share_info | :ref:`ShareInfo ` object | Whether to share a policy. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_options | :ref:`ModulexOptions ` object | Whether to enable intelligent CC protection. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _showpolicy__response_policyaction: @@ -105,117 +111,129 @@ Response Parameters .. table:: **Table 5** PolicyOption - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+====================================================================================================================================================================================================================================================================================+ - | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | common | Boolean | Whether general check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | webshell | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | custom | Boolean | Whether precise protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | privacy | Boolean | Whether data masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | JavaScript anti-crawler function. | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether webshell check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | Whether the Known Attack Source protection is enabled.. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_enabled | Boolean | This parameter is reserved and can be ignored currently. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _showpolicy__response_bindhost: @@ -231,9 +249,165 @@ Response Parameters | waf_type | String | WAF mode of the domain name. The value is premium. | +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ +.. _showpolicy__response_action: + +.. table:: **Table 7** Action + + +-----------------------+-----------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================+ + | category | String | Protective action for feature-based anti-crawler rules: | + | | | | + | | | - **log**: WAF only logs discovered attacks. | + | | | | + | | | - **block**: WAF blocks discovered attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +-----------------------+-----------------------+---------------------------------------------------------+ + +.. _showpolicy__response_policyextend: + +.. table:: **Table 8** PolicyExtend + + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==========================================================================================================================================================================+ + | extend | String | Protection statuses for advanced settings in basic web protection. By default, this parameter is left blank, and the Deep Inspection and Header Inspection are disabled. | + | | | | + | | | - If **deep_decode** is set to **true**, the Deep Inspection is enabled. | + | | | | + | | | - If **check_all_headers** is set to **true**, the Header Inspection is enabled. | + | | | | + | | | - If **deep_decode** and **check_all_headers** are set to **false**, the Deep Inspection and Header Inspection are disabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showpolicy__response_shareinfo: + +.. table:: **Table 9** ShareInfo + + +----------------+---------+--------------------------------------------------------+ + | Parameter | Type | Description | + +================+=========+========================================================+ + | share_count | Integer | Total number of the users who share the address group. | + +----------------+---------+--------------------------------------------------------+ + | accept_count | Integer | Number of users who accept the sharing | + +----------------+---------+--------------------------------------------------------+ + | process_status | Integer | Status | + +----------------+---------+--------------------------------------------------------+ + +.. _showpolicy__response_modulexoptions: + +.. table:: **Table 10** ModulexOptions + + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +============================+=======================+=============================================================================================================+ + | global_rate_enabled | Boolean | Status of the global rate limiting function (counting requests to all WAF instances when limiting traffic). | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | global_rate_mode | String | Protection mode of the global rate limiting function. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_enabled | Boolean | Status of the intelligent precise protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_mode | String | Protection mode of the intelligent precise protection. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_managed_mode | String | Management mode of the intelligent precise protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_aging_mode | String | Aging mode of the intelligent precise protection. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_retention | Integer | Maximum age of the intelligent precise protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_enabled | Boolean | Status of the intelligent CC attack protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_mode | String | Protection mode of the intelligent CC attack protection rule. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_managed_mode | String | Management mode of the intelligent CC attack protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_aging_mode | String | Aging mode of the intelligent CC attack protection.. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_retention | Integer | Maximum age of the intelligent CC attack protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + **Status code: 400** -.. table:: **Table 7** Response body parameters +.. table:: **Table 11** Response body parameters ========== ====== ============= Parameter Type Description @@ -244,7 +418,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 8** Response body parameters +.. table:: **Table 12** Response body parameters ========== ====== ============= Parameter Type Description @@ -255,7 +429,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 9** Response body parameters +.. table:: **Table 13** Response body parameters ========== ====== ============= Parameter Type Description diff --git a/api-ref/source/apis/policy_management/querying_protection_policies.rst b/api-ref/source/apis/policy_management/querying_protection_policies.rst index e2c2761..dbf9f65 100644 --- a/api-ref/source/apis/policy_management/querying_protection_policies.rst +++ b/api-ref/source/apis/policy_management/querying_protection_policies.rst @@ -71,39 +71,43 @@ Response Parameters .. table:: **Table 5** ListPolicyResponse - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+==================================================================+===================================================================================================================================================================================================================================================================================================================+ - | id | String | Policy ID. This is the unique identifier generated by WAF. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | name | String | Policy name. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`PolicyAction ` object | PolicyAction | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | options | :ref:`PolicyOption ` object | PolicyOption | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: | - | | | | - | | | - **1**: Low | - | | | | - | | | - **2**: Medium | - | | | | - | | | - **3**: High | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | full_detection | Boolean | Detection mode in the precise protection rule | - | | | | - | | | - true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | - | | | | - | | | - false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bind_host | Array of :ref:`BindHost ` objects | Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | host | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | extend | Map | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+====================================================================+===================================================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID. This is the unique identifier generated by WAF. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Policy name. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: | + | | | | + | | | - **1**: Low | + | | | | + | | | - **2**: Medium | + | | | | + | | | - **3**: High | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | :ref:`PolicyExtend ` object | Switch for enabling or disabling **Deep Inspection** and **Header Inspection** in **Basic Web Protection**. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | share_info | :ref:`ShareInfo ` object | Whether to share a policy. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_options | :ref:`ModulexOptions ` object | Whether to enable intelligent CC protection. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _listpolicy__response_policyaction: @@ -129,117 +133,129 @@ Response Parameters .. table:: **Table 7** PolicyOption - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+====================================================================================================================================================================================================================================================================================+ - | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | common | Boolean | Whether general check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | webshell | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | custom | Boolean | Whether precise protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | privacy | Boolean | Whether data masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | JavaScript anti-crawler function. | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether webshell check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | Whether the Known Attack Source protection is enabled.. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_enabled | Boolean | This parameter is reserved and can be ignored currently. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _listpolicy__response_bindhost: @@ -255,9 +271,145 @@ Response Parameters | waf_type | String | WAF mode of the domain name. The value is premium. | +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ +.. _listpolicy__response_policyextend: + +.. table:: **Table 9** PolicyExtend + + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==========================================================================================================================================================================+ + | extend | String | Protection statuses for advanced settings in basic web protection. By default, this parameter is left blank, and the Deep Inspection and Header Inspection are disabled. | + | | | | + | | | - If **deep_decode** is set to **true**, the Deep Inspection is enabled. | + | | | | + | | | - If **check_all_headers** is set to **true**, the Header Inspection is enabled. | + | | | | + | | | - If **deep_decode** and **check_all_headers** are set to **false**, the Deep Inspection and Header Inspection are disabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listpolicy__response_shareinfo: + +.. table:: **Table 10** ShareInfo + + +----------------+---------+--------------------------------------------------------+ + | Parameter | Type | Description | + +================+=========+========================================================+ + | share_count | Integer | Total number of the users who share the address group. | + +----------------+---------+--------------------------------------------------------+ + | accept_count | Integer | Number of users who accept the sharing | + +----------------+---------+--------------------------------------------------------+ + | process_status | Integer | Status | + +----------------+---------+--------------------------------------------------------+ + +.. _listpolicy__response_modulexoptions: + +.. table:: **Table 11** ModulexOptions + + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +============================+=======================+=============================================================================================================+ + | global_rate_enabled | Boolean | Status of the global rate limiting function (counting requests to all WAF instances when limiting traffic). | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | global_rate_mode | String | Protection mode of the global rate limiting function. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_enabled | Boolean | Status of the intelligent precise protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_mode | String | Protection mode of the intelligent precise protection. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_managed_mode | String | Management mode of the intelligent precise protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_aging_mode | String | Aging mode of the intelligent precise protection. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_retention | Integer | Maximum age of the intelligent precise protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_enabled | Boolean | Status of the intelligent CC attack protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_mode | String | Protection mode of the intelligent CC attack protection rule. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_managed_mode | String | Management mode of the intelligent CC attack protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_aging_mode | String | Aging mode of the intelligent CC attack protection.. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_retention | Integer | Maximum age of the intelligent CC attack protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + **Status code: 400** -.. table:: **Table 9** Response body parameters +.. table:: **Table 12** Response body parameters ========== ====== ============= Parameter Type Description @@ -268,7 +420,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 10** Response body parameters +.. table:: **Table 13** Response body parameters ========== ====== ============= Parameter Type Description @@ -279,7 +431,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 11** Response body parameters +.. table:: **Table 14** Response body parameters ========== ====== ============= Parameter Type Description diff --git a/api-ref/source/apis/policy_management/updating_a_policy.rst b/api-ref/source/apis/policy_management/updating_a_policy.rst index 5321c0e..54b41d6 100644 --- a/api-ref/source/apis/policy_management/updating_a_policy.rst +++ b/api-ref/source/apis/policy_management/updating_a_policy.rst @@ -51,6 +51,8 @@ Request Parameters +-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | options | No | :ref:`PolicyOption ` object | PolicyOption | +-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | robot_action | No | :ref:`Action ` object | Feature-based anti-crawler protection mode. This parameter is unavailable for newly created protection policies. The default protection mode is **Log only**. | + +-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | level | No | Integer | Protection level | | | | | | | | | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. | @@ -90,160 +92,200 @@ Request Parameters .. table:: **Table 5** PolicyOption - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+====================================================================================================================================================================================================================================================================================+ - | webattack | No | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | common | No | Boolean | Whether general check is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | anticrawler | No | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler | No | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_engine | No | Boolean | Whether the search engine is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_scanner | No | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_script | No | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_other | No | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | webshell | No | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cc | No | Boolean | Whether the CC attack protection rule is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | custom | No | Boolean | Whether precise protection is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | whiteblackip | No | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | geoip | No | Boolean | Whether geolocation access control is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | ignore | No | Boolean | Whether false alarm masking is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | privacy | No | Boolean | Whether data masking is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antitamper | No | Boolean | Whether the web tamper protection is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antileakage | No | Boolean | Whether the information leakage prevention is enabled. The value can be: | - | | | | | - | | | | - true: enabled | - | | | | | - | | | | - false: disabled | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bot_enable | No | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | precise | No | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | followed_action | No | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=====================================================================================================================================================================================================================================================================+ + | webattack | No | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | No | Boolean | Whether general check is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | No | Boolean | JavaScript anti-crawler function. | + | | | | | + | | | | - **true**: Enabled | + | | | | | + | | | | - **false**: Disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | No | Boolean | Whether the search engine is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | No | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | No | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | No | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | No | Boolean | Whether webshell check is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | No | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | No | Boolean | Whether precise protection is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | No | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | No | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | No | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | No | Boolean | Whether data masking is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | No | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | No | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | No | Boolean | Whether the Known Attack Source protection is enabled.. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | No | Boolean | Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | | + | | | | - **true**: Enabled | + | | | | | + | | | | - **false**: Disabled | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | No | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | No | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_enabled | No | Boolean | This parameter is reserved and can be ignored currently. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **true** | + | | | | | + | | | | - **false** | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepolicy__request_action: + +.. table:: **Table 6** Action + + +-----------------+-----------------+-----------------+---------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=========================================================+ + | category | No | String | Protective action for feature-based anti-crawler rules: | + | | | | | + | | | | - **log**: WAF only logs discovered attacks. | + | | | | | + | | | | - **block**: WAF blocks discovered attacks. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **log** | + | | | | | + | | | | - **block** | + +-----------------+-----------------+-----------------+---------------------------------------------------------+ Response Parameters ------------------- **Status code: 200** -.. table:: **Table 6** Response body parameters +.. table:: **Table 7** Response body parameters - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+====================================================================+===============================================================================================================================================================================================================================================================================================+ - | id | String | Policy ID | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | name | String | Array of details of policies | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`PolicyAction ` object | PolicyAction | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | options | :ref:`PolicyOption ` object | PolicyOption | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | level | Integer | Protection level | - | | | | - | | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. | - | | | | - | | | - **2**: WAF detects remote file inclusion, third-party software vulnerabilities, web shell, and cp and ftp commands. This is the default value. | - | | | | - | | | - **3**: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill. | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | full_detection | Boolean | Detection mode in the precise protection rule | - | | | | - | | | - **true**: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | - | | | | - | | | - **false**: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bind_host | Array of :ref:`BindHost ` objects | Basic information about the protected domain. | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Integer | Time a policy is created | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | extend | Map | Extended field | - +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+======================================================================+===================================================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Array of details of policies | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level | + | | | | + | | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. | + | | | | + | | | - **2**: WAF detects remote file inclusion, third-party software vulnerabilities, web shell and ftp commands. This is the default value. | + | | | | + | | | - **3**: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - **true**: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - **false**: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Basic information about the protected domain. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | robot_action | :ref:`Action ` object | Feature-based anti-crawler protection mode. This parameter is unavailable for newly created protection policies. The default protection mode is **Log only**. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | :ref:`PolicyExtend ` object | Switch for enabling or disabling **Deep Inspection** and **Header Inspection** in **Basic Web Protection**. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | share_info | :ref:`ShareInfo ` object | Whether to share a policy. This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_options | :ref:`ModulexOptions ` object | Whether to enable intelligent CC protection. This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Integer | Time a policy is created | + +-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updatepolicy__response_policyaction: -.. table:: **Table 7** PolicyAction +.. table:: **Table 8** PolicyAction +-----------------------+-----------------------+-----------------------------------------+ | Parameter | Type | Description | @@ -263,123 +305,135 @@ Response Parameters .. _updatepolicy__response_policyoption: -.. table:: **Table 8** PolicyOption +.. table:: **Table 9** PolicyOption - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+====================================================================================================================================================================================================================================================================================+ - | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | common | Boolean | Whether general check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | webshell | Boolean | Whether other crawler check is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | custom | Boolean | Whether precise protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | privacy | Boolean | Whether data masking is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | - | | | | - | | | - true: enabled | - | | | | - | | | - false: disabled | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | - +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | JavaScript anti-crawler function. | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether webshell check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | Whether the Known Attack Source protection is enabled.. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - **true**: Enabled | + | | | | + | | | - **false**: Disabled | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | modulex_enabled | Boolean | This parameter is reserved and can be ignored currently. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **true** | + | | | | + | | | - **false** | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updatepolicy__response_bindhost: -.. table:: **Table 9** BindHost +.. table:: **Table 10** BindHost +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ | Parameter | Type | Description | @@ -391,9 +445,165 @@ Response Parameters | waf_type | String | WAF mode of the domain name. The value is premium. | +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ +.. _updatepolicy__response_action: + +.. table:: **Table 11** Action + + +-----------------------+-----------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================+ + | category | String | Protective action for feature-based anti-crawler rules: | + | | | | + | | | - **log**: WAF only logs discovered attacks. | + | | | | + | | | - **block**: WAF blocks discovered attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +-----------------------+-----------------------+---------------------------------------------------------+ + +.. _updatepolicy__response_policyextend: + +.. table:: **Table 12** PolicyExtend + + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==========================================================================================================================================================================+ + | extend | String | Protection statuses for advanced settings in basic web protection. By default, this parameter is left blank, and the Deep Inspection and Header Inspection are disabled. | + | | | | + | | | - If **deep_decode** is set to **true**, the Deep Inspection is enabled. | + | | | | + | | | - If **check_all_headers** is set to **true**, the Header Inspection is enabled. | + | | | | + | | | - If **deep_decode** and **check_all_headers** are set to **false**, the Deep Inspection and Header Inspection are disabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepolicy__response_shareinfo: + +.. table:: **Table 13** ShareInfo + + +----------------+---------+--------------------------------------------------------+ + | Parameter | Type | Description | + +================+=========+========================================================+ + | share_count | Integer | Total number of the users who share the address group. | + +----------------+---------+--------------------------------------------------------+ + | accept_count | Integer | Number of users who accept the sharing | + +----------------+---------+--------------------------------------------------------+ + | process_status | Integer | Status | + +----------------+---------+--------------------------------------------------------+ + +.. _updatepolicy__response_modulexoptions: + +.. table:: **Table 14** ModulexOptions + + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +============================+=======================+=============================================================================================================+ + | global_rate_enabled | Boolean | Status of the global rate limiting function (counting requests to all WAF instances when limiting traffic). | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | global_rate_mode | String | Protection mode of the global rate limiting function. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_enabled | Boolean | Status of the intelligent precise protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_mode | String | Protection mode of the intelligent precise protection. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_managed_mode | String | Management mode of the intelligent precise protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_aging_mode | String | Aging mode of the intelligent precise protection. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | precise_rules_retention | Integer | Maximum age of the intelligent precise protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_enabled | Boolean | Status of the intelligent CC attack protection. | + | | | | + | | | - **false**: Disabled. | + | | | | + | | | - **true**: Enabled. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_mode | String | Protection mode of the intelligent CC attack protection rule. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **block**: WAF blocks requests. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **log** | + | | | | + | | | - **block** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_managed_mode | String | Management mode of the intelligent CC attack protection. | + | | | | + | | | - **auto**: WAF manages automatically generated rules. | + | | | | + | | | - **manual**: You can manage rules that are automatically generated by WAF. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_aging_mode | String | Aging mode of the intelligent CC attack protection.. | + | | | | + | | | - **manual**: You can customize the maximum age of the rule. | + | | | | + | | | - **auto**: Automatic | + | | | | + | | | Enumeration values: | + | | | | + | | | - **auto** | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + | cc_rules_retention | Integer | Maximum age of the intelligent CC attack protection. | + +----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+ + **Status code: 400** -.. table:: **Table 10** Response body parameters +.. table:: **Table 15** Response body parameters ========== ====== ============= Parameter Type Description @@ -404,7 +614,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 11** Response body parameters +.. table:: **Table 16** Response body parameters ========== ====== ============= Parameter Type Description @@ -415,7 +625,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 12** Response body parameters +.. table:: **Table 17** Response body parameters ========== ====== ============= Parameter Type Description diff --git a/api-ref/source/apis/rule_management/changing_the_status_of_a_policy_rule.rst b/api-ref/source/apis/rule_management/changing_the_status_of_a_policy_rule.rst index 3956a84..67a8492 100644 --- a/api-ref/source/apis/rule_management/changing_the_status_of_a_policy_rule.rst +++ b/api-ref/source/apis/rule_management/changing_the_status_of_a_policy_rule.rst @@ -17,29 +17,33 @@ PUT /v1/{project_id}/waf/policy/{policy_id}/{ruletype}/{rule_id}/status .. table:: **Table 1** Path Parameters - +-----------------+-----------------+-----------------+-----------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+=================+ - | project_id | Yes | String | Project ID | - +-----------------+-----------------+-----------------+-----------------+ - | policy_id | Yes | String | Policy ID | - +-----------------+-----------------+-----------------+-----------------+ - | ruletype | Yes | String | Rule type | - | | | | | - | | | | - cc -custom | - | | | | | - | | | | - whiteblackip | - | | | | | - | | | | - privacy | - | | | | | - | | | | - ignore | - | | | | | - | | | | - geoip | - | | | | | - | | | | - antitamper | - +-----------------+-----------------+-----------------+-----------------+ - | rule_id | Yes | String | Rule ID | - +-----------------+-----------------+-----------------+-----------------+ + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==================================================================+ + | project_id | Yes | String | Project ID | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | ruletype | Yes | String | Rule type | + | | | | | + | | | | - cc | + | | | | | + | | | | - custom | + | | | | | + | | | | - whiteblackip | + | | | | | + | | | | - privacy | + | | | | | + | | | | - ignore | + | | | | | + | | | | - geoip | + | | | | | + | | | | - antitamper | + | | | | | + | | | | - antileakage | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | rule_id | Yes | String | Rule ID | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -61,7 +65,7 @@ Request Parameters +-----------------+-----------------+-----------------+--------------------------------+ | Parameter | Mandatory | Type | Description | +=================+=================+=================+================================+ - | status | No | Integer | Rule status. The value can be: | + | status | Yes | Integer | Rule status. The value can be: | | | | | | | | | | - 0: The rule is disabled. | | | | | | @@ -77,18 +81,25 @@ Request Parameters Response Parameters ------------------- -**Status code: 400** +**Status code: 200** .. table:: **Table 4** Response body parameters - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= + +-------------+---------+---------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=============+=========+===========================================================================+ + | id | String | Rule ID | + +-------------+---------+---------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-------------+---------+---------------------------------------------------------------------------+ + | timestamp | Long | Time when the rule was created. | + +-------------+---------+---------------------------------------------------------------------------+ + | description | String | Rule Description | + +-------------+---------+---------------------------------------------------------------------------+ + | status | Integer | Status. The options are **0** and **1**. **0**: Disabled. **1**: Enabled. | + +-------------+---------+---------------------------------------------------------------------------+ -**Status code: 401** +**Status code: 400** .. table:: **Table 5** Response body parameters @@ -99,7 +110,7 @@ Response Parameters error_msg String Error message ========== ====== ============= -**Status code: 500** +**Status code: 401** .. table:: **Table 6** Response body parameters @@ -110,6 +121,17 @@ Response Parameters error_msg String Error message ========== ====== ============= +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + Example Requests ---------------- diff --git a/api-ref/source/apis/rule_management/creating_a_blacklist_or_whitelist_rule.rst b/api-ref/source/apis/rule_management/creating_a_blacklist_or_whitelist_rule.rst index 0cde26b..63d5814 100644 --- a/api-ref/source/apis/rule_management/creating_a_blacklist_or_whitelist_rule.rst +++ b/api-ref/source/apis/rule_management/creating_a_blacklist_or_whitelist_rule.rst @@ -8,7 +8,7 @@ Creating a Blacklist or Whitelist Rule Function -------- -his API is used to create a blacklist or whitelist rule. +This API is used to create a blacklist or whitelist rule. URI --- @@ -17,12 +17,13 @@ POST /v1/{project_id}/waf/policy/{policy_id}/whiteblackip .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -34,28 +35,32 @@ Request Parameters +=================+=================+=================+============================================+ | X-Auth-Token | Yes | String | User Token | +-----------------+-----------------+-----------------+--------------------------------------------+ - | Content-Type | Yes | String | Conten type. | + | Content-Type | Yes | String | Content type. | | | | | | | | | | Default: **application/json;charset=utf8** | +-----------------+-----------------+-----------------+--------------------------------------------+ .. table:: **Table 3** Request body parameters - +-----------------+-----------------+-----------------+-----------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+=====================================================+ - | description | No | String | Rule description. | - +-----------------+-----------------+-----------------+-----------------------------------------------------+ - | addr | Yes | String | lacklisted or whitelisted IP addresses | - +-----------------+-----------------+-----------------+-----------------------------------------------------+ - | white | Yes | Object | Protective action. The value can be: | - | | | | | - | | | | - 0: WAF blocks the requests that hit the rule. | - | | | | | - | | | | - 1: WAF allows the requests that hit the rule. | - | | | | | - | | | | - 2: WAF only logs the requests that hit the rule. | - +-----------------+-----------------+-----------------+-----------------------------------------------------+ + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +====================+=================+=================+============================================================================================================================================================================================================+ + | name | No | String | Rule name. | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description. | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | addr | Yes | String | IP addresses or an IP address range. -IP addresses: IP addresses to be added to the blacklist or whitelist, for example, 192.x.x.3 -IP address range: IP address and subnet mask, for example, 10.x.x.0/24 | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | white | Yes | Object | Protective action. The value can be: | + | | | | | + | | | | - 0: WAF blocks the requests that hit the rule. | + | | | | | + | | | | - 1: WAF allows the requests that hit the rule. | + | | | | | + | | | | - 2: WAF only logs the requests that hit the rule. | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action_id | No | String | ID of a known attack source rule. This parameter can be configured only when **white** is set to **0**. | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Response Parameters ------------------- @@ -69,6 +74,8 @@ Response Parameters +=======================+=======================+=====================================================+ | id | String | Rule ID | +-----------------------+-----------------------+-----------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+-----------------------------------------------------+ | policyid | String | Policy ID. | +-----------------------+-----------------------+-----------------------------------------------------+ | timestamp | Long | Rule creation time | @@ -81,7 +88,7 @@ Response Parameters | | | | | | | - 1: The rule is enabled. | +-----------------------+-----------------------+-----------------------------------------------------+ - | addr | String | lacklisted or whitelisted IP addresses | + | addr | String | Blacklisted or whitelisted IP addresses | +-----------------------+-----------------------+-----------------------------------------------------+ | white | Integer | Protective action. The value can be: | | | | | @@ -91,6 +98,8 @@ Response Parameters | | | | | | | - 2: WAF only logs the requests that hit the rule. | +-----------------------+-----------------------+-----------------------------------------------------+ + | followed_action_id | String | ID of the known attack source rule. | + +-----------------------+-----------------------+-----------------------------------------------------+ **Status code: 400** @@ -154,8 +163,7 @@ Request succeeded. "description" : "demo", "status" : 1, "addr" : "x.x.x.x", - "white" : 0, - "size" : 1 + "white" : 0 } Status Codes diff --git a/api-ref/source/apis/rule_management/creating_a_cc_attack_protection_rule.rst b/api-ref/source/apis/rule_management/creating_a_cc_attack_protection_rule.rst index 661f0cc..ff12329 100644 --- a/api-ref/source/apis/rule_management/creating_a_cc_attack_protection_rule.rst +++ b/api-ref/source/apis/rule_management/creating_a_cc_attack_protection_rule.rst @@ -17,13 +17,13 @@ POST /v1/{project_id}/waf/policy/{policy_id}/cc .. table:: **Table 1** Path Parameters - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +============+===========+========+================================================================================+ - | project_id | Yes | String | Project ID | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | - +------------+-----------+--------+--------------------------------------------------------------------------------+ + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -42,79 +42,185 @@ Request Parameters .. table:: **Table 3** Request body parameters - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=====================================================+==============================================================================================================================================================================================================+ - | description | No | String | Rule description | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_num | No | Integer | Frequency limits | - | | | | | - | | | | Minimum: **0** | - | | | | | - | | | | Maximum: **10000** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_period | No | Integer | Frequency limit unit | - | | | | | - | | | | Minimum: **0** | - | | | | | - | | | | Maximum: **10000** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | No | String | url | - | | | | | - | | | | Minimum: **0** | - | | | | | - | | | | Maximum: **10000** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | mode | No | Integer | Work mode. The value can be 0 (standard) or 1 (advanced). The parameters of the advanced mode cannot be described in the same document of the same API. For details, see this parameter on the console page. | - | | | | | - | | | | Enumeration values: | - | | | | | - | | | | - **0** | - | | | | | - | | | | - **1** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | No | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tag_type | No | String | Protection mode. | - | | | | | - | | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | - | | | | | - | | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | - | | | | | - | | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | - | | | | | - | | | | Enumeration values: | - | | | | | - | | | | - **ip** | - | | | | | - | | | | - **other** | - | | | | | - | | | | - **cookie** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=========================================================================+==============================================================================================================================================================================================================================================================================================================================================================================================+ + | mode | Yes | Integer | Protection mode of the CC attack protection rule, which corresponds to the **Mode** field in the **Add CC Attack Protection Rule** dialog box on the WAF console. | + | | | | | + | | | | - **0**: standard. Only the protected paths of domain names can be specified. | + | | | | | + | | | | - **1**: The path, IP address, cookie, header, and params fields can all be set. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **0** | + | | | | | + | | | | - **1** | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | Yes | String | Path to be protected in the CC attack protection rule. This parameter is mandatory when the CC attack protection rule is in standard mode (i.e. the value of **mode** is **0**). | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | No | Array of :ref:`CcCondition ` objects | Rate limit conditions of the CC protection rule. This parameter is mandatory when the CC protection rule is in advanced mode (i.e. the value of **mode** is **1**). | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | Yes | :ref:`action ` object | Protection action to take if the number of requests reaches the upper limit. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | Yes | String | Rate limit mode. | + | | | | | + | | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | | + | | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | | + | | | | - **header**: User-based rate limiting. Website visitors are identified by the header field. | + | | | | | + | | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + | | | | | + | | | | - **other** | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_index | No | String | User identifier. This parameter is mandatory when the rate limit mode is set to **user** (cookie or header). | + | | | | | + | | | | - **cookie**: Set the cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported. For example, if a website uses the name field in the cookie to uniquely identify a website visitor, select name. | + | | | | | + | | | | - **header**: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_condition | No | :ref:`tag_condition ` object | User tag. This parameter is mandatory when the rate limit mode is set to **other**. -other: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | Yes | Integer | Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | Yes | Integer | Rate limit period, in seconds. The value ranges from 1 to 3,600. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unlock_num | No | Integer | Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. This parameter is required only when the protection action type is **dynamic_block**. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | No | Integer | Block duration, in seconds. The value ranges from 0 to 65,535. Specifies the period within which access is blocked. An error page is displayed in this period. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createccrule__request_cccondition: + +.. table:: **Table 4** CcCondition + + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+===========================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | Yes | String | Field type. The value can be **url**, **ip**, **params**, **cookie**, or **header**. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **url** | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | Yes | String | Logic for matching the condition. | + | | | | | + | | | | - If the category is **url**, the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal | + | | | | | + | | | | - If the category is **ip**, the optional operations are: equal, not_equal, , equal_any and not_equal_all | + | | | | | + | | | | - If the category is **params**, **cookie** and **header**, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **contain** | + | | | | | + | | | | - **not_contain** | + | | | | | + | | | | - **equal** | + | | | | | + | | | | - **not_equal** | + | | | | | + | | | | - **prefix** | + | | | | | + | | | | - **not_prefix** | + | | | | | + | | | | - **suffix** | + | | | | | + | | | | - **not_suffix** | + | | | | | + | | | | - **contain_any** | + | | | | | + | | | | - **not_contain_all** | + | | | | | + | | | | - **equal_any** | + | | | | | + | | | | - **not_equal_all** | + | | | | | + | | | | - **prefix_any** | + | | | | | + | | | | - **not_prefix_all** | + | | | | | + | | | | - **suffix_any** | + | | | | | + | | | | - **not_suffix_all** | + | | | | | + | | | | - **num_greater** | + | | | | | + | | | | - **num_less** | + | | | | | + | | | | - **num_equal** | + | | | | | + | | | | - **num_not_equal** | + | | | | | + | | | | - **exist** | + | | | | | + | | | | - **not_exist** | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Content of the conditions. This parameter is mandatory when the suffix of **logic_operation** is not any or all. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | No | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of **logic_operation** is any or all. The reference table type must be the same as the category type. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | No | String | Subfield. When **category** is set to params, cookie, or header, set this parameter based on site requirements. This parameter is mandatory. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createccrule__request_action: -.. table:: **Table 4** action +.. table:: **Table 5** action - +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+===========================================================================================================================================================+ - | category | No | String | Action type: | - | | | | | - | | | | - **block**: WAF blocks discovered attacks. | - | | | | | - | | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | - | | | | | - | | | | - If **tag_type** is set to other, the value can only be block. | - +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | detail | No | String | Action details. If detail is null, the default block page is displayed by default. | - | | | | | - | | | | - This parameter cannot be included when **category** is set to **captcha**. | - | | | | | - | | | | - This parameter is required when **category** is set to **block**. | - +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=====================================================+==========================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | Yes | String | Action type: | + | | | | | + | | | | - captcha: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | | + | | | | - **block**: WAF blocks the requests. When **tag_type** is set to **other**, the value can only be **block**. | + | | | | | + | | | | - **log**: WAF logs the event only. | + | | | | | + | | | | - **dynamic_block**: In the previous rate limit period, if the request frequency exceeds the value of Rate Limit Frequency, the request is blocked. In the next rate limit period, if the request frequency exceeds the value of Permit Frequency, the request is still blocked. Note: The **dynamic_block** protection action can be set only when the advanced protection mode is enabled for the CC protection rule. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **captcha** | + | | | | | + | | | | - **block** | + | | | | | + | | | | - **log** | + | | | | | + | | | | - **dynamic_block** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | No | :ref:`detail ` object | Block page information. When protection action **category** is set to **block** or **dynamic_block**, you need to set the returned block page. | + | | | | | + | | | | - If you want to use the default block page, this parameter can be excluded. | + | | | | | + | | | | - If you want to use a custom block page, set this parameter. | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. table:: **Table 5** detail +.. _createccrule__request_detail: + +.. table:: **Table 6** detail +-----------+-----------+---------------------------------------------------------+----------------+ | Parameter | Mandatory | Type | Description | @@ -124,144 +230,282 @@ Request Parameters .. _createccrule__request_response: -.. table:: **Table 6** response +.. table:: **Table 7** response - +--------------+-----------+--------+-------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +==============+===========+========+===============================================================================+ - | content_type | No | String | Content type. The value can only be application/json, text/html, or text/xml. | - +--------------+-----------+--------+-------------------------------------------------------------------------------+ - | content | No | String | Protection page content. | - +--------------+-----------+--------+-------------------------------------------------------------------------------+ + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================================================+ + | content_type | No | String | Content type. The value can only be **application/json**, **text/html**, or **text/xml**. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **application/json** | + | | | | | + | | | | - **text/html** | + | | | | | + | | | | - **text/xml** | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------+ + | content | No | String | Protection page content. | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------+ + +.. _createccrule__request_tag_condition: + +.. table:: **Table 8** tag_condition + + +-----------+-----------+------------------+-----------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+==================+=====================================================+ + | category | No | String | User identifier. The value is fixed at **referer**. | + +-----------+-----------+------------------+-----------------------------------------------------+ + | contents | No | Array of strings | Content of the user identifier field. | + +-----------+-----------+------------------+-----------------------------------------------------+ Response Parameters ------------------- **Status code: 200** -.. table:: **Table 7** Response body parameters +.. table:: **Table 9** Response body parameters - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+========================================================================+========================================================================================================================================================================+ - | id | String | Rule ID. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | - | | | | - | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | - | | | | - | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | mode | Integer | Mode. | - | | | | - | | | - **0**: Standard. | - | | | | - | | | - **1**: Advanced | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be **0** or **1**. | - | | | | - | | | - **0**: The rule is disabled. | - | | | | - | | | - **1**: The rule is enabled. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_period | String | Rate limiting period | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tag_type | String | Protection mode. | - | | | | - | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | - | | | | - | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | - | | | | - | | | - other: A website visitor is identified by the Referer field (user-defined request source). | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Rule description | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Timestamp the rule is created. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==========================================================================+==============================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard. | + | | | | + | | | - **1**: Advanced. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`CcCondition ` objects | Rate limit conditions of the CC protection rule. This parameter is mandatory when the CC protection rule is in advanced mode (i.e. the value of **mode** is **1**). | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Protection action to take if the number of requests reaches the upper limit. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Rate limit mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | + | | | | + | | | Enumeration values: | + | | | | + | | | - **ip** | + | | | | + | | | - **other** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_index | String | User identifier. This parameter is mandatory when the rate limit mode is set to **user** (cookie or header). | + | | | | + | | | - **cookie**: Set the cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported. For example, if a website uses the name field in the cookie to uniquely identify a website visitor, select name. | + | | | | + | | | - **header**: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_condition | :ref:`tag_condition ` object | User tag. This parameter is mandatory when the rate limit mode is set to **other**. -other: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | Integer | Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | Integer | Rate limit period, in seconds. The value ranges from 1 to 3,600. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unlock_num | Integer | Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. This parameter is required only when the protection action type is **dynamic_block**. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | Integer | Block duration, in seconds. The value ranges from 0 to 65,535. Specifies the period within which access is blocked. An error page is displayed in this period. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | total_num | Integer | This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unaggregation | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createccrule__response_cccondition: + +.. table:: **Table 10** CcCondition + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **url**, **ip**, **params**, **cookie**, or **header**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **url** | + | | | | + | | | - **ip** | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | - If the category is **url**, the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal | + | | | | + | | | - If the category is **ip**, the optional operations are: equal, not_equal, , equal_any and not_equal_all | + | | | | + | | | - If the category is **params**, **cookie** and **header**, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. This parameter is mandatory when the suffix of **logic_operation** is not any or all. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of **logic_operation** is any or all. The reference table type must be the same as the category type. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield. When **category** is set to params, cookie, or header, set this parameter based on site requirements. This parameter is mandatory. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createccrule__response_action: -.. table:: **Table 8** action +.. table:: **Table 11** action - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================+ - | category | String | Action type: | - | | | | - | | | - **block**: WAF blocks discovered attacks. | - | | | | - | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | - | | | | - | | | - If **tag_type** is set to other, the value can only be block. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | detail | String | Action details. If detail is null, the default block page is displayed by default. | - | | | | - | | | - This parameter cannot be included when **category** is set to **captcha**. | - | | | | - | | | - This parameter is required when **category** is set to **block**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+======================================================+==========================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - captcha: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - **block**: WAF blocks the requests. When **tag_type** is set to **other**, the value can only be **block**. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **dynamic_block**: In the previous rate limit period, if the request frequency exceeds the value of Rate Limit Frequency, the request is blocked. In the next rate limit period, if the request frequency exceeds the value of Permit Frequency, the request is still blocked. Note: The **dynamic_block** protection action can be set only when the advanced protection mode is enabled for the CC protection rule. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **captcha** | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + | | | | + | | | - **dynamic_block** | + +-----------------------+------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | :ref:`detail ` object | Block page information. When protection action **category** is set to **block** or **dynamic_block**, you need to set the returned block page. | + | | | | + | | | - If you want to use the default block page, this parameter can be excluded. | + | | | | + | | | - If you want to use a custom block page, set this parameter. | + +-----------------------+------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. table:: **Table 9** detail +.. _createccrule__response_detail: - +-----------+----------------------------------------------------------+---------------+ - | Parameter | Type | Description | - +===========+==========================================================+===============+ - | response | :ref:`response ` object | Returned page | - +-----------+----------------------------------------------------------+---------------+ +.. table:: **Table 12** detail + + +-----------+----------------------------------------------------------+-------------+ + | Parameter | Type | Description | + +===========+==========================================================+=============+ + | response | :ref:`response ` object | Block Page | + +-----------+----------------------------------------------------------+-------------+ .. _createccrule__response_response: -.. table:: **Table 10** response +.. table:: **Table 13** response - +--------------+--------+-------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +==============+========+===============================================================================+ - | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | - +--------------+--------+-------------------------------------------------------------------------------+ - | content | String | Contents | - +--------------+--------+-------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================+ + | content_type | String | Content type. The value can only be **application/json**, **text/html**, or **text/xml**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **application/json** | + | | | | + | | | - **text/html** | + | | | | + | | | - **text/xml** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | content | String | Block page information. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ -.. _createccrule__response_conditions: +.. _createccrule__response_tag_condition: -.. table:: **Table 11** conditions +.. table:: **Table 14** tag_condition - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================================================================================================================================================================================================================================+ - | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Parameter description: | - | | | | - | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | - | | | | - | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | - | | | | - | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | - | | | | - | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | - | | | | - | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------+------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +===========+==================+=====================================================+ + | category | String | User identifier. The value is fixed at **referer**. | + +-----------+------------------+-----------------------------------------------------+ + | contents | Array of strings | Content of the user identifier field. | + +-----------+------------------+-----------------------------------------------------+ **Status code: 400** -.. table:: **Table 12** Response body parameters +.. table:: **Table 15** Response body parameters ========== ====== ============= Parameter Type Description @@ -272,7 +516,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 13** Response body parameters +.. table:: **Table 16** Response body parameters ========== ====== ============= Parameter Type Description @@ -283,7 +527,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 14** Response body parameters +.. table:: **Table 17** Response body parameters ========== ====== ============= Parameter Type Description @@ -321,7 +565,6 @@ Request succeeded. .. code-block:: { - "aging_time" : 0, "description" : "", "id" : "a5f3fd28db564696b199228f0ac346b2", "limit_num" : 10, @@ -334,7 +577,9 @@ Request succeeded. "tag_type" : "ip", "timestamp" : 1656494435686, "total_num" : 0, + "aging_time" : 0, "unaggregation" : false, + "producer" : 1, "url" : "/path" } diff --git a/api-ref/source/apis/rule_management/creating_a_data_masking_rule.rst b/api-ref/source/apis/rule_management/creating_a_data_masking_rule.rst index 95778f2..26b009e 100644 --- a/api-ref/source/apis/rule_management/creating_a_data_masking_rule.rst +++ b/api-ref/source/apis/rule_management/creating_a_data_masking_rule.rst @@ -8,7 +8,7 @@ Creating a Data Masking Rule Function -------- -Creating a Data Masking Rule +This API is used to create a data masking rule. URI --- @@ -17,12 +17,13 @@ POST /v1/{project_id}/waf/policy/{policy_id}/privacy .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ Request Parameters ------------------ diff --git a/api-ref/source/apis/rule_management/creating_a_false_alarm_masking_rule.rst b/api-ref/source/apis/rule_management/creating_a_false_alarm_masking_rule.rst deleted file mode 100644 index c690099..0000000 --- a/api-ref/source/apis/rule_management/creating_a_false_alarm_masking_rule.rst +++ /dev/null @@ -1,279 +0,0 @@ -:original_name: CreateIgnoreRule.html - -.. _CreateIgnoreRule: - -Creating a False Alarm Masking Rule -=================================== - -Function --------- - -This API is used to create a false alarm masking rule. - -URI ---- - -POST /v1/{project_id}/waf/policy/{policy_id}/ignore - -.. table:: **Table 1** Path Parameters - - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - ========== ========= ====== =========== - -Request Parameters ------------------- - -.. table:: **Table 2** Request header parameters - - +-----------------+-----------------+-----------------+--------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+============================================+ - | X-Auth-Token | Yes | String | User token | - +-----------------+-----------------+-----------------+--------------------------------------------+ - | Content-Type | Yes | String | Content type | - | | | | | - | | | | Default: **application/json;charset=utf8** | - +-----------------+-----------------+-----------------+--------------------------------------------+ - -.. table:: **Table 3** Request body parameters - - +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ - | description | No | String | Provides supplementary information about the assignment. | - +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | Yes | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | - +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | rule | Yes | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | - | | | | | - | | | | - xss or sqli: XSS attacks | - | | | | | - | | | | - cmdi: Command injectionrobot: Malicious crawlers | - | | | | | - | | | | - lfi: Local file inclusion | - | | | | | - | | | | - rfi: Remote file inclusionwebshell: Website Trojans | - | | | | | - | | | | - cc: CC attacks -custom_custom: Precise protection | - | | | | | - | | | | - custom_whiteblackip: IP address blacklist and whitelist | - | | | | | - | | | | - custom_geoip: Geolocation access control | - | | | | | - | | | | - antitamper: Web tamper protection | - | | | | | - | | | | - anticrawler: Anti-crawler protection | - | | | | | - | | | | - leakage: Data leakage prevention | - | | | | | - | | | | - illegal: Illegal requests | - | | | | | - | | | | - vuln: Other attack types | - +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url_logic | Yes | String | URL match logic: | - | | | | | - | | | | - **equal**: full match | - | | | | | - | | | | - **prefix**: prefix match | - +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | domains | No | Array of strings | Protected domain name | - +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | advanced | No | :ref:`advanced ` object | advanced | - +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _createignorerule__request_advanced: - -.. table:: **Table 4** advanced - - +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+=====================================================================================================================================================================================================================================+ - | index | No | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | - | | | | | - | | | | - cookie: session cookie | - | | | | | - | | | | - header: header field | - | | | | | - | | | | - body: body field | - | | | | | - | | | | - multipart: multipart/form-data type data | - | | | | | - | | | | - params: parameter | - +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | content | No | String | Specified field (available only for param, cookie, and header) | - +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Response Parameters -------------------- - -**Status code: 200** - -.. table:: **Table 5** Response body parameters - - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+==============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ - | id | String | Rule ID. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Rule creation time. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Provides supplementary information about the assignment. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | rule | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | - | | | | - | | | - xss or sqli: XSS attacks | - | | | | - | | | - cmdi: Command injectionrobot: Malicious crawlers | - | | | | - | | | - lfi: Local file inclusion | - | | | | - | | | - rfi: Remote file inclusionwebshell: Website Trojans | - | | | | - | | | - cc: CC attacks -custom_custom: Precise protection | - | | | | - | | | - custom_whiteblackip: IP address blacklist and whitelist | - | | | | - | | | - custom_geoip: Geolocation access control | - | | | | - | | | - antitamper: Web tamper protection | - | | | | - | | | - anticrawler: Anti-crawler protection | - | | | | - | | | - leakage: Data leakage prevention | - | | | | - | | | - illegal: Illegal requests | - | | | | - | | | - vuln: Other attack types | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url_logic | String | URL match logic: | - | | | | - | | | - **equal**: full match | - | | | | - | | | - **prefix**: prefix match | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | domains | Array of strings | Protected domain name | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | advanced | :ref:`advanced ` object | advanced | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _createignorerule__response_advanced: - -.. table:: **Table 6** advanced - - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=====================================================================================================================================================================================================================================+ - | index | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | - | | | | - | | | - cookie: session cookie | - | | | | - | | | - header: header field | - | | | | - | | | - body: body field | - | | | | - | | | - multipart: multipart/form-data type data | - | | | | - | | | - params: parameter | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | content | String | Specified field (available only for param, cookie, and header) | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -**Status code: 400** - -.. table:: **Table 7** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -**Status code: 401** - -.. table:: **Table 8** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -**Status code: 500** - -.. table:: **Table 9** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -Example Requests ----------------- - -.. code-block:: text - - POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore? - - { - "domain" : [ "test3.th.com" ], - "rule" : "webshell", - "url_logic" : "equal", - "url" : "/demo", - "description" : "" - } - -Example Responses ------------------ - -**Status code: 200** - -Request succeeded. - -.. code-block:: - - { - "id" : "c20f67b3e1c040c0b0d8866e568ee8bf", - "policyid" : "a75e96d8284c4c4f98ada7d391e8342c", - "timestamp" : 1656507126528, - "description" : "", - "status" : 1, - "rule" : "webshell", - "url_logic" : "equal", - "url" : "/demo", - "domain" : [ "test3.th.com" ] - } - -Status Codes ------------- - -=========== ============================================= -Status Code Description -=========== ============================================= -200 Request succeeded. -400 Request failed. -401 The token does not have required permissions. -500 Internal server error. -=========== ============================================= - -Error Codes ------------ - -See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_geolocation_access_control_rule.rst b/api-ref/source/apis/rule_management/creating_a_geolocation_access_control_rule.rst index 233c1a7..7c0d002 100644 --- a/api-ref/source/apis/rule_management/creating_a_geolocation_access_control_rule.rst +++ b/api-ref/source/apis/rule_management/creating_a_geolocation_access_control_rule.rst @@ -17,12 +17,13 @@ POST /v1/{project_id}/waf/policy/{policy_id}/geoip .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -41,63 +42,67 @@ Request Parameters .. table:: **Table 3** Request body parameters - +-----------------+-----------------+-----------------+-------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+=======================================================+ - | geoip | Yes | String | Applicable regions. The value can be the region code. | - | | | | | - | | | | - CA: Canada | - | | | | | - | | | | - US: USA | - | | | | | - | | | | - AU: Australia | - | | | | | - | | | | - IN: India | - | | | | | - | | | | - JP: Japan | - | | | | | - | | | | - UK: United Kingdom | - | | | | | - | | | | - FR: France | - | | | | | - | | | | - DE: Germany | - | | | | | - | | | | - BR: Brazil | - | | | | | - | | | | - Ukraine: Ukraine | - | | | | | - | | | | - Pakistan: Pakistan | - | | | | | - | | | | - Palestine: Palestine | - | | | | | - | | | | - Israel: Israel | - | | | | | - | | | | - Iraq: Afghanistan | - | | | | | - | | | | - Libya: Libya | - | | | | | - | | | | - Turkey: Turkey | - | | | | | - | | | | - Thailand: Thailand | - | | | | | - | | | | - Singapore: Singapore | - | | | | | - | | | | - South Africa: South Africa | - | | | | | - | | | | - Mexico: Mexico | - | | | | | - | | | | - Peru: Peru | - +-----------------+-----------------+-----------------+-------------------------------------------------------+ - | white | Yes | Integer | Protective action. The value can be: | - | | | | | - | | | | - 0: WAF blocks the requests that hit the rule. | - | | | | | - | | | | - 1: WAF allows the requests that hit the rule. | - | | | | | - | | | | - 2: WAF only logs the requests that hit the rule. | - +-----------------+-----------------+-----------------+-------------------------------------------------------+ - | description | No | String | Rule description | - +-----------------+-----------------+-----------------+-------------------------------------------------------+ + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==================================================================================================================================+ + | geoip | Yes | String | Applicable regions. The value can be the region code. | + | | | | | + | | | | - CA: Canada | + | | | | | + | | | | - US: USA | + | | | | | + | | | | - AU: Australia | + | | | | | + | | | | - IN: India | + | | | | | + | | | | - JP: Japan | + | | | | | + | | | | - UK: United Kingdom | + | | | | | + | | | | - FR: France | + | | | | | + | | | | - DE: Germany | + | | | | | + | | | | - BR: Brazil | + | | | | | + | | | | - Ukraine: Ukraine | + | | | | | + | | | | - Pakistan: Pakistan | + | | | | | + | | | | - Palestine: Palestine | + | | | | | + | | | | - Israel: Israel | + | | | | | + | | | | - Iraq: Afghanistan | + | | | | | + | | | | - Libya: Libya | + | | | | | + | | | | - Turkey: Turkey | + | | | | | + | | | | - Thailand: Thailand | + | | | | | + | | | | - Singapore: Singapore | + | | | | | + | | | | - South Africa: South Africa | + | | | | | + | | | | - Mexico: Mexico | + | | | | | + | | | | - Peru: Peru | + | | | | | + | | | | - For more geographical location codes, see "Appendix - Geographic Location Codes." | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ + | white | Yes | Integer | Protective action. The value can be: | + | | | | | + | | | | - 0: WAF blocks the requests that hit the rule. | + | | | | | + | | | | - 1: WAF allows the requests that hit the rule. | + | | | | | + | | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ + | name | No | String | Rule name. Currently, the console does not support configuring names for geolocation access control rule. Ignore this parameter. | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ Response Parameters ------------------- @@ -106,75 +111,81 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+====================================================================+ - | id | String | Rule ID. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | geoip | String | Applicable regions. The value can be the region code. | - | | | | - | | | - CA: Canada | - | | | | - | | | - US: USA | - | | | | - | | | - AU: Australia | - | | | | - | | | - IN: India | - | | | | - | | | - JP: Japan | - | | | | - | | | - UK: United Kingdom | - | | | | - | | | - FR: France | - | | | | - | | | - DE: Germany | - | | | | - | | | - BR: Brazil | - | | | | - | | | - Ukraine: Ukraine | - | | | | - | | | - Pakistan: Pakistan | - | | | | - | | | - Palestine: Palestine | - | | | | - | | | - Israel: Israel | - | | | | - | | | - Iraq: Afghanistan | - | | | | - | | | - Libya: Libya | - | | | | - | | | - Turkey: Turkey | - | | | | - | | | - Thailand: Thailand | - | | | | - | | | - Singapore: Singapore | - | | | | - | | | - South Africa: South Africa | - | | | | - | | | - Mexico: Mexico | - | | | | - | | | - Peru: Peru | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | white | Integer | Protective action. The value can be: | - | | | | - | | | - 0: WAF blocks the requests that hit the rule. | - | | | | - | | | - 1: WAF allows the requests that hit the rule. | - | | | | - | | | - 2: WAF only logs the requests that hit the rule. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | description | String | Rule description | - +-----------------------+-----------------------+--------------------------------------------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Rule name. Currently, the console does not support configuring names for geolocation access control rule. Ignore this parameter. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoTagList | Array of strings | List of geographical locations hit the geolocation access control rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoip | String | Applicable regions. The value can be the region code. | + | | | | + | | | - CA: Canada | + | | | | + | | | - US: USA | + | | | | + | | | - AU: Australia | + | | | | + | | | - IN: India | + | | | | + | | | - JP: Japan | + | | | | + | | | - UK: United Kingdom | + | | | | + | | | - FR: France | + | | | | + | | | - DE: Germany | + | | | | + | | | - BR: Brazil | + | | | | + | | | - Ukraine: Ukraine | + | | | | + | | | - Pakistan: Pakistan | + | | | | + | | | - Palestine: Palestine | + | | | | + | | | - Israel: Israel | + | | | | + | | | - Iraq: Afghanistan | + | | | | + | | | - Libya: Libya | + | | | | + | | | - Turkey: Turkey | + | | | | + | | | - Thailand: Thailand | + | | | | + | | | - Singapore: Singapore | + | | | | + | | | - South Africa: South Africa | + | | | | + | | | - Mexico: Mexico | + | | | | + | | | - Peru: Peru | + | | | | + | | | - For more geographical location codes, see "Appendix - Geographic Location Codes." | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -237,9 +248,9 @@ Request succeeded. "timestamp" : 1650534513775, "description" : "demo", "status" : 1, + "geoTagList" : [ "BR" ], "geoip" : "BR", - "white" : 0, - "geoTagList" : [ "SH", "Afghanistan" ] + "white" : 0 } Status Codes diff --git a/api-ref/source/apis/rule_management/deleting_a_false_alarm_masking_rule.rst b/api-ref/source/apis/rule_management/creating_a_global_protection_whitelist_formerly_false_alarm_masking_rule.rst similarity index 58% rename from api-ref/source/apis/rule_management/deleting_a_false_alarm_masking_rule.rst rename to api-ref/source/apis/rule_management/creating_a_global_protection_whitelist_formerly_false_alarm_masking_rule.rst index 3d2ddf6..c1a1e20 100644 --- a/api-ref/source/apis/rule_management/deleting_a_false_alarm_masking_rule.rst +++ b/api-ref/source/apis/rule_management/creating_a_global_protection_whitelist_formerly_false_alarm_masking_rule.rst @@ -1,29 +1,29 @@ -:original_name: DeleteIgnoreRule.html +:original_name: CreateIgnoreRule.html -.. _DeleteIgnoreRule: +.. _CreateIgnoreRule: -Deleting a False Alarm Masking Rule -=================================== +Creating a Global Protection Whitelist (Formerly False Alarm Masking) Rule +========================================================================== Function -------- -This API is used to query a false alarm masking rule. +This API is used to create a global protection whitelist (formerly false alarm masking) rule. URI --- -DELETE /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} +POST /v1/{project_id}/waf/policy/{policy_id}/ignore .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -35,99 +35,161 @@ Request Parameters +=================+=================+=================+============================================+ | X-Auth-Token | Yes | String | User token | +-----------------+-----------------+-----------------+--------------------------------------------+ - | Content-Type | No | String | Content type | + | Content-Type | Yes | String | Content type | | | | | | | | | | Default: **application/json;charset=utf8** | +-----------------+-----------------+-----------------+--------------------------------------------+ +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=====================================================================================+================================================================================================================================================================================================================================================================================================================================================================================================================+ + | domain | Yes | Array of strings | Domain names to be protected. If the array length is **0**, this rule will take effect for all domain names that are protected by the policies this rule belongs to. | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Yes | Array of :ref:`CreateCondition ` objects | Condition list | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Yes | Integer | The value is fixed at **1**, indicating v2 false alarm masking rules. | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | Yes | String | Items to be masked. You can provide multiple items and separate them with semicolons (;). | + | | | | | + | | | | - If you want to disable a specific built-in rule for a domain name, the value of this parameter is the rule ID. When requests are blocked against a certain built-in rule while you do not want this rule to block requests later, you can query the rule in the **Events** page on the console and find its rule ID in the **Hit Rule** column. Then, you can disk the rule by its ID (including 6 digits). | + | | | | | + | | | | - If you want to mask a type of basic web protection rules, set this parameter to the name of the type of basic web protection rules. **xss**: XSS attacks **webshell**: Web shells **vuln**: Other types of attacks **sqli**: SQL injection attack **robot**: Malicious crawlers **rfi**: Remote file inclusion **lfi**: Local file inclusion **cmdi**: Command injection attack | + | | | | | + | | | | - To bypass the basic web protection, set this parameter to **all**. | + | | | | | + | | | | - To bypass all WAF protection, set this parameter to **bypass**. | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | No | Array of :ref:`Advanced ` objects | To ignore attacks of a specific field, specify the field in the Advanced settings area. After you add the rule, WAF will stop blocking attacks of the specified field. This parameter is not included if all modules are bypassed. | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Description of the rule | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createignorerule__request_createcondition: + +.. table:: **Table 4** CreateCondition + + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+=================================================================================================================================================================================================================================================================================================================================================================================+ + | category | No | String | Field type. The value can be **url**, **ip**, **params**, **cookie**, or **header**. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **url** | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Content. The array length is limited to **1**. The content format varies depending on the field type. For example, if the field type is **ip**, the value must be an IP address or IP address range. If the field type is **url**, the value must be in the standard URL format. IF the field type is **params**, **cookie**, or **header**, the content format is not limited. | + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | No | String | The matching logic varies depending on the field type. For example, if the field type is **ip**, the logic can be **equal** or **not_equal**. If the field type is **url**, **params**, **cookie**, or **header**, the logic can be **equal**, **not_equal**, **contain**, **not_contain**, **prefix**, **not_prefix**, **suffix**, **not_suffix**. | + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | No | String | If the field type is **ip** and the subfield is the client IP address, the **index** parameter is not required. If the subfield type is **X-Forwarded-For**, the value is **x-forwarded-for**; If the field type is **params**, **header**, or **cookie**, and the subfield is user-defined, the value of **index** is the user-defined subfield. | + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createignorerule__request_advanced: + +.. table:: **Table 5** Advanced + + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+=====================================================================================================================================+ + | index | No | String | Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. | + | | | | | + | | | | - When you select **Params**, **Cookie**, or **Header**, you can set this parameter to **all** or configure subfields as required. | + | | | | | + | | | | - When you select **Body** or **Multipart**, set this parameter to **all**. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Subfield of the specified field type. The default value is **all**. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + Response Parameters ------------------- **Status code: 200** -.. table:: **Table 3** Response body parameters +.. table:: **Table 6** Response body parameters - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+==============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ - | id | String | Rule ID. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Rule creation time. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Provides supplementary information about the assignment. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | rule | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | - | | | | - | | | - xss or sqli: XSS attacks | - | | | | - | | | - cmdi: Command injectionrobot: Malicious crawlers | - | | | | - | | | - lfi: Local file inclusion | - | | | | - | | | - rfi: Remote file inclusionwebshell: Website Trojans | - | | | | - | | | - cc: CC attacks -custom_custom: Precise protection | - | | | | - | | | - custom_whiteblackip: IP address blacklist and whitelist | - | | | | - | | | - custom_geoip: Geolocation access control | - | | | | - | | | - antitamper: Web tamper protection | - | | | | - | | | - anticrawler: Anti-crawler protection | - | | | | - | | | - leakage: Data leakage prevention | - | | | | - | | | - illegal: Illegal requests | - | | | | - | | | - vuln: Other attack types | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url_logic | String | URL match logic: | - | | | | - | | | - **equal**: full match | - | | | | - | | | - **prefix**: prefix match | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | domains | Array of strings | Protected domain name | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | advanced | :ref:`advanced ` object | advanced | - +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==========================================================================+================================================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule was created. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule Description | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | String | Items to be masked. You can provide multiple items and separate them with semicolons (;). | + | | | | + | | | - If you want to disable a specific built-in rule for a domain name, the value of this parameter is the rule ID. When requests are blocked against a certain built-in rule while you do not want this rule to block requests later, you can query the rule in the **Events** page on the console and find its rule ID in the **Hit Rule** column. Then, you can disk the rule by its ID (including 6 digits). | + | | | | + | | | - If you want to mask a type of basic web protection rules, set this parameter to the name of the type of basic web protection rules. **xss**: XSS attacks **webshell**: Web shells **vuln**: Other types of attacks **sqli**: SQL injection attack **robot**: Malicious crawlers **rfi**: Remote file inclusion **lfi**: Local file inclusion **cmdi**: Command injection attack | + | | | | + | | | - To bypass the basic web protection, set this parameter to **all**. | + | | | | + | | | - To bypass all WAF protection, set this parameter to **bypass**. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | The value is fixed at **1**, indicating v2 false alarm masking rules are used. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`Condition ` objects | Condition list | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | Array of :ref:`Advanced ` objects | Advanced settings | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domain | Array of strings | Domain names to be protected. If the array length is **0**, this rule will take effect for all domain names that are protected by the policies this rule belongs to. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. _deleteignorerule__response_advanced: +.. _createignorerule__response_condition: -.. table:: **Table 4** advanced +.. table:: **Table 7** Condition - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=====================================================================================================================================================================================================================================+ - | index | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | - | | | | - | | | - cookie: session cookie | - | | | | - | | | - header: header field | - | | | | - | | | - body: body field | - | | | | - | | | - multipart: multipart/form-data type data | - | | | | - | | | - params: parameter | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | content | String | Specified field (available only for param, cookie, and header) | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=========================+==================+=====================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **ip**, **url**, **params**, **cookie**, or **header**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address range. If the field type is url, the value must be a URL in standard format. If the field type is params, cookie, or header, the content format is not limited. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | The matching logic varies depending on the field type. For example, if the field type is **ip**, the logic can be **equal** or **not_equal**. If the field type is **url**, **params**, **cookie**, or **header**, the logic can be **equal**, **not_equal**, **contain**, **not_contain**, **prefix**, **not_prefix**, **suffix**, **not_suffix**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | check_all_indexes_logic | Integer | This parameter is reserved and can be ignored. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | If the field type is **ip** and the subfield is the client IP address, the **index** parameter does not exist. If the subfield type is **X-Forwarded-For**, the value is **x-forwarded-for**. If the field type is **params**, **header**, or **cookie**, and the subfield is user-defined, the value of **index** is the user-defined subfield. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createignorerule__response_advanced: + +.. table:: **Table 8** Advanced + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================+ + | index | String | Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. | + | | | | + | | | - When you select **Params**, **Cookie**, or **Header**, you can set this parameter to **all** or configure subfields as required. | + | | | | + | | | - When you select **Body** or **Multipart**, set this parameter to **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Subfield of the specified field type. The default value is **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** -.. table:: **Table 5** Response body parameters +.. table:: **Table 9** Response body parameters ========== ====== ============= Parameter Type Description @@ -138,7 +200,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 6** Response body parameters +.. table:: **Table 10** Response body parameters ========== ====== ============= Parameter Type Description @@ -149,7 +211,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 7** Response body parameters +.. table:: **Table 11** Response body parameters ========== ====== ============= Parameter Type Description @@ -163,7 +225,20 @@ Example Requests .. code-block:: text - DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore? + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore? + + { + "domain" : [ "www.example.com" ], + "mode" : 1, + "description" : "", + "conditions" : [ { + "category" : "ip", + "logic_operation" : "equal", + "index" : null, + "contents" : [ "x.x.x.x" ] + } ], + "rule" : "091004" + } Example Responses ----------------- @@ -175,15 +250,19 @@ Request succeeded. .. code-block:: { - "id" : "c20f67b3e1c040c0b0d8866e568ee8bf", - "policyid" : "a75e96d8284c4c4f98ada7d391e8342c", - "timestamp" : 1656507126528, - "description" : "", + "id" : "40484384970948d79fffe4e4ae1fc54d", + "policyid" : "f385eceedf7c4c34a4d1def19eafbe85", + "timestamp" : 1650512535222, + "description" : "demo", "status" : 1, - "domain" : [ "test3.th.com" ], - "rule" : "webshell", - "url_logic" : "equal", - "url" : "/demo" + "rule" : "091004", + "mode" : 1, + "conditions" : [ { + "category" : "ip", + "contents" : [ "x.x.x.x" ], + "logic_operation" : "equal" + } ], + "domain" : [ "www.example.com" ] } Status Codes diff --git a/api-ref/source/apis/rule_management/creating_a_javascript_anti-crawler_rule.rst b/api-ref/source/apis/rule_management/creating_a_javascript_anti-crawler_rule.rst new file mode 100644 index 0000000..25d38c4 --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_a_javascript_anti-crawler_rule.rst @@ -0,0 +1,218 @@ +:original_name: CreateAnticrawlerRule.html + +.. _CreateAnticrawlerRule: + +Creating a JavaScript Anti-Crawler Rule +======================================= + +Function +-------- + +This API is used to create a JavaScript anti-crawler rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/anticrawler + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=========================================================================================================================================================================================================================================+ + | project_id | Yes | String | Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose **My Credentials**. Then, in the **Projects** area, view **Project ID** of the corresponding project. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | ID of a protection policy. You can specify a protection policy ID to query the rules used in the protection policy. You can obtain the policy ID by calling the **ListPolicy** API. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=======================+===========+========+============================================================================+ + | enterprise_project_id | No | String | You can obtain the ID by calling the **ListEnterpriseProject** API of EPS. | + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==============================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of **X-Subject-Token** in the response header). | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 4** Request body parameters + + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+================================================================================================+ + | url | Yes | String | URL to which the rule applies. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------+ + | logic | Yes | Integer | Rule matching logic | + | | | | | + | | | | - **1**: Include | + | | | | | + | | | | - **2**: Not include | + | | | | | + | | | | - **3**: Equal | + | | | | | + | | | | - **4**: Not equal | + | | | | | + | | | | - **5**: Prefix is | + | | | | | + | | | | - **6**: Prefix is not | + | | | | | + | | | | - **7**: Suffix is | + | | | | | + | | | | - **8**: Suffix is not | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------+ + | name | Yes | String | Rule name. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------+ + | type | Yes | String | JavaScript anti-crawler rule type. | + | | | | | + | | | | - **anticrawler_specific_url**: used to protect a specific path specified by the rule. | + | | | | | + | | | | - **anticrawler_except_url**: used to protect all paths except the one specified by the rule. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 5** Response body parameters + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | id | String | Rule ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | logic | Integer | Rule matching logic | + | | | | + | | | - **1**: Include | + | | | | + | | | - **2**: Not include | + | | | | + | | | - **3**: Equal | + | | | | + | | | - **4**: Not equal | + | | | | + | | | - **5**: Prefix is | + | | | | + | | | - **6**: Prefix is not | + | | | | + | | | - **7**: Suffix is | + | | | | + | | | - **8**: Suffix is not | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | type | String | JavaScript anti-crawler rule type. | + | | | | + | | | - **anticrawler_specific_url**: used to protect a specific path specified by the rule. | + | | | | + | | | - **anticrawler_except_url**: used to protect all paths except the one specified by the rule. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/anticrawler? + + { + "url" : "/patent/id", + "logic" : 3, + "name" : "test2", + "type" : "anticrawler_except_url" + } + +Example Responses +----------------- + +**Status code: 200** + +ok + +.. code-block:: + + { + "id" : "607d14b8153540c0af51a00fe2140d05", + "policyid" : "777716e0b7b84b5192b9d373f7c6d4f0", + "name" : "test2", + "timestamp" : 1675152776784, + "status" : 1, + "url" : "/patent/id", + "logic" : 1, + "type" : "anticrawler_except_url" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 ok +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_known_attack_source_rule.rst b/api-ref/source/apis/rule_management/creating_a_known_attack_source_rule.rst new file mode 100644 index 0000000..d3e3332 --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_a_known_attack_source_rule.rst @@ -0,0 +1,166 @@ +:original_name: CreatePunishmentRules.html + +.. _CreatePunishmentRules: + +Creating a Known Attack Source Rule +=================================== + +Function +-------- + +This API is used to create a known attack source rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/punishment + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | project_id | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================================================================================================================================================================================================================+ + | category | Yes | String | Type of the know attack source rule. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **long_ip_block** | + | | | | | + | | | | - **long_cookie_block** | + | | | | | + | | | | - **long_params_block** | + | | | | | + | | | | - **short_ip_block** | + | | | | | + | | | | - **short_cookie_block** | + | | | | | + | | | | - **short_params_block** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_time | Yes | Integer | Block duration, in seconds. If prefix **long** is selected for the rule type, the value for **block_time** ranges from **301** to **1800**. If prefix **short** is selected for the rule type, the value for **block_time** ranges from **0** to **300**. | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Description | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + =========== ======= ==================================== + Parameter Type Description + =========== ======= ==================================== + id String Rule ID + policyid String Policy ID + block_time Integer Block duration, in seconds. + category String Type of the know attack source rule. + description String Description + timestamp Long Timestamp the rule is created. + =========== ======= ==================================== + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/punishment? + + { + "category" : "long_ip_block", + "block_time" : "1233", + "description" : "demo" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "block_time" : 1233, + "category" : "long_ip_block", + "description" : "demo", + "id" : "2c3afdcc982b429da4f72ee483aece3e", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668148186106 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_precise_protection_rule.rst b/api-ref/source/apis/rule_management/creating_a_precise_protection_rule.rst index e619a80..d0af1a9 100644 --- a/api-ref/source/apis/rule_management/creating_a_precise_protection_rule.rst +++ b/api-ref/source/apis/rule_management/creating_a_precise_protection_rule.rst @@ -17,13 +17,13 @@ POST /v1/{project_id}/waf/policy/{policy_id}/custom .. table:: **Table 1** Path Parameters - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +============+===========+========+================================================================================+ - | project_id | Yes | String | Project ID | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | - +------------+-----------+--------+--------------------------------------------------------------------------------+ + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -45,7 +45,7 @@ Request Parameters +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Parameter | Mandatory | Type | Description | +=================+=================+========================================================================================+====================================================================================================================================================================================+ - | time | No | Boolean | Time the precise protection rule takes effect. | + | time | Yes | Boolean | Time the precise protection rule takes effect. | | | | | | | | | | - false: The rule takes effect immediately. | | | | | | @@ -59,46 +59,136 @@ Request Parameters +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | conditions | No | Array of :ref:`CustomConditions ` objects | Match condition List | +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | No | :ref:`CustomAction ` object | Protective action of the precise protection rule. | + | action | Yes | :ref:`CustomAction ` object | Protective action of the precise protection rule. | +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | priority | No | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | + | priority | Yes | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createcustomrules__request_customconditions: .. table:: **Table 4** CustomConditions - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+==================+=============================================================================================================================================================================================================+ - | category | No | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | No | String | Subfield | - | | | | | - | | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | - | | | | | - | | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | No | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | No | Array of strings | Condition content for matching the rule | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | value_list_id | No | String | ID of the reference table | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+============================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | No | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **url** | + | | | | | + | | | | - **user-agent** | + | | | | | + | | | | - **referer** | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **method** | + | | | | | + | | | | - **request_line** | + | | | | | + | | | | - **request** | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | No | String | Subfield | + | | | | | + | | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | | + | | | | - When the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | No | String | Logic for matching the condition. | + | | | | | + | | | | - If the category is **url**, **user-agent** or **referer** , the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal | + | | | | | + | | | | - If the category is **ip**, the optional operations are: equal, not_equal, , equal_any and not_equal_all | + | | | | | + | | | | - If the category is **method**, the optional operations are: equal and not_equal | + | | | | | + | | | | - If the category is **request_line** and **request**, the optional operations are: len_greater, len_less, len_equal and len_not_equal | + | | | | | + | | | | - If the category is **params**, **header**, and **cookie**, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **contain** | + | | | | | + | | | | - **not_contain** | + | | | | | + | | | | - **equal** | + | | | | | + | | | | - **not_equal** | + | | | | | + | | | | - **prefix** | + | | | | | + | | | | - **not_prefix** | + | | | | | + | | | | - **suffix** | + | | | | | + | | | | - **not_suffix** | + | | | | | + | | | | - **contain_any** | + | | | | | + | | | | - **not_contain_all** | + | | | | | + | | | | - **equal_any** | + | | | | | + | | | | - **not_equal_all** | + | | | | | + | | | | - **prefix_any** | + | | | | | + | | | | - **not_prefix_all** | + | | | | | + | | | | - **suffix_any** | + | | | | | + | | | | - **not_suffix_all** | + | | | | | + | | | | - **num_greater** | + | | | | | + | | | | - **num_less** | + | | | | | + | | | | - **num_equal** | + | | | | | + | | | | - **num_not_equal** | + | | | | | + | | | | - **exist** | + | | | | | + | | | | - **not_exist** | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Content of the conditions. This parameter is mandatory when the suffix of **logic_operation** is not any or all. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | No | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of **logic_operation** is any or all. The reference table type must be the same as the category type. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createcustomrules__request_customaction: .. table:: **Table 5** CustomAction - +-----------------+-----------------+-----------------+-------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+===============================+ - | category | No | String | Action type. | - | | | | | - | | | | - block: WAF blocks attacks. | - | | | | | - | | | | - pass: WAF allows requests. | - +-----------------+-----------------+-----------------+-------------------------------+ + +--------------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +====================+=================+=================+================================================================================================================+ + | category | Yes | String | Operation type | + | | | | | + | | | | - **block**: WAF blocks attacks. | + | | | | | + | | | | - **pass**: WAF allows requests. | + | | | | | + | | | | - **log**: WAF only logs detected attacks. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **block** | + | | | | | + | | | | - **pass** | + | | | | | + | | | | - **log** | + +--------------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------+ + | followed_action_id | No | String | ID of a known attack source rule. This parameter can be configured only when **category** is set to **block**. | + +--------------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------+ Response Parameters ------------------- @@ -126,8 +216,6 @@ Response Parameters +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action_mode | Boolean | This parameter is reserved and can be ignored. | - +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | timestamp | Long | Timestamp when the precise protection rule is created. | @@ -136,40 +224,136 @@ Response Parameters +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createcustomrules__response_conditions: .. table:: **Table 7** conditions - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=============================================================================================================================================================================================================+ - | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Subfield | - | | | | - | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | - | | | | - | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **url** | + | | | | + | | | - **user-agent** | + | | | | + | | | - **ip** | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **referer** | + | | | | + | | | - **header** | + | | | | + | | | - **request_line** | + | | | | + | | | - **method** | + | | | | + | | | - **request** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - When the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **len_greater** | + | | | | + | | | - **len_less** | + | | | | + | | | - **len_equal** | + | | | | + | | | - **len_not_equal** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is available only when a reference table is used when a protection rule is created. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _createcustomrules__response_customaction: .. table:: **Table 8** CustomAction - +-----------------------+-----------------------+-------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================+ - | category | String | Action type. | - | | | | - | | | - block: WAF blocks attacks. | - | | | | - | | | - pass: WAF allows requests. | - +-----------------------+-----------------------+-------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================================+ + | category | String | Operation type | + | | | | + | | | - **block**: WAF blocks attacks. | + | | | | + | | | - **pass**: WAF allows requests. | + | | | | + | | | - **log**: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **pass** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | followed_action_id | String | ID of a known attack source rule. This parameter can be configured only when **category** is set to **block**. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -212,20 +396,18 @@ Example Requests POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/custom?enterprise_project_id=0 { - "description": "", - "action": { - "category": "block" - }, - "priority": 50, - "conditions": [ - { - "category": "header", - "logic_operation": "contain", - "index": "demo" - "content" ["demo"] - } - ], - "time": false + "action" : { + "category" : "block" + }, + "time" : false, + "priority" : 50, + "description" : "", + "conditions" : [ { + "category" : "url", + "logic_operation" : "contain", + "index" : null, + "contents" : [ "test" ] + } ] } Example Responses @@ -238,26 +420,24 @@ Request succeeded. .. code-block:: { - "items" : [ { - "action" : { - "category" : "block" - }, - "action_mode" : false, - "aging_time" : 0, - "conditions" : [ { - "category" : "header", - "index" : "demo", - "logic_operation" : "contain", - "content" : [ "demo" ] - } ], - "description" : "", - "id" : "2a3caa2bc9814c09ad73d02e3485b4a4", - "policyid" : "1f016cde588646aca3fb19f277c44d03", - "priority" : 50, - "status" : 1, - "time" : false, - "timestamp" : 1656495488880 - } ] + "id" : "88e8bf4158324b2d9a233e7ffb95516d", + "policyid" : "dde63c25e8394b21b16a2a49a99e659b", + "timestamp" : 1678799936830, + "description" : "", + "status" : 1, + "time" : false, + "priority" : 50, + "action_mode" : false, + "conditions" : [ { + "category" : "url", + "contents" : [ "test" ], + "logic_operation" : "contain" + } ], + "action" : { + "category" : "block" + }, + "producer" : 1, + "aging_time" : 0 } Status Codes diff --git a/api-ref/source/apis/rule_management/adding_a_reference_table.rst b/api-ref/source/apis/rule_management/creating_a_reference_table.rst similarity index 81% rename from api-ref/source/apis/rule_management/adding_a_reference_table.rst rename to api-ref/source/apis/rule_management/creating_a_reference_table.rst index d53ef55..7be282a 100644 --- a/api-ref/source/apis/rule_management/adding_a_reference_table.rst +++ b/api-ref/source/apis/rule_management/creating_a_reference_table.rst @@ -2,8 +2,8 @@ .. _CreateValueList: -Adding a Reference Table -======================== +Creating a Reference Table +========================== Function -------- @@ -45,7 +45,7 @@ Request Parameters +=================+=================+==================+==========================================================================================================================================================+ | name | Yes | String | Reference table name. The value can contain a maximum of 64 characters. Only digits, letters, hyphens (-), underscores (_), and periods (.) are allowed. | +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | type | Yes | String | Reference table type. For details, see the enumeration list | + | type | Yes | String | Reference table type. For details, see the enumeration values as followed. | | | | | | | | | | Enumeration values: | | | | | | @@ -67,7 +67,7 @@ Request Parameters | | | | | | | | | - **response_header** | | | | | | - | | | | - **resopnse_body** | + | | | | - **response_body** | +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ | values | Yes | Array of strings | Value of the reference table | +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -79,39 +79,47 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+-----------------------+------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+==============================+ - | id | String | ID of a reference table | - +-----------------------+-----------------------+------------------------------+ - | name | String | Reference table name | - +-----------------------+-----------------------+------------------------------+ - | type | String | The value can be: | - | | | | - | | | - url | - | | | | - | | | - params | - | | | | - | | | - ip | - | | | | - | | | - cookie | - | | | | - | | | - referer | - | | | | - | | | - user-agent | - | | | | - | | | - header | - | | | | - | | | - response_code | - | | | | - | | | - response_header | - | | | | - | | | - response_body | - +-----------------------+-----------------------+------------------------------+ - | timestamp | String | Reference table timestamp | - +-----------------------+-----------------------+------------------------------+ - | values | Array of strings | Value of the reference table | - +-----------------------+-----------------------+------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==========================================================+ + | id | String | ID of a reference table | + +-----------------------+-----------------------+----------------------------------------------------------+ + | name | String | Reference table name | + +-----------------------+-----------------------+----------------------------------------------------------+ + | type | String | The value can be: | + | | | | + | | | - url | + | | | | + | | | - params | + | | | | + | | | - ip | + | | | | + | | | - cookie | + | | | | + | | | - referer | + | | | | + | | | - user-agent | + | | | | + | | | - header | + | | | | + | | | - response_code | + | | | | + | | | - response_header | + | | | | + | | | - response_body | + +-----------------------+-----------------------+----------------------------------------------------------+ + | timestamp | String | Reference table timestamp | + +-----------------------+-----------------------+----------------------------------------------------------+ + | values | Array of strings | Value of the reference table | + +-----------------------+-----------------------+----------------------------------------------------------+ + | description | String | Reference table description | + +-----------------------+-----------------------+----------------------------------------------------------+ + | producer | Integer | This parameter is reserved and can be ignored currently. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **1** | + +-----------------------+-----------------------+----------------------------------------------------------+ **Status code: 400** diff --git a/api-ref/source/apis/rule_management/creating_a_web_tamper_protection_rule.rst b/api-ref/source/apis/rule_management/creating_a_web_tamper_protection_rule.rst index 78da4f1..a3208a6 100644 --- a/api-ref/source/apis/rule_management/creating_a_web_tamper_protection_rule.rst +++ b/api-ref/source/apis/rule_management/creating_a_web_tamper_protection_rule.rst @@ -17,12 +17,13 @@ POST /v1/{project_id}/waf/policy/{policy_id}/antitamper .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -58,27 +59,27 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+-----------------------+---------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=========================================================+ - | id | String | Rule ID. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------+---------------------------------------------------------+ - | timestamp | Long | Timestamp | - +-----------------------+-----------------------+---------------------------------------------------------+ - | description | String | Rule description. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | hostname | String | Domain name protected by the web tamper protection rule | - +-----------------------+-----------------------+---------------------------------------------------------+ - | url | String | URL for the web tamper protection rule. | - +-----------------------+-----------------------+---------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | The domain name of the website protected with the web tamper protection rule. The domain name is in the format of xxx.xxx.com, such as www.example.com. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL for the web tamper protection rule. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** diff --git a/api-ref/source/apis/rule_management/creating_an_information_leakage_protection_rule.rst b/api-ref/source/apis/rule_management/creating_an_information_leakage_protection_rule.rst new file mode 100644 index 0000000..1888a8a --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_an_information_leakage_protection_rule.rst @@ -0,0 +1,201 @@ +:original_name: CreateAntileakageRules.html + +.. _CreateAntileakageRules: + +Creating an Information Leakage Protection Rule +=============================================== + +Function +-------- + +This API is used to create an infroamtion leakage protection rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/antileakage + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | project_id | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+===================================================================================================================================================================================+ + | url | Yes | String | URL to which the rule applies. | + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | category | Yes | String | Sensitive information type in the information leakage prevention rule. | + | | | | | + | | | | - **sensitive**: The rule masks sensitive user information, such as ID code, phone numbers, and email addresses. | + | | | | | + | | | | - **code**: The rule blocks response pages of specified HTTP response code. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **code** | + | | | | | + | | | | - **sensitive** | + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Yes | Array of strings | Content corresponding to the sensitive information type. Multiple options can be set. | + | | | | | + | | | | - When **category** is set to **code**, the pages that contain the following HTTP response codes will be blocked: 400, 401, 402, 403, 404, 405, 500, 501, 502, 503, 504 and 507. | + | | | | | + | | | | - When **category** is set to **sensitive**, parameters **phone**, **id_card**, and **email** can be set. | + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Description | + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===================================================================================================================================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | category | String | Sensitive information type in the information leakage prevention rule. | + | | | | + | | | - **sensitive**: The rule masks sensitive user information, such as ID code, phone numbers, and email addresses. | + | | | | + | | | - **code**: The rule blocks response pages of specified HTTP response code. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **code** | + | | | | + | | | - **sensitive** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content corresponding to the sensitive information type. Multiple options can be set. | + | | | | + | | | - When **category** is set to **code**, the pages that contain the following HTTP response codes will be blocked: 400, 401, 402, 403, 404, 405, 500, 501, 502, 503, 504 and 507. | + | | | | + | | | - When **category** is set to **sensitive**, parameters **phone**, **id_card**, and **email** can be set. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **0** | + | | | | + | | | - **1** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antileakage? + + { + "url" : "/attack", + "category" : "sensitive", + "contents" : [ "id_card" ] + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "82c4f04f84fd4b2b9ba4b4ea0df8ee82", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668152426471, + "description" : "demo", + "status" : 1, + "url" : "/attack", + "category" : "sensitive", + "contents" : [ "id_card" ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_blacklist_or_whitelist_rule.rst b/api-ref/source/apis/rule_management/deleting_a_blacklist_or_whitelist_rule.rst index e60e150..898b8f0 100644 --- a/api-ref/source/apis/rule_management/deleting_a_blacklist_or_whitelist_rule.rst +++ b/api-ref/source/apis/rule_management/deleting_a_blacklist_or_whitelist_rule.rst @@ -17,13 +17,15 @@ DELETE /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=========================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the blacklist or whitelist rule. It can be obtained by calling the **ListWhiteblackipRules** API. | + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -35,7 +37,7 @@ Request Parameters +=================+=================+=================+============================================+ | X-Auth-Token | Yes | String | User Token. | +-----------------+-----------------+-----------------+--------------------------------------------+ - | Content-Type | Yes | String | Content type | + | Content-Type | No | String | Content type | | | | | | | | | | Default: **application/json;charset=utf8** | +-----------------+-----------------+-----------------+--------------------------------------------+ @@ -52,6 +54,8 @@ Response Parameters +=======================+=======================+=====================================================+ | id | String | Rule ID | +-----------------------+-----------------------+-----------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+-----------------------------------------------------+ | policyid | String | Policy ID. | +-----------------------+-----------------------+-----------------------------------------------------+ | timestamp | Long | Rule creation time | @@ -64,7 +68,7 @@ Response Parameters | | | | | | | - 1: The rule is enabled. | +-----------------------+-----------------------+-----------------------------------------------------+ - | addr | String | lacklisted or whitelisted IP addresses | + | addr | String | Blacklisted or whitelisted IP addresses | +-----------------------+-----------------------+-----------------------------------------------------+ | white | Integer | Protective action. The value can be: | | | | | @@ -74,6 +78,8 @@ Response Parameters | | | | | | | - 2: WAF only logs the requests that hit the rule. | +-----------------------+-----------------------+-----------------------------------------------------+ + | followed_action_id | String | ID of the known attack source rule. | + +-----------------------+-----------------------+-----------------------------------------------------+ **Status code: 400** diff --git a/api-ref/source/apis/rule_management/deleting_a_cc_attack_protection_rule.rst b/api-ref/source/apis/rule_management/deleting_a_cc_attack_protection_rule.rst index b1726f3..0c4b424 100644 --- a/api-ref/source/apis/rule_management/deleting_a_cc_attack_protection_rule.rst +++ b/api-ref/source/apis/rule_management/deleting_a_cc_attack_protection_rule.rst @@ -17,15 +17,15 @@ DELETE /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} .. table:: **Table 1** Path Parameters - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +============+===========+========+================================================================================+ - | project_id | Yes | String | Content type. | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | rule_id | Yes | String | ccRuleId | - +------------+-----------+--------+--------------------------------------------------------------------------------+ + +------------+-----------+--------+---------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+===========================================================================+ + | project_id | Yes | String | project ID | + +------------+-----------+--------+---------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+---------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the cc rule. It can be obtained by calling the **ListCcRules** API. | + +------------+-----------+--------+---------------------------------------------------------------------------+ Request Parameters ------------------ @@ -49,137 +49,244 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+========================================================================+========================================================================================================================================================================+ - | id | String | Rule ID. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | - | | | | - | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | - | | | | - | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | mode | Integer | Mode. | - | | | | - | | | - **0**: Standard. | - | | | | - | | | - **1**: Advanced | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_period | String | Rate limiting period | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tag_type | String | Protection mode. | - | | | | - | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | - | | | | - | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | - | | | | - | | | - other: A website visitor is identified by the Referer field (user-defined request source). | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be **0** or **1**. | - | | | | - | | | - **0**: The rule is disabled. | - | | | | - | | | - **1**: The rule is enabled. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Rule description | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Time the rule is created. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==========================================================================+==============================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard. | + | | | | + | | | - **1**: Advanced. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`CcCondition ` objects | Rate limit conditions of the CC attack protection rule. This parameter is mandatory when the CC attack protection rule is in advanced mode (i.e. the value of **mode** is **1**). | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Protection action to take if the number of requests reaches the upper limit. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Rate limit mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | + | | | | + | | | Enumeration values: | + | | | | + | | | - **ip** | + | | | | + | | | - **other** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_index | String | User identifier. This parameter is mandatory when the rate limit mode is set to **user** (cookie or header). | + | | | | + | | | - **cookie**: Set the cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported. For example, if a website uses the name field in the cookie to uniquely identify a website visitor, select name. | + | | | | + | | | - **header**: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_condition | :ref:`tag_condition ` object | User tag. This parameter is mandatory when the rate limit mode is set to **other**. - **other**: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | Integer | Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | Integer | Rate limit period, in seconds. The value ranges from 1 to 3,600. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unlock_num | Integer | Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. This parameter is required only when the protection action type is **dynamic_block**. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | Integer | Block duration, in seconds. The value ranges from 0 to 65,535. Specifies the period within which access is blocked. An error page is displayed in this period. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | total_num | Integer | This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unaggregation | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deleteccrule__response_cccondition: + +.. table:: **Table 4** CcCondition + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **url**, **ip**, **params**, **cookie**, or **header**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **url** | + | | | | + | | | - **ip** | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | - If the category is **url**, the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal | + | | | | + | | | - If the category is **ip**, the optional operations are: equal, not_equal, , equal_any and not_equal_all | + | | | | + | | | - If the category is **params**, **cookie** and **header**, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. This parameter is mandatory when the suffix of **logic_operation** is not any or all. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of **logic_operation** is any or all. The reference table type must be the same as the category type. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield. When **category** is set to params, cookie, or header, set this parameter based on site requirements. This parameter is mandatory. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _deleteccrule__response_action: -.. table:: **Table 4** action +.. table:: **Table 5** action - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================+ - | category | String | Action type: | - | | | | - | | | - **block**: WAF blocks discovered attacks. | - | | | | - | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | - | | | | - | | | - If **tag_type** is set to **other**, the value can only be **block**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | detail | String | Action details. If detail is null, the default block page is displayed by default. | - | | | | - | | | - This parameter cannot be included when **category** is set to **captcha**. | - | | | | - | | | - This parameter is required when **category** is set to **block**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+======================================================+==========================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - **block**: WAF blocks the requests. When **tag_type** is set to **other**, the value can only be **block**. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **dynamic_block**: In the previous rate limit period, if the request frequency exceeds the value of Rate Limit Frequency, the request is blocked. In the next rate limit period, if the request frequency exceeds the value of Permit Frequency, the request is still blocked. Note: The **dynamic_block** protection action can be set only when the advanced protection mode is enabled for the CC protection rule. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **captcha** | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + | | | | + | | | - **dynamic_block** | + +-----------------------+------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | :ref:`detail ` object | Block page information. When protection action **category** is set to **block** or **dynamic_block**, you need to set the returned block page. | + | | | | + | | | - If you want to use the default block page, this parameter can be excluded. | + | | | | + | | | - If you want to use a custom block page, set this parameter. | + +-----------------------+------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. table:: **Table 5** detail +.. _deleteccrule__response_detail: - +-----------+----------------------------------------------------------+----------------+ - | Parameter | Type | Description | - +===========+==========================================================+================+ - | response | :ref:`response ` object | Returned page. | - +-----------+----------------------------------------------------------+----------------+ +.. table:: **Table 6** detail + + +-----------+----------------------------------------------------------+-------------+ + | Parameter | Type | Description | + +===========+==========================================================+=============+ + | response | :ref:`response ` object | Block Page | + +-----------+----------------------------------------------------------+-------------+ .. _deleteccrule__response_response: -.. table:: **Table 6** response +.. table:: **Table 7** response - +--------------+--------+-------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +==============+========+===============================================================================+ - | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | - +--------------+--------+-------------------------------------------------------------------------------+ - | content | String | Contents | - +--------------+--------+-------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================+ + | content_type | String | Content type. The value can only be **application/json**, **text/html**, or **text/xml**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **application/json** | + | | | | + | | | - **text/html** | + | | | | + | | | - **text/xml** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | content | String | Block page information. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ -.. _deleteccrule__response_conditions: +.. _deleteccrule__response_tag_condition: -.. table:: **Table 7** conditions +.. table:: **Table 8** tag_condition - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================================================================================================================================================================================================================================+ - | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Parameter description: | - | | | | - | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | - | | | | - | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | - | | | | - | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | - | | | | - | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | - | | | | - | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------+------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +===========+==================+=====================================================+ + | category | String | User identifier. The value is fixed at **referer**. | + +-----------+------------------+-----------------------------------------------------+ + | contents | Array of strings | Content of the user identifier field. | + +-----------+------------------+-----------------------------------------------------+ **Status code: 400** -.. table:: **Table 8** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -**Status code: 401** - .. table:: **Table 9** Response body parameters ========== ====== ============= @@ -189,7 +296,7 @@ Response Parameters error_msg String Error message ========== ====== ============= -**Status code: 500** +**Status code: 401** .. table:: **Table 10** Response body parameters @@ -200,6 +307,17 @@ Response Parameters error_msg String Error message ========== ====== ============= +**Status code: 500** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + Example Requests ---------------- @@ -217,7 +335,6 @@ Request succeeded. .. code-block:: { - "aging_time" : 0, "description" : "", "id" : "a5f3fd28db564696b199228f0ac346b2", "limit_num" : 10, @@ -226,12 +343,13 @@ Request succeeded. "mode" : 0, "policyid" : "1f016cde588646aca3fb19f277c44d03", "prefix" : false, - "producer" : 1, "status" : 1, "tag_type" : "ip", "timestamp" : 1656494435686, "total_num" : 0, + "aging_time" : 0, "unaggregation" : false, + "producer" : 1, "url" : "/path1" } diff --git a/api-ref/source/apis/rule_management/deleting_a_data_masking_rule.rst b/api-ref/source/apis/rule_management/deleting_a_data_masking_rule.rst index 6e576e2..327d81f 100644 --- a/api-ref/source/apis/rule_management/deleting_a_data_masking_rule.rst +++ b/api-ref/source/apis/rule_management/deleting_a_data_masking_rule.rst @@ -17,13 +17,15 @@ DELETE /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==========================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the data masking rule. It can be obtained by calling the **ListPrivacyRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -35,7 +37,7 @@ Request Parameters +=================+=================+=================+============================================+ | X-Auth-Token | Yes | String | auth token | +-----------------+-----------------+-----------------+--------------------------------------------+ - | Content-Type | Yes | String | Content type | + | Content-Type | No | String | Content type | | | | | | | | | | Default: **application/json;charset=utf8** | +-----------------+-----------------+-----------------+--------------------------------------------+ @@ -43,18 +45,45 @@ Request Parameters Response Parameters ------------------- -**Status code: 400** +**Status code: 200** .. table:: **Table 3** Response body parameters - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | url | String | URL protected by the data masking rule | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | category | String | Masked field | + | | | | + | | | Enumeration values: | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + | | | | + | | | - **form** | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | index | String | Name of the masked field | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+--------------------------------------------------------------------+ -**Status code: 401** +**Status code: 400** .. table:: **Table 4** Response body parameters @@ -65,7 +94,7 @@ Response Parameters error_msg String Error message ========== ====== ============= -**Status code: 500** +**Status code: 401** .. table:: **Table 5** Response body parameters @@ -76,6 +105,17 @@ Response Parameters error_msg String Error message ========== ====== ============= +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + Example Requests ---------------- diff --git a/api-ref/source/apis/rule_management/deleting_a_geolocation_access_control_rule.rst b/api-ref/source/apis/rule_management/deleting_a_geolocation_access_control_rule.rst index 2c664c6..1034e6e 100644 --- a/api-ref/source/apis/rule_management/deleting_a_geolocation_access_control_rule.rst +++ b/api-ref/source/apis/rule_management/deleting_a_geolocation_access_control_rule.rst @@ -17,13 +17,15 @@ DELETE /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+======================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the geolocation access control rule. It can be obtained by calling the **ListGeoipRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -47,75 +49,81 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+====================================================================+ - | id | String | Rule ID. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | geoip | String | Applicable regions. The value can be the region code. | - | | | | - | | | - CA: Canada | - | | | | - | | | - US: USA | - | | | | - | | | - AU: Australia | - | | | | - | | | - IN: India | - | | | | - | | | - JP: Japan | - | | | | - | | | - UK: United Kingdom | - | | | | - | | | - FR: France | - | | | | - | | | - DE: Germany | - | | | | - | | | - BR: Brazil | - | | | | - | | | - Ukraine: Ukraine | - | | | | - | | | - Pakistan: Pakistan | - | | | | - | | | - Palestine: Palestine | - | | | | - | | | - Israel: Israel | - | | | | - | | | - Iraq: Afghanistan | - | | | | - | | | - Libya: Libya | - | | | | - | | | - Turkey: Turkey | - | | | | - | | | - Thailand: Thailand | - | | | | - | | | - Singapore: Singapore | - | | | | - | | | - South Africa: South Africa | - | | | | - | | | - Mexico: Mexico | - | | | | - | | | - Peru: Peru | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | white | Integer | Protective action. The value can be: | - | | | | - | | | - 0: WAF blocks the requests that hit the rule. | - | | | | - | | | - 1: WAF allows the requests that hit the rule. | - | | | | - | | | - 2: WAF only logs the requests that hit the rule. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | description | String | Rule description | - +-----------------------+-----------------------+--------------------------------------------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Rule name. Currently, the console does not support configuring names for geolocation access control rule. Ignore this parameter. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoTagList | Array of strings | List of geographical locations hit the geolocation access control rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoip | String | Applicable regions. The value can be the region code. | + | | | | + | | | - CA: Canada | + | | | | + | | | - US: USA | + | | | | + | | | - AU: Australia | + | | | | + | | | - IN: India | + | | | | + | | | - JP: Japan | + | | | | + | | | - UK: United Kingdom | + | | | | + | | | - FR: France | + | | | | + | | | - DE: Germany | + | | | | + | | | - BR: Brazil | + | | | | + | | | - Ukraine: Ukraine | + | | | | + | | | - Pakistan: Pakistan | + | | | | + | | | - Palestine: Palestine | + | | | | + | | | - Israel: Israel | + | | | | + | | | - Iraq: Afghanistan | + | | | | + | | | - Libya: Libya | + | | | | + | | | - Turkey: Turkey | + | | | | + | | | - Thailand: Thailand | + | | | | + | | | - Singapore: Singapore | + | | | | + | | | - South Africa: South Africa | + | | | | + | | | - Mexico: Mexico | + | | | | + | | | - Peru: Peru | + | | | | + | | | - For more geographical location codes, see "Appendix - Geographic Location Codes." | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -173,6 +181,7 @@ Request succeeded. "timestamp" : 1650534513775, "description" : "demo", "status" : 1, + "geoTagList" : [ "BR" ], "geoip" : "BR", "white" : 0 } diff --git a/api-ref/source/apis/rule_management/deleting_a_global_protection_whitelist_false_alarm_masking_rule.rst b/api-ref/source/apis/rule_management/deleting_a_global_protection_whitelist_false_alarm_masking_rule.rst new file mode 100644 index 0000000..7788899 --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_global_protection_whitelist_false_alarm_masking_rule.rst @@ -0,0 +1,200 @@ +:original_name: DeleteIgnoreRule.html + +.. _DeleteIgnoreRule: + +Deleting a Global Protection Whitelist (False Alarm Masking) Rule +================================================================= + +Function +-------- + +This API is used to deleting a global protection whitelist (false alarm masking) rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the false alarm masking rule. It can be obtained by calling the **ListIgnoreRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==========================================================================+================================================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule was created. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | String | Items to be masked. You can provide multiple items and separate them with semicolons (;). | + | | | | + | | | - If you want to disable a specific built-in rule for a domain name, the value of this parameter is the rule ID. When requests are blocked against a certain built-in rule while you do not want this rule to block requests later, you can query the rule in the **Events** page on the console and find its rule ID in the **Hit Rule** column. Then, you can disk the rule by its ID (including 6 digits). | + | | | | + | | | - If you want to mask a type of basic web protection rules, set this parameter to the name of the type of basic web protection rules. **xss**: XSS attacks **webshell**: Web shells **vuln**: Other types of attacks **sqli**: SQL injection attack **robot**: Malicious crawlers **rfi**: Remote file inclusion **lfi**: Local file inclusion **cmdi**: Command injection attack | + | | | | + | | | - To bypass the basic web protection, set this parameter to **all**. | + | | | | + | | | - To bypass all WAF protection, set this parameter to **bypass**. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | The value is fixed at **1**, indicating v2 false alarm masking rules are used. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`Condition ` objects | Condition list | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | Array of :ref:`Advanced ` objects | Advanced settings | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domain | Array of strings | Domain names to be protected. If the array length is **0**, this rule will take effect for all domain names that are protected by the policies this rule belongs to. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deleteignorerule__response_condition: + +.. table:: **Table 4** Condition + + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=========================+==================+=====================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **ip**, **url**, **params**, **cookie**, or **header**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address range. If the field type is url, the value must be a URL in standard format. If the field type is params, cookie, or header, the content format is not limited. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | The matching logic varies depending on the field type. For example, if the field type is **ip**, the logic can be **equal** or **not_equal**. If the field type is **url**, **params**, **cookie**, or **header**, the logic can be **equal**, **not_equal**, **contain**, **not_contain**, **prefix**, **not_prefix**, **suffix**, **not_suffix**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | check_all_indexes_logic | Integer | This parameter is reserved and can be ignored. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | If the field type is **ip** and the subfield is the client IP address, the **index** parameter does not exist. If the subfield type is **X-Forwarded-For**, the value is **x-forwarded-for**. If the field type is **params**, **header**, or **cookie**, and the subfield is user-defined, the value of **index** is the user-defined subfield. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deleteignorerule__response_advanced: + +.. table:: **Table 5** Advanced + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================+ + | index | String | Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. | + | | | | + | | | - When you select **Params**, **Cookie**, or **Header**, you can set this parameter to **all** or configure subfields as required. | + | | | | + | | | - When you select **Body** or **Multipart**, set this parameter to **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Subfield of the specified field type. The default value is **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "40484384970948d79fffe4e4ae1fc54d", + "policyid" : "f385eceedf7c4c34a4d1def19eafbe85", + "timestamp" : 1650512535222, + "description" : "demo", + "status" : 1, + "rule" : "091004", + "mode" : 1, + "conditions" : [ { + "category" : "ip", + "contents" : [ "x.x.x.x" ], + "logic_operation" : "equal" + } ], + "domain" : [ "www.example.com" ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_javascript_anti-crawler_rule.rst b/api-ref/source/apis/rule_management/deleting_a_javascript_anti-crawler_rule.rst new file mode 100644 index 0000000..9734c6c --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_javascript_anti-crawler_rule.rst @@ -0,0 +1,179 @@ +:original_name: DeleteAnticrawlerRule.html + +.. _DeleteAnticrawlerRule: + +Deleting a JavaScript Anti-Crawler Rule +======================================= + +Function +-------- + +This API is used to delete a JavaScript anti-crawler rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/anticrawler/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=========================================================================================================================================================================================================================================+ + | project_id | Yes | String | Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose **My Credentials**. Then, in the **Projects** area, view **Project ID** of the corresponding project. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | ID of a protection policy. You can specify a protection policy ID to query the rules used in the protection policy. You can obtain the policy ID by calling the **ListPolicy** API. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | Rule ID. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=======================+===========+========+============================================================================+ + | enterprise_project_id | No | String | You can obtain the ID by calling the **ListEnterpriseProject** API of EPS. | + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==============================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of **X-Subject-Token** in the response header). | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | id | String | Rule ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | logic | Integer | Rule matching logic | + | | | | + | | | - **1**: Include | + | | | | + | | | - **2**: Not include | + | | | | + | | | - **3**: Equal | + | | | | + | | | - **4**: Not equal | + | | | | + | | | - **5**: Prefix is | + | | | | + | | | - **6**: Prefix is not | + | | | | + | | | - **7**: Suffix is | + | | | | + | | | - **8**: Suffix is not | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | type | String | JavaScript anti-crawler rule type. | + | | | | + | | | - **anticrawler_specific_url**: used to protect a specific path specified by the rule. | + | | | | + | | | - **anticrawler_except_url**: used to protect all paths except the one specified by the rule. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/anticrawler/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +ok + +.. code-block:: + + { + "id" : "607d14b8153540c0af51a00fe2140d05", + "policyid" : "777716e0b7b84b5192b9d373f7c6d4f0", + "name" : "demo", + "timestamp" : 1675152776784, + "status" : 1, + "url" : "/patent/id", + "logic" : 3, + "type" : "anticrawler_except_url" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 ok +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_known_attack_source_rule.rst b/api-ref/source/apis/rule_management/deleting_a_known_attack_source_rule.rst new file mode 100644 index 0000000..86c2e9d --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_known_attack_source_rule.rst @@ -0,0 +1,155 @@ +:original_name: DeletePunishmentRule.html + +.. _DeletePunishmentRule: + +Deleting a Known Attack Source Rule +=================================== + +Function +-------- + +This API is used to delete a known attack source rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+====================================================================================================+ + | project_id | Yes | String | project_id | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the known attack source rule. It can be obtained by calling the **ListPunishmentRules** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+--------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+======================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+--------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------+ + | block_time | Integer | Block duration. | + +-----------------------+-----------------------+--------------------------------------+ + | category | String | Type of the know attack source rule. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **long_ip_block** | + | | | | + | | | - **long_cookie_block** | + | | | | + | | | - **long_params_block** | + | | | | + | | | - **short_ip_block** | + | | | | + | | | - **short_cookie_block** | + | | | | + | | | - **short_params_block** | + +-----------------------+-----------------------+--------------------------------------+ + | description | String | Description | + +-----------------------+-----------------------+--------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+--------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "block_time" : 1233, + "category" : "long_ip_block", + "description" : "update", + "id" : "2c3afdcc982b429da4f72ee483aece3e", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668148186106 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_precise_protection_rule.rst b/api-ref/source/apis/rule_management/deleting_a_precise_protection_rule.rst index 7d67532..d42bae9 100644 --- a/api-ref/source/apis/rule_management/deleting_a_precise_protection_rule.rst +++ b/api-ref/source/apis/rule_management/deleting_a_precise_protection_rule.rst @@ -17,13 +17,15 @@ DELETE /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== ============ - Parameter Mandatory Type Description - ========== ========= ====== ============ - project_id Yes String Project ID - policy_id Yes String Policy ID. - rule_id Yes String customRuleId - ========== ========= ====== ============ + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the precise protection rule. It can be obtained by calling the **ListCustomeRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -35,7 +37,7 @@ Request Parameters +=================+=================+=================+============================================+ | X-Auth-Token | Yes | String | User token | +-----------------+-----------------+-----------------+--------------------------------------------+ - | Content-Type | Yes | String | Content type. | + | Content-Type | No | String | Content type. | | | | | | | | | | Default: **application/json;charset=utf8** | +-----------------+-----------------+-----------------+--------------------------------------------+ @@ -66,8 +68,6 @@ Response Parameters +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action_mode | Boolean | This parameter is reserved and can be ignored. | - +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | timestamp | Long | Timestamp when the precise protection rule is created. | @@ -76,40 +76,114 @@ Response Parameters +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _deletecustomrule__response_conditions: .. table:: **Table 4** conditions - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=============================================================================================================================================================================================================+ - | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Subfield | - | | | | - | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | - | | | | - | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - When the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **len_greater** | + | | | | + | | | - **len_less** | + | | | | + | | | - **len_equal** | + | | | | + | | | - **len_not_equal** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is available only when a reference table is used when a protection rule is created. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _deletecustomrule__response_customaction: .. table:: **Table 5** CustomAction - +-----------------------+-----------------------+-------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================+ - | category | String | Action type. | - | | | | - | | | - block: WAF blocks attacks. | - | | | | - | | | - pass: WAF allows requests. | - +-----------------------+-----------------------+-------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================================+ + | category | String | Operation type | + | | | | + | | | - **block**: WAF blocks attacks. | + | | | | + | | | - **pass**: WAF allows requests. | + | | | | + | | | - **log**: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **pass** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | followed_action_id | String | ID of a known attack source rule. This parameter can be configured only when **category** is set to **block**. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -161,24 +235,24 @@ Request succeeded. .. code-block:: { + "id" : "88e8bf4158324b2d9a233e7ffb95516d", + "policyid" : "dde63c25e8394b21b16a2a49a99e659b", + "timestamp" : 1678799936830, + "description" : "", + "status" : 1, + "time" : false, + "priority" : 50, + "action_mode" : false, + "conditions" : [ { + "category" : "url", + "contents" : [ "test" ], + "logic_operation" : "contain" + } ], "action" : { "category" : "block" }, - "action_mode" : false, - "aging_time" : 0, - "conditions" : [ { - "category" : "header", - "index" : "demo", - "logic_operation" : "contain", - "content" : [ "demo" ] - } ], - "description" : "", - "id" : "2a3caa2bc9814c09ad73d02e3485b4a4", - "policyid" : "1f016cde588646aca3fb19f277c44d03", - "priority" : 50, - "status" : 1, - "time" : false, - "timestamp" : 1656495488880 + "producer" : 1, + "aging_time" : 0 } Status Codes diff --git a/api-ref/source/apis/rule_management/deleting_a_reference_table.rst b/api-ref/source/apis/rule_management/deleting_a_reference_table.rst index 0c7f396..1313f07 100644 --- a/api-ref/source/apis/rule_management/deleting_a_reference_table.rst +++ b/api-ref/source/apis/rule_management/deleting_a_reference_table.rst @@ -13,17 +13,17 @@ This API is used to delete a reference table. URI --- -DELETE /v1/{project_id}/waf/valuelist/{valuelistid} +DELETE /v1/{project_id}/waf/valuelist/{table_id} .. table:: **Table 1** Path Parameters - +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=============+===========+========+=============================================================================================+ - | project_id | Yes | String | Project ID | - +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ - | valuelistid | Yes | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List | - +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ + +------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=============================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | table_id | Yes | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List | + +------------+-----------+--------+---------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -117,7 +117,7 @@ Example Requests .. code-block:: text - DELETE https://{Endpoint}/v1/{project_id}/waf/valuelist/{valuelistid}? + DELETE https://{Endpoint}/v1/{project_id}/waf/valuelist/{table_id}? Example Responses ----------------- @@ -133,6 +133,8 @@ Request succeeded. "name" : "demo2", "type" : "url", "values" : [ "/demo" ], + "description" : "", + "producer" : 1, "timestamp" : 1656495488880 } diff --git a/api-ref/source/apis/rule_management/deleting_a_web_tamper_protection_rule.rst b/api-ref/source/apis/rule_management/deleting_a_web_tamper_protection_rule.rst index 950cbca..fd1cb6a 100644 --- a/api-ref/source/apis/rule_management/deleting_a_web_tamper_protection_rule.rst +++ b/api-ref/source/apis/rule_management/deleting_a_web_tamper_protection_rule.rst @@ -17,13 +17,15 @@ DELETE /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+======================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the web tamper protection rule. It can be obtained by calling the **ListAntitamperRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -47,27 +49,27 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+-----------------------+---------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=========================================================+ - | id | String | Rule ID. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------+---------------------------------------------------------+ - | timestamp | Long | Timestamp | - +-----------------------+-----------------------+---------------------------------------------------------+ - | description | String | Rule description. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | hostname | String | Domain name protected by the web tamper protection rule | - +-----------------------+-----------------------+---------------------------------------------------------+ - | url | String | URL for the web tamper protection rule. | - +-----------------------+-----------------------+---------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | The domain name of the website protected with the web tamper protection rule. The domain name is in the format of xxx.xxx.com, such as www.example.com. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL for the web tamper protection rule. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** diff --git a/api-ref/source/apis/rule_management/deleting_an_information_leakage_prevention_rule.rst b/api-ref/source/apis/rule_management/deleting_an_information_leakage_prevention_rule.rst new file mode 100644 index 0000000..412b954 --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_an_information_leakage_prevention_rule.rst @@ -0,0 +1,169 @@ +:original_name: DeleteAntileakageRule.html + +.. _DeleteAntileakageRule: + +Deleting an Information Leakage Prevention Rule +=============================================== + +Function +-------- + +This API is used to delete an information leakage prevention rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================================================+ + | project_id | Yes | String | project ID | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the information leakage protection rule. It can be obtained by calling the **ListAntileakageRules** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===================================================================================================================================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | category | String | Sensitive information type in the information leakage prevention rule. | + | | | | + | | | - **sensitive**: The rule masks sensitive user information, such as ID code, phone numbers, and email addresses. | + | | | | + | | | - **code**: The rule blocks response pages of specified HTTP response code. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **code** | + | | | | + | | | - **sensitive** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content corresponding to the sensitive information type. Multiple options can be set. | + | | | | + | | | - When **category** is set to **code**, the pages that contain the following HTTP response codes will be blocked: 400, 401, 402, 403, 404, 405, 500, 501, 502, 503, 504 and 507. | + | | | | + | | | - When **category** is set to **sensitive**, parameters **phone**, **id_card**, and **email** can be set. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **0** | + | | | | + | | | - **1** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "82c4f04f84fd4b2b9ba4b4ea0df8ee82", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668152426471, + "description" : "demo", + "status" : 1, + "url" : "/attack", + "category" : "sensitive", + "contents" : [ "id_card" ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/index.rst b/api-ref/source/apis/rule_management/index.rst index 2eaf14a..3e4bffa 100644 --- a/api-ref/source/apis/rule_management/index.rst +++ b/api-ref/source/apis/rule_management/index.rst @@ -5,9 +5,10 @@ Rule Management =============== -- :ref:`Querying the Blacklist and Whitelist Rule List ` +- :ref:`Changing the Status of a Policy Rule ` +- :ref:`Querying the Blacklist and Whitelist Rule List ` - :ref:`Creating a Blacklist or Whitelist Rule ` -- :ref:`Querying a Blacklist or Whitelist Rule ` +- :ref:`Querying a Blacklist Or Whitelist Rule by ID ` - :ref:`Updating a Blacklist or Whitelist Rule ` - :ref:`Deleting a Blacklist or Whitelist Rule ` - :ref:`Querying CC Attack Protection Rules ` @@ -20,26 +21,44 @@ Rule Management - :ref:`Querying a Precise Protection Rule by ID ` - :ref:`Updating a Precise Protection Rule ` - :ref:`Deleting a Precise Protection Rule ` +- :ref:`Querying the JavaScript Anti-Crawler Rule List ` +- :ref:`Creating a JavaScript Anti-Crawler Rule ` +- :ref:`Querying a JavaScript Anti-Crawler Rule ` +- :ref:`Updating a JavaScript Anti-Crawler Rule ` +- :ref:`Deleting a JavaScript Anti-Crawler Rule ` - :ref:`Querying the Data Masking Rule List ` - :ref:`Creating a Data Masking Rule ` - :ref:`Querying a Data Masking Rule by ID ` - :ref:`Updating the Data Masking Rule List ` - :ref:`Deleting a Data Masking Rule ` +- :ref:`Querying the List of Known Attack Source Rules ` +- :ref:`Creating a Known Attack Source Rule ` +- :ref:`Querying a Known Attack Source Rule by ID ` +- :ref:`Updating a Known Attack Source Rule ` +- :ref:`Deleting a Known Attack Source Rule ` - :ref:`Querying the List of Web Tamper Protection Rules ` - :ref:`Creating a Web Tamper Protection Rule ` - :ref:`Querying a Web Tamper Protection Rule by ID ` - :ref:`Deleting a Web Tamper Protection Rule ` +- :ref:`Updating the Cache for a Web Tamper Protection Rule ` +- :ref:`Querying the List of Information Leakage Prevention Rules ` +- :ref:`Creating an Information Leakage Protection Rule ` +- :ref:`Querying an Information Leakage Prevention Rule by ID ` +- :ref:`Updating an Information Leakage Prevention Rule ` +- :ref:`Deleting an Information Leakage Prevention Rule ` - :ref:`Querying the False Alarm Masking Rule List ` -- :ref:`Creating a False Alarm Masking Rule ` -- :ref:`Querying a False Alarm Masking Rule ` -- :ref:`Deleting a False Alarm Masking Rule ` -- :ref:`Querying the List of Geolocation Access Control Rules ` +- :ref:`Creating a Global Protection Whitelist (Formerly False Alarm Masking) Rule ` +- :ref:`Querying a Global Protection Whitelist (Formerly False Alarm Masking) Rule by ID ` +- :ref:`Updating a Global Protection Whitelist (False Alarm Masking) Rule ` +- :ref:`Deleting a Global Protection Whitelist (False Alarm Masking) Rule ` +- :ref:`Querying the List of Geolocation Access Control Rules ` - :ref:`Creating a Geolocation Access Control Rule ` +- :ref:`Querying a Geolocation Access Control Rule by ID ` - :ref:`Updating a Geolocation Access Control Rule ` - :ref:`Deleting a Geolocation Access Control Rule ` -- :ref:`Changing the Status of a Policy Rule ` - :ref:`Querying the Reference Table List ` -- :ref:`Adding a Reference Table ` +- :ref:`Creating a Reference Table ` +- :ref:`Querying a Reference Table by ID ` - :ref:`Modifying a Reference Table ` - :ref:`Deleting a Reference Table ` @@ -47,9 +66,10 @@ Rule Management :maxdepth: 1 :hidden: + changing_the_status_of_a_policy_rule querying_the_blacklist_and_whitelist_rule_list creating_a_blacklist_or_whitelist_rule - querying_a_blacklist_or_whitelist_rule + querying_a_blacklist_or_whitelist_rule_by_id updating_a_blacklist_or_whitelist_rule deleting_a_blacklist_or_whitelist_rule querying_cc_attack_protection_rules @@ -62,25 +82,43 @@ Rule Management querying_a_precise_protection_rule_by_id updating_a_precise_protection_rule deleting_a_precise_protection_rule + querying_the_javascript_anti-crawler_rule_list + creating_a_javascript_anti-crawler_rule + querying_a_javascript_anti-crawler_rule + updating_a_javascript_anti-crawler_rule + deleting_a_javascript_anti-crawler_rule querying_the_data_masking_rule_list creating_a_data_masking_rule querying_a_data_masking_rule_by_id updating_the_data_masking_rule_list deleting_a_data_masking_rule + querying_the_list_of_known_attack_source_rules + creating_a_known_attack_source_rule + querying_a_known_attack_source_rule_by_id + updating_a_known_attack_source_rule + deleting_a_known_attack_source_rule querying_the_list_of_web_tamper_protection_rules creating_a_web_tamper_protection_rule querying_a_web_tamper_protection_rule_by_id deleting_a_web_tamper_protection_rule + updating_the_cache_for_a_web_tamper_protection_rule + querying_the_list_of_information_leakage_prevention_rules + creating_an_information_leakage_protection_rule + querying_an_information_leakage_prevention_rule_by_id + updating_an_information_leakage_prevention_rule + deleting_an_information_leakage_prevention_rule querying_the_false_alarm_masking_rule_list - creating_a_false_alarm_masking_rule - querying_a_false_alarm_masking_rule - deleting_a_false_alarm_masking_rule + creating_a_global_protection_whitelist_formerly_false_alarm_masking_rule + querying_a_global_protection_whitelist_formerly_false_alarm_masking_rule_by_id + updating_a_global_protection_whitelist_false_alarm_masking_rule + deleting_a_global_protection_whitelist_false_alarm_masking_rule querying_the_list_of_geolocation_access_control_rules creating_a_geolocation_access_control_rule + querying_a_geolocation_access_control_rule_by_id updating_a_geolocation_access_control_rule deleting_a_geolocation_access_control_rule - changing_the_status_of_a_policy_rule querying_the_reference_table_list - adding_a_reference_table + creating_a_reference_table + querying_a_reference_table_by_id modifying_a_reference_table deleting_a_reference_table diff --git a/api-ref/source/apis/rule_management/modifying_a_reference_table.rst b/api-ref/source/apis/rule_management/modifying_a_reference_table.rst index 4c862a8..6cecaa8 100644 --- a/api-ref/source/apis/rule_management/modifying_a_reference_table.rst +++ b/api-ref/source/apis/rule_management/modifying_a_reference_table.rst @@ -13,17 +13,17 @@ This API is used to modify a reference table. URI --- -PUT /v1/{project_id}/waf/valuelist/{valuelistid} +PUT /v1/{project_id}/waf/valuelist/{table_id} .. table:: **Table 1** Path Parameters - +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=============+===========+========+=============================================================================================+ - | project_id | Yes | String | Project ID | - +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ - | valuelistid | Yes | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List | - +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ + +------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=============================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | table_id | Yes | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List | + +------------+-----------+--------+---------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -47,7 +47,7 @@ Request Parameters +=================+=================+==================+==========================================================================================================================================================+ | name | Yes | String | Reference table name. The value can contain a maximum of 64 characters. Only digits, letters, hyphens (-), underscores (_), and periods (.) are allowed. | +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | type | Yes | String | Reference table type. For details, see the enumeration list | + | type | Yes | String | Reference table type. For details, see the enumeration values as followed. | | | | | | | | | | Enumeration values: | | | | | | @@ -69,10 +69,12 @@ Request Parameters | | | | | | | | | - **response_header** | | | | | | - | | | | - **resopnse_body** | + | | | | - **response_body** | +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ | values | No | Array of strings | Value of the reference table | +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Reference table description | + +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ Response Parameters ------------------- @@ -81,39 +83,47 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+-----------------------+------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+==============================+ - | id | String | ID of a reference table | - +-----------------------+-----------------------+------------------------------+ - | name | String | Reference table name | - +-----------------------+-----------------------+------------------------------+ - | type | String | The value can be: | - | | | | - | | | - url | - | | | | - | | | - params | - | | | | - | | | - ip | - | | | | - | | | - cookie | - | | | | - | | | - referer | - | | | | - | | | - user-agent | - | | | | - | | | - header | - | | | | - | | | - response_code | - | | | | - | | | - response_header | - | | | | - | | | - response_body | - +-----------------------+-----------------------+------------------------------+ - | timestamp | String | Reference table timestamp | - +-----------------------+-----------------------+------------------------------+ - | values | Array of strings | Value of the reference table | - +-----------------------+-----------------------+------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==========================================================+ + | id | String | ID of a reference table | + +-----------------------+-----------------------+----------------------------------------------------------+ + | name | String | Reference table name | + +-----------------------+-----------------------+----------------------------------------------------------+ + | type | String | The value can be: | + | | | | + | | | - url | + | | | | + | | | - params | + | | | | + | | | - ip | + | | | | + | | | - cookie | + | | | | + | | | - referer | + | | | | + | | | - user-agent | + | | | | + | | | - header | + | | | | + | | | - response_code | + | | | | + | | | - response_header | + | | | | + | | | - response_body | + +-----------------------+-----------------------+----------------------------------------------------------+ + | timestamp | String | Reference table timestamp | + +-----------------------+-----------------------+----------------------------------------------------------+ + | values | Array of strings | Value of the reference table | + +-----------------------+-----------------------+----------------------------------------------------------+ + | description | String | Reference table description | + +-----------------------+-----------------------+----------------------------------------------------------+ + | producer | Integer | This parameter is reserved and can be ignored currently. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **1** | + +-----------------------+-----------------------+----------------------------------------------------------+ **Status code: 400** @@ -153,7 +163,7 @@ Example Requests .. code-block:: text - PUT https://{Endpoint}/v1/{project_id}/waf/valuelist/{valuelistid}? + PUT https://{Endpoint}/v1/{project_id}/waf/valuelist/{table_id}? { "name" : "demo2", @@ -175,6 +185,8 @@ Request succeeded. "name" : "demo2", "type" : "url", "values" : [ "/demo" ], + "description" : "", + "producer" : 1, "timestamp" : 1656495488880 } diff --git a/api-ref/source/apis/rule_management/querying_a_blacklist_or_whitelist_rule.rst b/api-ref/source/apis/rule_management/querying_a_blacklist_or_whitelist_rule_by_id.rst similarity index 71% rename from api-ref/source/apis/rule_management/querying_a_blacklist_or_whitelist_rule.rst rename to api-ref/source/apis/rule_management/querying_a_blacklist_or_whitelist_rule_by_id.rst index 6751420..5c69deb 100644 --- a/api-ref/source/apis/rule_management/querying_a_blacklist_or_whitelist_rule.rst +++ b/api-ref/source/apis/rule_management/querying_a_blacklist_or_whitelist_rule_by_id.rst @@ -2,8 +2,8 @@ .. _ShowWhiteblackipRule: -Querying a Blacklist or Whitelist Rule -====================================== +Querying a Blacklist Or Whitelist Rule by ID +============================================ Function -------- @@ -17,13 +17,15 @@ GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=========================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the blacklist or whitelist rule. It can be obtained by calling the **ListWhiteblackipRules** API. | + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -52,6 +54,8 @@ Response Parameters +=======================+=======================+=====================================================+ | id | String | Rule ID | +-----------------------+-----------------------+-----------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+-----------------------------------------------------+ | policyid | String | Policy ID. | +-----------------------+-----------------------+-----------------------------------------------------+ | timestamp | Long | Rule creation time | @@ -64,7 +68,7 @@ Response Parameters | | | | | | | - 1: The rule is enabled. | +-----------------------+-----------------------+-----------------------------------------------------+ - | addr | String | lacklisted or whitelisted IP addresses | + | addr | String | Blacklisted or whitelisted IP addresses | +-----------------------+-----------------------+-----------------------------------------------------+ | white | Integer | Protective action. The value can be: | | | | | @@ -74,6 +78,8 @@ Response Parameters | | | | | | | - 2: WAF only logs the requests that hit the rule. | +-----------------------+-----------------------+-----------------------------------------------------+ + | followed_action_id | String | ID of the known attack source rule. | + +-----------------------+-----------------------+-----------------------------------------------------+ **Status code: 400** @@ -118,7 +124,21 @@ Example Requests Example Responses ----------------- -None +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "5d43af25404341058d5ab17b7ba78b56", + "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "timestamp" : 1650531872900, + "description" : "demo", + "status" : 1, + "addr" : "x.x.x.x", + "white" : 0 + } Status Codes ------------ diff --git a/api-ref/source/apis/rule_management/querying_a_cc_attack_protection_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_cc_attack_protection_rule_by_id.rst index 2537da5..88dd66f 100644 --- a/api-ref/source/apis/rule_management/querying_a_cc_attack_protection_rule_by_id.rst +++ b/api-ref/source/apis/rule_management/querying_a_cc_attack_protection_rule_by_id.rst @@ -17,15 +17,15 @@ GET /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} .. table:: **Table 1** Path Parameters - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +============+===========+========+================================================================================+ - | project_id | Yes | String | Project ID | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | rule_id | Yes | String | ccRuleId | - +------------+-----------+--------+--------------------------------------------------------------------------------+ + +------------+-----------+--------+---------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+===========================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+---------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+---------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the cc rule. It can be obtained by calling the **ListCcRules** API. | + +------------+-----------+--------+---------------------------------------------------------------------------+ Request Parameters ------------------ @@ -49,137 +49,244 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+======================================================================+========================================================================================================================================================================+ - | id | String | Rule ID. | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | - | | | | - | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | - | | | | - | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | mode | Integer | Mode. | - | | | | - | | | - **0**: Standard | - | | | | - | | | - **1**: Advanced | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_period | String | Rate limiting period | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tag_type | String | Protection mode. | - | | | | - | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | - | | | | - | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | - | | | | - | | | - other: A website visitor is identified by the Referer field (user-defined request source). | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be **0** or **1**. | - | | | | - | | | - **0**: The rule is disabled. | - | | | | - | | | - **1**: The rule is enabled. | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Rule description | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Time the rule is created. | - +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+========================================================================+==============================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard. | + | | | | + | | | - **1**: Advanced. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`CcCondition ` objects | Rate limit conditions of the CC protection rule. This parameter is mandatory when the CC protection rule is in advanced mode (i.e. the value of **mode** is **1**). | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Protection action to take if the number of requests reaches the upper limit. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Rate limit mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | + | | | | + | | | Enumeration values: | + | | | | + | | | - **ip** | + | | | | + | | | - **other** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_index | String | User identifier. This parameter is mandatory when the rate limit mode is set to **user** (cookie or header). | + | | | | + | | | - **cookie**: Set the cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported. For example, if a website uses the name field in the cookie to uniquely identify a website visitor, select name. | + | | | | + | | | - **header**: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_condition | :ref:`tag_condition ` object | User tag. This parameter is mandatory when the rate limit mode is set to **other**. -other: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | Integer | Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | Integer | Rate limit period, in seconds. The value ranges from 1 to 3,600. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unlock_num | Integer | Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. This parameter is required only when the protection action type is **dynamic_block**. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | Integer | Block duration, in seconds. The value ranges from 0 to 65,535. Specifies the period within which access is blocked. An error page is displayed in this period. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | total_num | Integer | This parameter is reserved and can be ignored currently. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unaggregation | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showccrule__response_cccondition: + +.. table:: **Table 4** CcCondition + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **url**, **ip**, **params**, **cookie**, or **header**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **url** | + | | | | + | | | - **ip** | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | - If the category is **url**, the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal | + | | | | + | | | - If the category is **ip**, the optional operations are: equal, not_equal, , equal_any and not_equal_all | + | | | | + | | | - If the category is **params**, **cookie** and **header**, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. This parameter is mandatory when the suffix of **logic_operation** is not any or all. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of **logic_operation** is any or all. The reference table type must be the same as the category type. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield. When **category** is set to params, cookie, or header, set this parameter based on site requirements. This parameter is mandatory. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _showccrule__response_action: -.. table:: **Table 4** action +.. table:: **Table 5** action - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================+ - | category | String | Action type: | - | | | | - | | | - **block**: WAF blocks discovered attacks. | - | | | | - | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | - | | | | - | | | - If **tag_type** is set to **other**, the value can only be **block**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | detail | String | Action details. If detail is null, the default block page is displayed by default. | - | | | | - | | | - This parameter cannot be included when **category** is set to **captcha**. | - | | | | - | | | - This parameter is required when **category** is set to **block**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+====================================================+==========================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - captcha: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - **block**: WAF blocks the requests. When **tag_type** is set to **other**, the value can only be **block**. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **dynamic_block**: In the previous rate limit period, if the request frequency exceeds the value of Rate Limit Frequency, the request is blocked. In the next rate limit period, if the request frequency exceeds the value of Permit Frequency, the request is still blocked. Note: The **dynamic_block** protection action can be set only when the advanced protection mode is enabled for the CC protection rule. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **captcha** | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + | | | | + | | | - **dynamic_block** | + +-----------------------+----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | :ref:`detail ` object | Block page information. When protection action **category** is set to **block** or **dynamic_block**, you need to set the returned block page. | + | | | | + | | | - If you want to use the default block page, this parameter can be excluded. | + | | | | + | | | - If you want to use a custom block page, set this parameter. | + +-----------------------+----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. table:: **Table 5** detail +.. _showccrule__response_detail: - +-----------+--------------------------------------------------------+----------------+ - | Parameter | Type | Description | - +===========+========================================================+================+ - | response | :ref:`response ` object | Returned page. | - +-----------+--------------------------------------------------------+----------------+ +.. table:: **Table 6** detail + + +-----------+--------------------------------------------------------+-------------+ + | Parameter | Type | Description | + +===========+========================================================+=============+ + | response | :ref:`response ` object | Block Page | + +-----------+--------------------------------------------------------+-------------+ .. _showccrule__response_response: -.. table:: **Table 6** response +.. table:: **Table 7** response - +--------------+--------+-------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +==============+========+===============================================================================+ - | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | - +--------------+--------+-------------------------------------------------------------------------------+ - | content | String | Contents | - +--------------+--------+-------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================+ + | content_type | String | Content type. The value can only be **application/json**, **text/html**, or **text/xml**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **application/json** | + | | | | + | | | - **text/html** | + | | | | + | | | - **text/xml** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | content | String | Block page information. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ -.. _showccrule__response_conditions: +.. _showccrule__response_tag_condition: -.. table:: **Table 7** conditions +.. table:: **Table 8** tag_condition - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================================================================================================================================================================================================================================+ - | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Parameter description: | - | | | | - | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | - | | | | - | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | - | | | | - | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | - | | | | - | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | - | | | | - | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------+------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +===========+==================+=====================================================+ + | category | String | User identifier. The value is fixed at **referer**. | + +-----------+------------------+-----------------------------------------------------+ + | contents | Array of strings | Content of the user identifier field. | + +-----------+------------------+-----------------------------------------------------+ **Status code: 400** -.. table:: **Table 8** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -**Status code: 401** - .. table:: **Table 9** Response body parameters ========== ====== ============= @@ -189,7 +296,7 @@ Response Parameters error_msg String Error message ========== ====== ============= -**Status code: 500** +**Status code: 401** .. table:: **Table 10** Response body parameters @@ -200,6 +307,17 @@ Response Parameters error_msg String Error message ========== ====== ============= +**Status code: 500** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + Example Requests ---------------- @@ -217,7 +335,6 @@ Request succeeded. .. code-block:: { - "aging_time" : 0, "description" : "", "id" : "a5f3fd28db564696b199228f0ac346b2", "limit_num" : 10, @@ -230,7 +347,9 @@ Request succeeded. "tag_type" : "ip", "timestamp" : 1656494435686, "total_num" : 0, + "aging_time" : 0, "unaggregation" : false, + "producer" : 1, "url" : "/path" } diff --git a/api-ref/source/apis/rule_management/querying_a_data_masking_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_data_masking_rule_by_id.rst index 15a1d50..cd1aaeb 100644 --- a/api-ref/source/apis/rule_management/querying_a_data_masking_rule_by_id.rst +++ b/api-ref/source/apis/rule_management/querying_a_data_masking_rule_by_id.rst @@ -17,13 +17,15 @@ GET /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==========================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the data masking rule. It can be obtained by calling the **ListPrivacyRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------+ Request Parameters ------------------ diff --git a/api-ref/source/apis/rule_management/querying_a_geolocation_access_control_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_geolocation_access_control_rule_by_id.rst new file mode 100644 index 0000000..cf7a972 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_geolocation_access_control_rule_by_id.rst @@ -0,0 +1,202 @@ +:original_name: ShowGeoipRule.html + +.. _ShowGeoipRule: + +Querying a Geolocation Access Control Rule by ID +================================================ + +Function +-------- + +This API is used to query a geolocation access control rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+======================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the geolocation access control rule. It can be obtained by calling the **ListGeoipRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Rule name. Currently, the console does not support configuring names for geolocation access control rule. Ignore this parameter. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoTagList | Array of strings | List of geographical locations hit the geolocation access control rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoip | String | Applicable regions. The value can be the region code. | + | | | | + | | | - CA: Canada | + | | | | + | | | - US: USA | + | | | | + | | | - AU: Australia | + | | | | + | | | - IN: India | + | | | | + | | | - JP: Japan | + | | | | + | | | - UK: United Kingdom | + | | | | + | | | - FR: France | + | | | | + | | | - DE: Germany | + | | | | + | | | - BR: Brazil | + | | | | + | | | - Ukraine: Ukraine | + | | | | + | | | - Pakistan: Pakistan | + | | | | + | | | - Palestine: Palestine | + | | | | + | | | - Israel: Israel | + | | | | + | | | - Iraq: Afghanistan | + | | | | + | | | - Libya: Libya | + | | | | + | | | - Turkey: Turkey | + | | | | + | | | - Thailand: Thailand | + | | | | + | | | - Singapore: Singapore | + | | | | + | | | - South Africa: South Africa | + | | | | + | | | - Mexico: Mexico | + | | | | + | | | - Peru: Peru | + | | | | + | | | - For more geographical location codes, see "Appendix - Geographic Location Codes." | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "02dafa406c4941368a1037b020f15a53", + "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "name" : "demo", + "description" : "demo", + "geoTagList" : [ "BR" ], + "geoip" : "BR", + "white" : 1 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_global_protection_whitelist_formerly_false_alarm_masking_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_global_protection_whitelist_formerly_false_alarm_masking_rule_by_id.rst new file mode 100644 index 0000000..23a040b --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_global_protection_whitelist_formerly_false_alarm_masking_rule_by_id.rst @@ -0,0 +1,202 @@ +:original_name: ShowIgnoreRule.html + +.. _ShowIgnoreRule: + +Querying a Global Protection Whitelist (Formerly False Alarm Masking) Rule by ID +================================================================================ + +Function +-------- + +This API is used to querying a global protection whitelist (formerly false alarm masking) rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the false alarm masking rule. It can be obtained by calling the **ListIgnoreRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+========================================================================+================================================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule was created. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule Description | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | String | Items to be masked. You can provide multiple items and separate them with semicolons (;). | + | | | | + | | | - If you want to disable a specific built-in rule for a domain name, the value of this parameter is the rule ID. When requests are blocked against a certain built-in rule while you do not want this rule to block requests later, you can query the rule in the **Events** page on the console and find its rule ID in the **Hit Rule** column. Then, you can disk the rule by its ID (including 6 digits). | + | | | | + | | | - If you want to mask a type of basic web protection rules, set this parameter to the name of the type of basic web protection rules. **xss**: XSS attacks **webshell**: Web shells **vuln**: Other types of attacks **sqli**: SQL injection attack **robot**: Malicious crawlers **rfi**: Remote file inclusion **lfi**: Local file inclusion **cmdi**: Command injection attack | + | | | | + | | | - To bypass the basic web protection, set this parameter to **all**. | + | | | | + | | | - To bypass all WAF protection, set this parameter to **bypass**. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | The value is fixed at **1**, indicating v2 false alarm masking rules are used. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`Condition ` objects | Condition list | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | Array of :ref:`Advanced ` objects | Advanced settings | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domain | Array of strings | Domain names to be protected. If the array length is **0**, this rule will take effect for all domain names that are protected by the policies this rule belongs to. | + +-----------------------+------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showignorerule__response_condition: + +.. table:: **Table 4** Condition + + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=========================+==================+=====================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **ip**, **url**, **params**, **cookie**, or **header**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address range. If the field type is url, the value must be a URL in standard format. If the field type is params, cookie, or header, the content format is not limited. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | The matching logic varies depending on the field type. For example, if the field type is **ip**, the logic can be **equal** or **not_equal**. If the field type is **url**, **params**, **cookie**, or **header**, the logic can be **equal**, **not_equal**, **contain**, **not_contain**, **prefix**, **not_prefix**, **suffix**, **not_suffix**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | check_all_indexes_logic | Integer | This parameter is reserved and can be ignored. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | If the field type is **ip** and the subfield is the client IP address, the **index** parameter does not exist. If the subfield type is **X-Forwarded-For**, the value is **x-forwarded-for**. If the field type is **params**, **header**, or **cookie**, and the subfield is user-defined, the value of **index** is the user-defined subfield. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showignorerule__response_advanced: + +.. table:: **Table 5** Advanced + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================+ + | index | String | Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. | + | | | | + | | | - When you select **Params**, **Cookie**, or **Header**, you can set this parameter to **all** or configure subfields as required. | + | | | | + | | | - When you select **Body** or **Multipart**, set this parameter to **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Subfield of the specified field type. The default value is **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "40484384970948d79fffe4e4ae1fc54d", + "policyid" : "f385eceedf7c4c34a4d1def19eafbe85", + "timestamp" : 1650512535222, + "description" : "demo", + "status" : 1, + "rule" : "091004", + "mode" : 1, + "conditions" : [ { + "category" : "ip", + "contents" : [ "x.x.x.x" ], + "logic_operation" : "equal" + } ], + "domain" : [ "we.test.418lab.cn" ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_javascript_anti-crawler_rule.rst b/api-ref/source/apis/rule_management/querying_a_javascript_anti-crawler_rule.rst new file mode 100644 index 0000000..025832f --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_javascript_anti-crawler_rule.rst @@ -0,0 +1,179 @@ +:original_name: ShowAnticrawlerRule.html + +.. _ShowAnticrawlerRule: + +Querying a JavaScript Anti-Crawler Rule +======================================= + +Function +-------- + +This API is used to query a JavaScript anti-crawler rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/anticrawler/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=========================================================================================================================================================================================================================================+ + | project_id | Yes | String | Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose **My Credentials**. Then, in the **Projects** area, view **Project ID** of the corresponding project. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | ID of a protection policy. You can specify a protection policy ID to query the rules used in the protection policy. You can obtain the policy ID by calling the **ListPolicy** API. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | Rule ID. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=======================+===========+========+============================================================================+ + | enterprise_project_id | No | String | You can obtain the ID by calling the **ListEnterpriseProject** API of EPS. | + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==============================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of **X-Subject-Token** in the response header). | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | id | String | Rule ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | logic | Integer | Rule matching logic | + | | | | + | | | - **1**: Include | + | | | | + | | | - **2**: Not include | + | | | | + | | | - **3**: Equal | + | | | | + | | | - **4**: Not equal | + | | | | + | | | - **5**: Prefix is | + | | | | + | | | - **6**: Prefix is not | + | | | | + | | | - **7**: Suffix is | + | | | | + | | | - **8**: Suffix is not | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | type | String | JavaScript anti-crawler rule type. | + | | | | + | | | - **anticrawler_specific_url**: used to protect a specific path specified by the rule. | + | | | | + | | | - **anticrawler_except_url**: used to protect all paths except the one specified by the rule. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/anticrawler/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +ok + +.. code-block:: + + { + "id" : "607d14b8153540c0af51a00fe2140d05", + "policyid" : "777716e0b7b84b5192b9d373f7c6d4f0", + "name" : "demo", + "timestamp" : 1675152776784, + "status" : 1, + "url" : "/patent/id", + "logic" : 1, + "type" : "anticrawler_except_url" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 ok +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_known_attack_source_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_known_attack_source_rule_by_id.rst new file mode 100644 index 0000000..482731d --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_known_attack_source_rule_by_id.rst @@ -0,0 +1,155 @@ +:original_name: ShowPunishmentRule.html + +.. _ShowPunishmentRule: + +Querying a Known Attack Source Rule by ID +========================================= + +Function +-------- + +This API is used to query a known attack source rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+====================================================================================================+ + | project_id | Yes | String | project_id | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the known attack source rule. It can be obtained by calling the **ListPunishmentRules** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+--------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+======================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+--------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------+ + | block_time | Integer | Block duration, in seconds. | + +-----------------------+-----------------------+--------------------------------------+ + | category | String | Type of the know attack source rule. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **long_ip_block** | + | | | | + | | | - **long_cookie_block** | + | | | | + | | | - **long_params_block** | + | | | | + | | | - **short_ip_block** | + | | | | + | | | - **short_cookie_block** | + | | | | + | | | - **short_params_block** | + +-----------------------+-----------------------+--------------------------------------+ + | description | String | Description | + +-----------------------+-----------------------+--------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+--------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "block_time" : 1233, + "category" : "long_ip_block", + "description" : "demo", + "id" : "2c3afdcc982b429da4f72ee483aece3e", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668148186106 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_precise_protection_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_precise_protection_rule_by_id.rst index a1b446e..a961714 100644 --- a/api-ref/source/apis/rule_management/querying_a_precise_protection_rule_by_id.rst +++ b/api-ref/source/apis/rule_management/querying_a_precise_protection_rule_by_id.rst @@ -17,15 +17,15 @@ GET /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} .. table:: **Table 1** Path Parameters - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +============+===========+========+================================================================================+ - | project_id | Yes | String | Project ID | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | rule_id | Yes | String | customRuleId | - +------------+-----------+--------+--------------------------------------------------------------------------------+ + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the precise protection rule. It can be obtained by calling the **ListCustomeRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -68,8 +68,6 @@ Response Parameters +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action_mode | Boolean | This parameter is reserved and can be ignored. | - +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | timestamp | Long | Timestamp when the precise protection rule is created. | @@ -78,40 +76,136 @@ Response Parameters +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _showcustomrule__response_conditions: .. table:: **Table 4** conditions - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=============================================================================================================================================================================================================+ - | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Subfield | - | | | | - | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | - | | | | - | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **url** | + | | | | + | | | - **user-agent** | + | | | | + | | | - **ip** | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **referer** | + | | | | + | | | - **header** | + | | | | + | | | - **request_line** | + | | | | + | | | - **method** | + | | | | + | | | - **request** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - When the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **len_greater** | + | | | | + | | | - **len_less** | + | | | | + | | | - **len_equal** | + | | | | + | | | - **len_not_equal** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is available only when a reference table is used when a protection rule is created. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _showcustomrule__response_customaction: .. table:: **Table 5** CustomAction - +-----------------------+-----------------------+-------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================+ - | category | String | Action type. | - | | | | - | | | - block: WAF blocks attacks. | - | | | | - | | | - pass: WAF allows requests. | - +-----------------------+-----------------------+-------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================================+ + | category | String | Operation type | + | | | | + | | | - **block**: WAF blocks attacks. | + | | | | + | | | - **pass**: WAF allows requests. | + | | | | + | | | - **log**: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **pass** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | followed_action_id | String | ID of a known attack source rule. This parameter can be configured only when **category** is set to **block**. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -179,6 +273,8 @@ Request succeeded. "priority" : 50, "status" : 1, "time" : false, + "aging_time" : 0, + "producer" : 1, "timestamp" : 1656495488880 } diff --git a/api-ref/source/apis/rule_management/querying_a_reference_table_by_id.rst b/api-ref/source/apis/rule_management/querying_a_reference_table_by_id.rst new file mode 100644 index 0000000..6d0bad6 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_reference_table_by_id.rst @@ -0,0 +1,166 @@ +:original_name: ShowValueList.html + +.. _ShowValueList: + +Querying a Reference Table by ID +================================ + +Function +-------- + +This API is used to query a reference table by ID. + +URI +--- + +GET /v1/{project_id}/waf/valuelist/{table_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=============================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | table_id | Yes | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List | + +------------+-----------+--------+---------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+----------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==========================================================+ + | id | String | ID of a reference table | + +-----------------------+-----------------------+----------------------------------------------------------+ + | name | String | Reference table name | + +-----------------------+-----------------------+----------------------------------------------------------+ + | type | String | The value can be: | + | | | | + | | | - url | + | | | | + | | | - params | + | | | | + | | | - ip | + | | | | + | | | - cookie | + | | | | + | | | - referer | + | | | | + | | | - user-agent | + | | | | + | | | - header | + | | | | + | | | - response_code | + | | | | + | | | - response_header | + | | | | + | | | - response_body | + +-----------------------+-----------------------+----------------------------------------------------------+ + | timestamp | String | Reference table timestamp | + +-----------------------+-----------------------+----------------------------------------------------------+ + | values | Array of strings | Value of the reference table | + +-----------------------+-----------------------+----------------------------------------------------------+ + | description | String | Reference table description | + +-----------------------+-----------------------+----------------------------------------------------------+ + | producer | Integer | This parameter is reserved and can be ignored currently. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **1** | + +-----------------------+-----------------------+----------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/valuelist/{table_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "3978ca9403844a62bbd24bb5b8d16d4e", + "name" : "demo2", + "type" : "url", + "values" : [ "/demo" ], + "timestamp" : 1656495488880, + "description" : "", + "producer" : 1 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_web_tamper_protection_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_web_tamper_protection_rule_by_id.rst index 5872063..c887af3 100644 --- a/api-ref/source/apis/rule_management/querying_a_web_tamper_protection_rule_by_id.rst +++ b/api-ref/source/apis/rule_management/querying_a_web_tamper_protection_rule_by_id.rst @@ -17,13 +17,15 @@ GET /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+======================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the web tamper protection rule. It can be obtained by calling the **ListAntitamperRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -47,27 +49,27 @@ Response Parameters .. table:: **Table 3** Response body parameters - +-----------------------+-----------------------+---------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=========================================================+ - | id | String | Rule ID. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------+---------------------------------------------------------+ - | timestamp | Long | Timestamp | - +-----------------------+-----------------------+---------------------------------------------------------+ - | description | String | Rule description. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | hostname | String | Domain name protected by the web tamper protection rule | - +-----------------------+-----------------------+---------------------------------------------------------+ - | url | String | URL for the web tamper protection rule. | - +-----------------------+-----------------------+---------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | The domain name of the website protected with the web tamper protection rule. The domain name is in the format of xxx.xxx.com, such as www.example.com. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL for the web tamper protection rule. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** diff --git a/api-ref/source/apis/rule_management/querying_an_information_leakage_prevention_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_an_information_leakage_prevention_rule_by_id.rst new file mode 100644 index 0000000..85cfd3c --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_an_information_leakage_prevention_rule_by_id.rst @@ -0,0 +1,169 @@ +:original_name: ShowAntileakageRule.html + +.. _ShowAntileakageRule: + +Querying an Information Leakage Prevention Rule by ID +===================================================== + +Function +-------- + +This API is used to query an information leakage prevention rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================================================+ + | project_id | Yes | String | project_id | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the information leakage protection rule. It can be obtained by calling the **ListAntileakageRules** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===================================================================================================================================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | category | String | Sensitive information type in the information leakage prevention rule. | + | | | | + | | | - **sensitive**: The rule masks sensitive user information, such as ID code, phone numbers, and email addresses. | + | | | | + | | | - **code**: The rule blocks response pages of specified HTTP response code. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **code** | + | | | | + | | | - **sensitive** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content corresponding to the sensitive information type. Multiple options can be set. | + | | | | + | | | - When **category** is set to **code**, the pages that contain the following HTTP response codes will be blocked: 400, 401, 402, 403, 404, 405, 500, 501, 502, 503, 504 and 507. | + | | | | + | | | - When **category** is set to **sensitive**, parameters **phone**, **id_card**, and **email** can be set. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **0** | + | | | | + | | | - **1** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "82c4f04f84fd4b2b9ba4b4ea0df8ee82", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668152426471, + "description" : "demo", + "status" : 1, + "url" : "/attack", + "category" : "sensitive", + "contents" : [ "id_card" ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_cc_attack_protection_rules.rst b/api-ref/source/apis/rule_management/querying_cc_attack_protection_rules.rst index 7c7438b..204ccf7 100644 --- a/api-ref/source/apis/rule_management/querying_cc_attack_protection_rules.rst +++ b/api-ref/source/apis/rule_management/querying_cc_attack_protection_rules.rst @@ -17,27 +17,25 @@ GET /v1/{project_id}/waf/policy/{policy_id}/cc .. table:: **Table 1** Path Parameters - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +============+===========+========+================================================================================+ - | project_id | Yes | String | Project ID | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | - +------------+-----------+--------+--------------------------------------------------------------------------------+ + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ .. table:: **Table 2** Query Parameters - +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+=============================================================================+ - | page | No | Integer | Page number. | - | | | | | - | | | | Default: **1** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------+ - | pagesize | No | Integer | Number of records on each page. The maximum value is 100. Default value: 10 | - | | | | | - | | | | Default: **10** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------+ + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==================================================================+ + | page | No | Integer | Page number. | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -49,7 +47,7 @@ Request Parameters +=================+=================+=================+==========================================================================================================+ | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ - | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | | | | | | | | | | Default: **application/json;charset=utf8** | +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ @@ -73,137 +71,244 @@ Response Parameters .. table:: **Table 5** CcrulesListInfo - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================================================================+========================================================================================================================================================================+ - | id | String | Rule ID. | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | - | | | | - | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | - | | | | - | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | mode | Integer | Mode. | - | | | | - | | | - **0**: Standard. | - | | | | - | | | - **1**: Advanced | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_period | String | Rate limiting period | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tag_type | String | Protection mode. | - | | | | - | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | - | | | | - | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | - | | | | - | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be **0** or **1**. | - | | | | - | | | - **0**: The rule is disabled. | - | | | | - | | | - **1**: The rule is enabled. | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Rule description | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Time the rule is created. | - +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=========================================================================+==============================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. When the value of **mode** is **0**, this parameter has a return value. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard. | + | | | | + | | | - **1**: Advanced. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`CcCondition ` objects | Rate limit conditions of the CC protection rule. This parameter is mandatory when the CC protection rule is in advanced mode (i.e. the value of **mode** is **1**). | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Protection action to take if the number of requests reaches the upper limit. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Rate limit mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | + | | | | + | | | Enumeration values: | + | | | | + | | | - **ip** | + | | | | + | | | - **other** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_index | String | User identifier. This parameter is mandatory when the rate limit mode is set to **user** (cookie or header). | + | | | | + | | | - **cookie**: Set the cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported. For example, if a website uses the name field in the cookie to uniquely identify a website visitor, select name. | + | | | | + | | | - **header**: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_condition | :ref:`tag_condition ` object | User tag. This parameter is mandatory when the rate limit mode is set to **other**. -other: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | Integer | Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | Integer | Rate limit period, in seconds. The value ranges from 1 to 3,600. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unlock_num | Integer | Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. This parameter is required only when the protection action type is **dynamic_block**. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | Integer | Block duration, in seconds. The value ranges from 0 to 65,535. Access requests are blocked during the configured block duration, and an error page is displayed. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | total_num | Integer | This parameter is reserved and can be ignored currently. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unaggregation | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listccrules__response_cccondition: + +.. table:: **Table 6** CcCondition + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **url**, **ip**, **params**, **cookie**, or **header**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **url** | + | | | | + | | | - **ip** | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | - If the category is **url**, the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal | + | | | | + | | | - If the category is **ip**, the optional operations are: equal, not_equal, , equal_any and not_equal_all | + | | | | + | | | - If the category is **params**, **cookie** and **header**, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. This parameter is mandatory when the suffix of **logic_operation** is not any or all. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of **logic_operation** is any or all. The reference table type must be the same as the category type. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield. When **category** is set to params, cookie, or header, set this parameter based on site requirements. This parameter is mandatory. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _listccrules__response_action: -.. table:: **Table 6** action +.. table:: **Table 7** action - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================+ - | category | String | Action type: | - | | | | - | | | - **block**: WAF blocks discovered attacks. | - | | | | - | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | - | | | | - | | | - If **tag_type** is set to **other**, the value can only be **block**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | detail | String | Action details. If detail is null, the default block page is displayed by default. | - | | | | - | | | - This parameter cannot be included when **category** is set to **captcha**. | - | | | | - | | | - This parameter is required when **category** is set to **block**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=====================================================+==========================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - **block**: WAF blocks the requests. When **tag_type** is set to **other**, the value can only be **block**. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **dynamic_block**: In the previous rate limit period, if the request frequency exceeds the value of Rate Limit Frequency, the request is blocked. In the next rate limit period, if the request frequency exceeds the value of Permit Frequency, the request is still blocked. Note: The **dynamic_block** protection action can be set only when the advanced protection mode is enabled for the CC protection rule. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **captcha** | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + | | | | + | | | - **dynamic_block** | + +-----------------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | :ref:`detail ` object | Block page information. When protection action **category** is set to **block** or **dynamic_block**, you need to set the returned block page. | + | | | | + | | | - If you want to use the default block page, this parameter can be excluded. | + | | | | + | | | - If you want to use a custom block page, set this parameter. | + +-----------------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. table:: **Table 7** detail +.. _listccrules__response_detail: - +-----------+---------------------------------------------------------+---------------+ - | Parameter | Type | Description | - +===========+=========================================================+===============+ - | response | :ref:`response ` object | Returned page | - +-----------+---------------------------------------------------------+---------------+ +.. table:: **Table 8** detail + + +-----------+---------------------------------------------------------+-------------+ + | Parameter | Type | Description | + +===========+=========================================================+=============+ + | response | :ref:`response ` object | Block Page | + +-----------+---------------------------------------------------------+-------------+ .. _listccrules__response_response: -.. table:: **Table 8** response +.. table:: **Table 9** response - +--------------+--------+-------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +==============+========+===============================================================================+ - | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | - +--------------+--------+-------------------------------------------------------------------------------+ - | content | String | Contents | - +--------------+--------+-------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================+ + | content_type | String | Content type. The value can only be **application/json**, **text/html**, or **text/xml**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **application/json** | + | | | | + | | | - **text/html** | + | | | | + | | | - **text/xml** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | content | String | Block page information. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ -.. _listccrules__response_conditions: +.. _listccrules__response_tag_condition: -.. table:: **Table 9** conditions +.. table:: **Table 10** tag_condition - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================================================================================================================================================================================================================================+ - | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Parameter description: | - | | | | - | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | - | | | | - | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | - | | | | - | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | - | | | | - | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | - | | | | - | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------+------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +===========+==================+=====================================================+ + | category | String | User identifier. The value is fixed at **referer**. | + +-----------+------------------+-----------------------------------------------------+ + | contents | Array of strings | Content of the user identifier field. | + +-----------+------------------+-----------------------------------------------------+ **Status code: 400** -.. table:: **Table 10** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -**Status code: 401** - .. table:: **Table 11** Response body parameters ========== ====== ============= @@ -213,7 +318,7 @@ Response Parameters error_msg String Error message ========== ====== ============= -**Status code: 500** +**Status code: 401** .. table:: **Table 12** Response body parameters @@ -224,6 +329,17 @@ Response Parameters error_msg String Error message ========== ====== ============= +**Status code: 500** + +.. table:: **Table 13** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + Example Requests ---------------- @@ -231,6 +347,18 @@ Example Requests GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/cc? + { + "description" : "", + "tag_type" : "ip", + "limit_num" : 10, + "limit_period" : 1, + "action" : { + "category" : "captcha" + }, + "mode" : 0, + "url" : "/demo" + } + Example Responses ----------------- diff --git a/api-ref/source/apis/rule_management/querying_precise_protection_rules.rst b/api-ref/source/apis/rule_management/querying_precise_protection_rules.rst index caae75c..f6c71ac 100644 --- a/api-ref/source/apis/rule_management/querying_precise_protection_rules.rst +++ b/api-ref/source/apis/rule_management/querying_precise_protection_rules.rst @@ -17,27 +17,25 @@ GET /v1/{project_id}/waf/policy/{policy_id}/custom .. table:: **Table 1** Path Parameters - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +============+===========+========+================================================================================+ - | project_id | Yes | String | Project ID | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | - +------------+-----------+--------+--------------------------------------------------------------------------------+ + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ .. table:: **Table 2** Query Parameters - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+===========================================================+ - | page | No | Integer | Page number. | - | | | | | - | | | | Default: **1** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | - | | | | | - | | | | Default: **10** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==================================================================+ + | page | No | Integer | Page number. | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -61,12 +59,15 @@ Response Parameters .. table:: **Table 4** Response body parameters - ========= ================ ============================= - Parameter Type Description - ========= ================ ============================= - total Integer Number of rules in the policy - items Array of objects Array of custom rules - ========= ================ ============================= + +-----------+-----------------------------------------------------------------------------------+-------------------------------+ + | Parameter | Type | Description | + +===========+===================================================================================+===============================+ + | total | Integer | Number of rules in the policy | + +-----------+-----------------------------------------------------------------------------------+-------------------------------+ + | items | Array of :ref:`CustomRuleBody ` objects | Array of custom rules | + +-----------+-----------------------------------------------------------------------------------+-------------------------------+ + +.. _listcustomrules__response_customrulebody: .. table:: **Table 5** CustomRuleBody @@ -77,7 +78,7 @@ Response Parameters +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | policyid | String | Policy ID. | +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Rule description | + | description | String | Rule description. | +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | status | Integer | Rule status. The value can be **0** or **1**. | | | | | @@ -89,8 +90,6 @@ Response Parameters +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action_mode | Boolean | This parameter is reserved and can be ignored. | - +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | timestamp | Long | Timestamp when the precise protection rule is created. | @@ -99,40 +98,112 @@ Response Parameters +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _listcustomrules__response_conditions: .. table:: **Table 6** conditions - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=============================================================================================================================================================================================================+ - | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Subfield | - | | | | - | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | - | | | | - | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - When the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **len_greater** | + | | | | + | | | - **len_less** | + | | | | + | | | - **len_equal** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is available only when a reference table is used when a protection rule is created. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _listcustomrules__response_customaction: .. table:: **Table 7** CustomAction - +-----------------------+-----------------------+-------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================+ - | category | String | Action type. | - | | | | - | | | - block: WAF blocks attacks. | - | | | | - | | | - pass: WAF allows requests. | - +-----------------------+-----------------------+-------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================================+ + | category | String | Operation type | + | | | | + | | | - **block**: WAF blocks attacks. | + | | | | + | | | - **pass**: WAF allows requests. | + | | | | + | | | - **log**: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **pass** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | followed_action_id | String | ID of a known attack source rule. This parameter can be configured only when **category** is set to **block**. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -199,7 +270,9 @@ Request succeeded. "priority" : 50, "status" : 1, "time" : false, - "timestamp" : 1656495488880 + "timestamp" : 1656495488880, + "aging_time" : 0, + "producer" : 1 } ], "total" : 1 } diff --git a/api-ref/source/apis/rule_management/querying_the_blacklist_and_whitelist_rule_list.rst b/api-ref/source/apis/rule_management/querying_the_blacklist_and_whitelist_rule_list.rst index 36b3e5c..d5e1588 100644 --- a/api-ref/source/apis/rule_management/querying_the_blacklist_and_whitelist_rule_list.rst +++ b/api-ref/source/apis/rule_management/querying_the_blacklist_and_whitelist_rule_list.rst @@ -1,6 +1,6 @@ -:original_name: ListWhiteblackipRule.html +:original_name: ListWhiteblackipRules.html -.. _ListWhiteblackipRule: +.. _ListWhiteblackipRules: Querying the Blacklist and Whitelist Rule List ============================================== @@ -17,28 +17,27 @@ GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ .. table:: **Table 2** Query Parameters - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+===========================================================+ - | page | No | Integer | Page. | - | | | | | - | | | | Default: **1** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | - | | | | | - | | | | Default: **10** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | name | No | String | Rule name, Fuzzy search is supported. | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==================================================================+ + | page | No | Integer | Page. | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | name | No | String | Rule name, Fuzzy search is supported. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -62,45 +61,51 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------+------------------------------------------------------------------------------------------------------------+-----------------+ - | Parameter | Type | Description | - +===========+============================================================================================================+=================+ - | total | Integer | Number of rules | - +-----------+------------------------------------------------------------------------------------------------------------+-----------------+ - | items | Array of :ref:`WhiteBlackIpResponseBody ` objects | Rules | - +-----------+------------------------------------------------------------------------------------------------------------+-----------------+ + +-----------+-------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+=============================================================================================================+=================================================================+ + | total | Integer | Number of rules | + +-----------+-------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------+ + | items | Array of :ref:`WhiteBlackIpResponseBody ` objects | Rules | + +-----------+-------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------+ + | size | Integer | Number of rules. This parameter is reserved and can be ignored. | + +-----------+-------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------+ -.. _listwhiteblackiprule__response_whiteblackipresponsebody: +.. _listwhiteblackiprules__response_whiteblackipresponsebody: .. table:: **Table 5** WhiteBlackIpResponseBody - +-----------------------+-----------------------+-----------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=====================================================+ - | id | String | Rule ID | - +-----------------------+-----------------------+-----------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+-----------------------+-----------------------------------------------------+ - | timestamp | Long | Rule creation time | - +-----------------------+-----------------------+-----------------------------------------------------+ - | description | String | Rule description. | - +-----------------------+-----------------------+-----------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-----------------------+-----------------------------------------------------+ - | addr | String | lacklisted or whitelisted IP addresses | - +-----------------------+-----------------------+-----------------------------------------------------+ - | white | Integer | Protective action. The value can be: | - | | | | - | | | - 0: WAF blocks the requests that hit the rule. | - | | | | - | | | - 1: WAF allows the requests that hit the rule. | - | | | | - | | | - 2: WAF only logs the requests that hit the rule. | - +-----------------------+-----------------------+-----------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Rule creation time | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ + | addr | String | Blacklisted or whitelisted IP addresses | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ + | followed_action_id | String | ID of a known attack source rule. This parameter can be configured only when **white** is set to **0**. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -153,6 +158,7 @@ Request succeeded. { "total" : 1, + "size" : 1, "items" : [ { "id" : "3c96caf769ca4f57814fcf4259ea89a1", "policyid" : "4dddfd44fc89453e9fd9cd6bfdc39db2", diff --git a/api-ref/source/apis/rule_management/querying_the_data_masking_rule_list.rst b/api-ref/source/apis/rule_management/querying_the_data_masking_rule_list.rst index 839414d..503189c 100644 --- a/api-ref/source/apis/rule_management/querying_the_data_masking_rule_list.rst +++ b/api-ref/source/apis/rule_management/querying_the_data_masking_rule_list.rst @@ -17,22 +17,23 @@ GET /v1/{project_id}/waf/policy/{policy_id}/privacy .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ .. table:: **Table 2** Query Parameters - +-----------+-----------+---------+-----------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +===========+===========+=========+===========================================================+ - | page | No | Integer | Page | - +-----------+-----------+---------+-----------------------------------------------------------+ - | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | - +-----------+-----------+---------+-----------------------------------------------------------+ + +-----------+-----------+---------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+=========+==================================================================+ + | page | No | Integer | Page | + +-----------+-----------+---------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + +-----------+-----------+---------+------------------------------------------------------------------+ Request Parameters ------------------ diff --git a/api-ref/source/apis/rule_management/querying_the_false_alarm_masking_rule_list.rst b/api-ref/source/apis/rule_management/querying_the_false_alarm_masking_rule_list.rst index b22317b..5725993 100644 --- a/api-ref/source/apis/rule_management/querying_the_false_alarm_masking_rule_list.rst +++ b/api-ref/source/apis/rule_management/querying_the_false_alarm_masking_rule_list.rst @@ -26,17 +26,17 @@ GET /v1/{project_id}/waf/policy/{policy_id}/ignore .. table:: **Table 2** Query Parameters - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+===========================================================+ - | page | No | Integer | Page | - | | | | | - | | | | Default: **1** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | - | | | | | - | | | | Default: **10** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==================================================================+ + | page | No | Integer | Page | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -60,109 +60,90 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------+-----------------------------------------------------------------------------------+------------------------------------+ - | Parameter | Type | Description | - +===========+===================================================================================+====================================+ - | total | Integer | Number of rules in the policy | - +-----------+-----------------------------------------------------------------------------------+------------------------------------+ - | items | Array of :ref:`IgnoreRuleBody ` objects | Array of false alarm masking rules | - +-----------+-----------------------------------------------------------------------------------+------------------------------------+ + +-----------+-----------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+===================================================================================+==========================================================================================================+ + | total | Integer | The number of global protection whitelist (formerly false alarm masking) rules in the protection policy. | + +-----------+-----------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------+ + | items | Array of :ref:`IgnoreRuleBody ` objects | Domain names the global protection whitelist (formerly false alarm masking) rule is used for. | + +-----------+-----------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------+ .. _listignorerules__response_ignorerulebody: .. table:: **Table 5** IgnoreRuleBody - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ - | id | String | Rule ID. | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Rule creation time. | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Provides supplementary information about the assignment. | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | rule | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | - | | | | - | | | - xss or sqli: XSS attacks | - | | | | - | | | - cmdi: Command injectionrobot: Malicious crawlers | - | | | | - | | | - lfi: Local file inclusion | - | | | | - | | | - rfi: Remote file inclusionwebshell: Website Trojans | - | | | | - | | | - cc: CC attacks -custom_custom: Precise protection | - | | | | - | | | - custom_whiteblackip: IP address blacklist and whitelist | - | | | | - | | | - custom_geoip: Geolocation access control | - | | | | - | | | - antitamper: Web tamper protection | - | | | | - | | | - anticrawler: Anti-crawler protection | - | | | | - | | | - leakage: Data leakage prevention | - | | | | - | | | - illegal: Illegal requests | - | | | | - | | | - vuln: Other attack types | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url_logic | String | URL match logic: | - | | | | - | | | - **equal**: full match | - | | | | - | | | - **prefix**: prefix match | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | domains | Array of strings | Protected domain name | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | advanced | :ref:`advanced ` object | advanced | - +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=========================================================================+================================================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | ID of the protection policy that includes the rule | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule was created. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | String | Items to be masked. You can provide multiple items and separate them with semicolons (;). | + | | | | + | | | - If you want to disable a specific built-in rule for a domain name, the value of this parameter is the rule ID. When requests are blocked against a certain built-in rule while you do not want this rule to block requests later, you can query the rule in the **Events** page on the console and find its rule ID in the **Hit Rule** column. Then, you can disk the rule by its ID (including 6 digits). | + | | | | + | | | - If you want to mask a type of basic web protection rules, set this parameter to the name of the type of basic web protection rules. **xss**: XSS attacks **webshell**: Web shells **vuln**: Other types of attacks **sqli**: SQL injection attack **robot**: Malicious crawlers **rfi**: Remote file inclusion **lfi**: Local file inclusion **cmdi**: Command injection attack | + | | | | + | | | - To bypass the basic web protection, set this parameter to **all**. | + | | | | + | | | - To bypass all WAF protection, set this parameter to **bypass**. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | The value is fixed at **1**, indicating v2 false alarm masking rules. | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`Condition ` objects | Condition list | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domain | Array of strings | Protecting Domain Names or Protecting Websites | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | Array of :ref:`Advanced ` objects | Advanced settings | + +-----------------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listignorerules__response_condition: + +.. table:: **Table 6** Condition + + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=========================+==================+=====================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **ip**, **url**, **params**, **cookie**, or **header**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address range. If the field type is url, the value must be a URL in standard format. If the field type is params, cookie, or header, the content format is not limited. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | The matching logic varies depending on the field type. For example, if the field type is **ip**, the logic can be **equal** or **not_equal**. If the field type is **url**, **params**, **cookie**, or **header**, the logic can be **equal**, **not_equal**, **contain**, **not_contain**, **prefix**, **not_prefix**, **suffix**, **not_suffix**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | check_all_indexes_logic | Integer | This parameter is reserved and can be ignored. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | If the field type is **ip** and the subfield is the client IP address, the **index** parameter does not exist. If the subfield type is **X-Forwarded-For**, the value is **x-forwarded-for**. If the field type is **params**, **header**, or **cookie**, and the subfield is user-defined, the value of **index** is the user-defined subfield. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _listignorerules__response_advanced: -.. table:: **Table 6** advanced +.. table:: **Table 7** Advanced - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=====================================================================================================================================================================================================================================+ - | index | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | - | | | | - | | | - cookie: session cookie | - | | | | - | | | - header: header field | - | | | | - | | | - body: body field | - | | | | - | | | - multipart: multipart/form-data type data | - | | | | - | | | - params: parameter | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | content | String | Specified field (available only for param, cookie, and header) | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================+ + | index | String | Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. | + | | | | + | | | - When you select **Params**, **Cookie**, or **Header**, you can set this parameter to **all** or configure subfields as required. | + | | | | + | | | - When you select **Body** or **Multipart**, set this parameter to **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Subfield of the specified field type. The default value is **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** -.. table:: **Table 7** Response body parameters - - ========== ====== ============= - Parameter Type Description - ========== ====== ============= - error_code String Error code - error_msg String Error message - ========== ====== ============= - -**Status code: 401** - .. table:: **Table 8** Response body parameters ========== ====== ============= @@ -172,7 +153,7 @@ Response Parameters error_msg String Error message ========== ====== ============= -**Status code: 500** +**Status code: 401** .. table:: **Table 9** Response body parameters @@ -183,6 +164,17 @@ Response Parameters error_msg String Error message ========== ====== ============= +**Status code: 500** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + Example Requests ---------------- @@ -195,22 +187,26 @@ Example Responses **Status code: 200** -Request succeeded. +OK .. code-block:: { "total" : 1, "items" : [ { - "id" : "c20f67b3e1c040c0b0d8866e568ee8bf", - "policyid" : "a75e96d8284c4c4f98ada7d391e8342c", - "timestamp" : 1656507126528, - "description" : "", + "id" : "40484384970948d79fffe4e4ae1fc54d", + "policyid" : "f385eceedf7c4c34a4d1def19eafbe85", + "timestamp" : 1650512535222, + "description" : "demo", "status" : 1, - "rule" : "webshell", - "url_logic" : "equal", - "url" : "/demo", - "domain" : [ "test3.th.com" ] + "rule" : "091004", + "mode" : 1, + "conditions" : [ { + "category" : "ip", + "contents" : [ "x.x.x.x" ], + "logic_operation" : "equal" + } ], + "domain" : [ "www.example.com" ] } ] } @@ -220,7 +216,7 @@ Status Codes =========== ============================================= Status Code Description =========== ============================================= -200 Request succeeded. +200 OK 400 Request failed. 401 The token does not have required permissions. 500 Internal server error. diff --git a/api-ref/source/apis/rule_management/querying_the_javascript_anti-crawler_rule_list.rst b/api-ref/source/apis/rule_management/querying_the_javascript_anti-crawler_rule_list.rst new file mode 100644 index 0000000..2a96f31 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_the_javascript_anti-crawler_rule_list.rst @@ -0,0 +1,202 @@ +:original_name: ListAnticrawlerRules.html + +.. _ListAnticrawlerRules: + +Querying the JavaScript Anti-Crawler Rule List +============================================== + +Function +-------- + +This API is used to query the list of JavaScript anti-crawler rules. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/anticrawler + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=========================================================================================================================================================================================================================================+ + | project_id | Yes | String | Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose **My Credentials**. Then, in the **Projects** area, view **Project ID** of the corresponding project. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | ID of a protection policy. You can specify a protection policy ID to query the rules used in the protection policy. You can obtain the policy ID by calling the **ListPolicy** API. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=======================+=================+=================+=================================================================================================================================+ + | enterprise_project_id | No | String | You can obtain the ID by calling the **ListEnterpriseProject** API of EPS. | + +-----------------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------+ + | page | No | Integer | Page | + +-----------------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + +-----------------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------+ + | type | No | String | JavaScript anti-crawler rule protection mode | + | | | | | + | | | | - **anticrawler_except_url**: In this mode, all paths are protected except the one specified in the queried anti-crawler rule. | + | | | | | + | | | | - **anticrawler_specific_url**: In this mode, the path specified in the queried rule is protected. | + +-----------------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==============================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of **X-Subject-Token** in the response header). | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+------------------------------------------------------------------------------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +===========+==========================================================================================+=========================================================+ + | total | Integer | The number of anti-crawler rules in the current policy. | + +-----------+------------------------------------------------------------------------------------------+---------------------------------------------------------+ + | items | Array of :ref:`AnticrawlerRule ` objects | The list of anti-crawler protection rules. | + +-----------+------------------------------------------------------------------------------------------+---------------------------------------------------------+ + +.. _listanticrawlerrules__response_anticrawlerrule: + +.. table:: **Table 5** AnticrawlerRule + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | id | String | Rule ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | logic | Integer | Rule matching logic | + | | | | + | | | - **1**: Include | + | | | | + | | | - **2**: Not include | + | | | | + | | | - **3**: Equal | + | | | | + | | | - **4**: Not equal | + | | | | + | | | - **5**: Prefix is | + | | | | + | | | - **6**: Prefix is not | + | | | | + | | | - **7**: Suffix is | + | | | | + | | | - **8**: Suffix is not | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | type | String | JavaScript anti-crawler rule type. | + | | | | + | | | - **anticrawler_specific_url**: used to protect a specific path specified by the rule. | + | | | | + | | | - **anticrawler_except_url**: used to protect all paths except the one specified by the rule. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/anticrawler? + +Example Responses +----------------- + +**Status code: 200** + +ok + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "fe2b2dd7a25d4170bffa943e72d7b7b8", + "policyid" : "200b34c3bca047a69f1cacf965a35a64", + "name" : "demo", + "timestamp" : 1679883377145, + "status" : 1, + "url" : "/demo", + "logic" : 1, + "type" : "anticrawler_except_url" + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 ok +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_the_list_of_geolocation_access_control_rules.rst b/api-ref/source/apis/rule_management/querying_the_list_of_geolocation_access_control_rules.rst index 498bf18..2071608 100644 --- a/api-ref/source/apis/rule_management/querying_the_list_of_geolocation_access_control_rules.rst +++ b/api-ref/source/apis/rule_management/querying_the_list_of_geolocation_access_control_rules.rst @@ -1,6 +1,6 @@ -:original_name: ListGeoipRule.html +:original_name: ListGeoipRules.html -.. _ListGeoipRule: +.. _ListGeoipRules: Querying the List of Geolocation Access Control Rules ===================================================== @@ -17,26 +17,27 @@ GET /v1/{project_id}/waf/policy/{policy_id}/geoip .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ .. table:: **Table 2** Query Parameters - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+===========================================================+ - | page | No | Integer | Page | - | | | | | - | | | | Default: **1** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | - | | | | | - | | | | Default: **10** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==================================================================+ + | page | No | Integer | Page | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -60,87 +61,93 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------+-----------------------------------------------------------------------+---------------------------------------------------------+ - | Parameter | Type | Description | - +===========+=======================================================================+=========================================================+ - | total | Integer | Number of blocked geographical locations in the policy. | - +-----------+-----------------------------------------------------------------------+---------------------------------------------------------+ - | items | Array of :ref:`GeOIpItem ` objects | List of the restricted geographical locations | - +-----------+-----------------------------------------------------------------------+---------------------------------------------------------+ + +-----------+------------------------------------------------------------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========================================================================+=========================================================+ + | total | Integer | Number of blocked geographical locations in the policy. | + +-----------+------------------------------------------------------------------------+---------------------------------------------------------+ + | items | Array of :ref:`GeOIpItem ` objects | List of the restricted geographical locations | + +-----------+------------------------------------------------------------------------+---------------------------------------------------------+ -.. _listgeoiprule__response_geoipitem: +.. _listgeoiprules__response_geoipitem: .. table:: **Table 5** GeOIpItem - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+====================================================================+ - | id | String | Rule ID. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | geoip | String | Applicable regions. The value can be the region code. | - | | | | - | | | - CA: Canada | - | | | | - | | | - US: USA | - | | | | - | | | - AU: Australia | - | | | | - | | | - IN: India | - | | | | - | | | - JP: Japan | - | | | | - | | | - UK: United Kingdom | - | | | | - | | | - FR: France | - | | | | - | | | - DE: Germany | - | | | | - | | | - BR: Brazil | - | | | | - | | | - Ukraine: Ukraine | - | | | | - | | | - Pakistan: Pakistan | - | | | | - | | | - Palestine: Palestine | - | | | | - | | | - Israel: Israel | - | | | | - | | | - Iraq: Afghanistan | - | | | | - | | | - Libya: Libya | - | | | | - | | | - Turkey: Turkey | - | | | | - | | | - Thailand: Thailand | - | | | | - | | | - Singapore: Singapore | - | | | | - | | | - South Africa: South Africa | - | | | | - | | | - Mexico: Mexico | - | | | | - | | | - Peru: Peru | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | white | Integer | Protective action. The value can be: | - | | | | - | | | - 0: WAF blocks the requests that hit the rule. | - | | | | - | | | - 1: WAF allows the requests that hit the rule. | - | | | | - | | | - 2: WAF only logs the requests that hit the rule. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | description | String | Rule description | - +-----------------------+-----------------------+--------------------------------------------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Rule name. Currently, the console does not support configuring names for geolocation access control rule. Ignore this parameter. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoTagList | Array of strings | List of geographical locations hit the geolocation access control rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoip | String | Applicable regions. The value can be the region code. | + | | | | + | | | - CA: Canada | + | | | | + | | | - US: USA | + | | | | + | | | - AU: Australia | + | | | | + | | | - IN: India | + | | | | + | | | - JP: Japan | + | | | | + | | | - UK: United Kingdom | + | | | | + | | | - FR: France | + | | | | + | | | - DE: Germany | + | | | | + | | | - BR: Brazil | + | | | | + | | | - Ukraine: Ukraine | + | | | | + | | | - Pakistan: Pakistan | + | | | | + | | | - Palestine: Palestine | + | | | | + | | | - Israel: Israel | + | | | | + | | | - Iraq: Afghanistan | + | | | | + | | | - Libya: Libya | + | | | | + | | | - Turkey: Turkey | + | | | | + | | | - Thailand: Thailand | + | | | | + | | | - Singapore: Singapore | + | | | | + | | | - South Africa: South Africa | + | | | | + | | | - Mexico: Mexico | + | | | | + | | | - Peru: Peru | + | | | | + | | | - For more geographical location codes, see "Appendix - Geographic Location Codes." | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -198,6 +205,7 @@ Request succeeded "policyid" : "2abeeecefb9840e6bf05efbd80d0fcd7", "timestamp" : 1636340038062, "status" : 1, + "geoTagList" : [ "BR" ], "geoip" : "BR", "white" : 1, "name" : "demo" diff --git a/api-ref/source/apis/rule_management/querying_the_list_of_information_leakage_prevention_rules.rst b/api-ref/source/apis/rule_management/querying_the_list_of_information_leakage_prevention_rules.rst new file mode 100644 index 0000000..a9efbcb --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_the_list_of_information_leakage_prevention_rules.rst @@ -0,0 +1,192 @@ +:original_name: ListAntileakageRules.html + +.. _ListAntileakageRules: + +Querying the List of Information Leakage Prevention Rules +========================================================= + +Function +-------- + +This API is used to query the list of information leakage prevention rules. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/antileakage + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------+-----------+---------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+=========+==================================================================+ + | page | No | Integer | Page | + +-----------+-----------+---------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + +-----------+-----------+---------+------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+------------------------------------------------------------------------------------------+----------------------------------------------------+ + | Parameter | Type | Description | + +===========+==========================================================================================+====================================================+ + | total | Integer | The number of information leakage prevention rules | + +-----------+------------------------------------------------------------------------------------------+----------------------------------------------------+ + | items | Array of :ref:`LeakageListInfo ` objects | The list of information leakage prevention rules | + +-----------+------------------------------------------------------------------------------------------+----------------------------------------------------+ + +.. _listantileakagerules__response_leakagelistinfo: + +.. table:: **Table 5** LeakageListInfo + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===================================================================================================================================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | category | String | Sensitive information type in the information leakage prevention rule. | + | | | | + | | | - **sensitive**: The rule masks sensitive user information, such as ID code, phone numbers, and email addresses. | + | | | | + | | | - **code**: The rule blocks response pages of specified HTTP response code. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **code** | + | | | | + | | | - **sensitive** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content corresponding to the sensitive information type. Multiple options can be set. | + | | | | + | | | - When **category** is set to **code**, the pages that contain the following HTTP response codes will be blocked: 400, 401, 402, 403, 404, 405, 500, 501, 502, 503, 504 and 507. | + | | | | + | | | - When **category** is set to **sensitive**, parameters **phone**, **id_card**, and **email** can be set. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **0** | + | | | | + | | | - **1** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antileakage? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "82c4f04f84fd4b2b9ba4b4ea0df8ee82", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668152426471, + "description" : "demo", + "status" : 1, + "url" : "/attack", + "category" : "sensitive", + "contents" : [ "id_card" ] + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_the_list_of_known_attack_source_rules.rst b/api-ref/source/apis/rule_management/querying_the_list_of_known_attack_source_rules.rst new file mode 100644 index 0000000..90434e5 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_the_list_of_known_attack_source_rules.rst @@ -0,0 +1,159 @@ +:original_name: ListPunishmentRules.html + +.. _ListPunishmentRules: + +Querying the List of Known Attack Source Rules +============================================== + +Function +-------- + +This API is used to query the list of known attack source rules. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/punishment + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | project_id | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------+-----------+---------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+=========+==================================================================+ + | page | No | Integer | Page | + +-----------+-----------+---------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + +-----------+-----------+---------+------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+---------------------------------------------------------------------------------------+------------------------------------------+ + | Parameter | Type | Description | + +===========+=======================================================================================+==========================================+ + | total | Integer | The number of known attack source rules. | + +-----------+---------------------------------------------------------------------------------------+------------------------------------------+ + | items | Array of :ref:`PunishmentInfo ` objects | The list of known attack source rules. | + +-----------+---------------------------------------------------------------------------------------+------------------------------------------+ + +.. _listpunishmentrules__response_punishmentinfo: + +.. table:: **Table 5** PunishmentInfo + + =========== ======= ==================================== + Parameter Type Description + =========== ======= ==================================== + id String Rule ID + policyid String Policy ID + block_time Integer Block duration, in seconds. + category String Type of the know attack source rule. + description String Description + timestamp Long Timestamp the rule is created. + =========== ======= ==================================== + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/punishment? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "items" : [ { + "block_time" : 305, + "category" : "long_ip_block", + "description" : "test", + "id" : "2c3afdcc982b429da4f72ee483aece3e", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668148186106 + } ], + "total" : 1 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_the_list_of_web_tamper_protection_rules.rst b/api-ref/source/apis/rule_management/querying_the_list_of_web_tamper_protection_rules.rst index ad15655..e365582 100644 --- a/api-ref/source/apis/rule_management/querying_the_list_of_web_tamper_protection_rules.rst +++ b/api-ref/source/apis/rule_management/querying_the_list_of_web_tamper_protection_rules.rst @@ -8,7 +8,7 @@ Querying the List of Web Tamper Protection Rules Function -------- -This api is used to query the list of web tamper protection rules. +This API is used to query the list of web tamper protection rules. URI --- @@ -17,26 +17,27 @@ GET /v1/{project_id}/waf/policy/{policy_id}/antitamper .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Prroject ID - policy_id Yes String Policy ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------+ .. table:: **Table 2** Query Parameters - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+===========================================================+ - | page | No | Integer | Page | - | | | | | - | | | | Default: **1** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ - | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | - | | | | | - | | | | Default: **10** | - +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==================================================================+ + | page | No | Integer | Page | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -72,27 +73,27 @@ Response Parameters .. table:: **Table 5** AntiTamperRuleResponseBody - +-----------------------+-----------------------+---------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=========================================================+ - | id | String | Rule ID. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------+---------------------------------------------------------+ - | timestamp | Long | Timestamp | - +-----------------------+-----------------------+---------------------------------------------------------+ - | description | String | Rule description. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-----------------------+---------------------------------------------------------+ - | hostname | String | Domain name protected by the web tamper protection rule | - +-----------------------+-----------------------+---------------------------------------------------------+ - | url | String | URL for the web tamper protection rule. | - +-----------------------+-----------------------+---------------------------------------------------------+ + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | The domain name of the website protected with the web tamper protection rule. The domain name is in the format of xxx.xxx.com, such as www.example.com. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL for the web tamper protection rule. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** diff --git a/api-ref/source/apis/rule_management/querying_the_reference_table_list.rst b/api-ref/source/apis/rule_management/querying_the_reference_table_list.rst index 3a23290..5e79124 100644 --- a/api-ref/source/apis/rule_management/querying_the_reference_table_list.rst +++ b/api-ref/source/apis/rule_management/querying_the_reference_table_list.rst @@ -25,15 +25,15 @@ GET /v1/{project_id}/waf/valuelist .. table:: **Table 2** Query Parameters - +-----------+-----------+---------+-----------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +===========+===========+=========+===========================================================+ - | page | No | Integer | Page | - +-----------+-----------+---------+-----------------------------------------------------------+ - | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | - +-----------+-----------+---------+-----------------------------------------------------------+ - | name | No | String | Reference table name, Fuzzy search is supported. | - +-----------+-----------+---------+-----------------------------------------------------------+ + +-----------+-----------+---------+------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+=========+==================================================================+ + | page | No | Integer | Page | + +-----------+-----------+---------+------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 2147483647. | + +-----------+-----------+---------+------------------------------------------------------------------+ + | name | No | String | Reference table name, Fuzzy search is supported. | + +-----------+-----------+---------+------------------------------------------------------------------+ Request Parameters ------------------ @@ -73,39 +73,45 @@ Response Parameters .. table:: **Table 5** ValueList - +-----------------------+-----------------------+------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+==============================+ - | id | String | ID of a reference table | - +-----------------------+-----------------------+------------------------------+ - | name | String | Reference table name | - +-----------------------+-----------------------+------------------------------+ - | type | String | The value can be: | - | | | | - | | | - url | - | | | | - | | | - params | - | | | | - | | | - ip | - | | | | - | | | - cookie | - | | | | - | | | - referer | - | | | | - | | | - user-agent | - | | | | - | | | - header | - | | | | - | | | - response_code | - | | | | - | | | - response_header | - | | | | - | | | - response_body | - +-----------------------+-----------------------+------------------------------+ - | timestamp | String | Reference table timestamp | - +-----------------------+-----------------------+------------------------------+ - | values | Array of strings | Value of the reference table | - +-----------------------+-----------------------+------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==========================================================+ + | id | String | ID of a reference table | + +-----------------------+-----------------------+----------------------------------------------------------+ + | name | String | Reference table name | + +-----------------------+-----------------------+----------------------------------------------------------+ + | type | String | The value can be: | + | | | | + | | | - url | + | | | | + | | | - params | + | | | | + | | | - ip | + | | | | + | | | - cookie | + | | | | + | | | - referer | + | | | | + | | | - user-agent | + | | | | + | | | - header | + | | | | + | | | - response_code | + | | | | + | | | - response_header | + | | | | + | | | - response_body | + +-----------------------+-----------------------+----------------------------------------------------------+ + | timestamp | String | Reference table timestamp | + +-----------------------+-----------------------+----------------------------------------------------------+ + | values | Array of strings | Value of the reference table | + +-----------------------+-----------------------+----------------------------------------------------------+ + | producer | Integer | This parameter is reserved and can be ignored currently. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **1** | + +-----------------------+-----------------------+----------------------------------------------------------+ **Status code: 400** @@ -163,7 +169,9 @@ Request succeeded. "name" : "demo", "type" : "url", "values" : [ "/demo" ], - "timestamp" : 1656495488880 + "timestamp" : 1656495488880, + "description" : "", + "producer" : 1 } ] } diff --git a/api-ref/source/apis/rule_management/updating_a_blacklist_or_whitelist_rule.rst b/api-ref/source/apis/rule_management/updating_a_blacklist_or_whitelist_rule.rst index 4bda594..f3bdb96 100644 --- a/api-ref/source/apis/rule_management/updating_a_blacklist_or_whitelist_rule.rst +++ b/api-ref/source/apis/rule_management/updating_a_blacklist_or_whitelist_rule.rst @@ -17,13 +17,15 @@ PUT /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=========================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the blacklist or whitelist rule. It can be obtained by calling the **ListWhiteblackipRules** API. | + +------------+-----------+--------+---------------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -42,21 +44,25 @@ Request Parameters .. table:: **Table 3** Request body parameters - +-----------------+-----------------+-----------------+-----------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+=====================================================+ - | description | No | String | Rule description. | - +-----------------+-----------------+-----------------+-----------------------------------------------------+ - | addr | Yes | String | lacklisted or whitelisted IP addresses | - +-----------------+-----------------+-----------------+-----------------------------------------------------+ - | white | Yes | Object | Protective action. The value can be: | - | | | | | - | | | | - 0: WAF blocks the requests that hit the rule. | - | | | | | - | | | | - 1: WAF allows the requests that hit the rule. | - | | | | | - | | | | - 2: WAF only logs the requests that hit the rule. | - +-----------------+-----------------+-----------------+-----------------------------------------------------+ + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +====================+=================+=================+============================================================================================================================================================================================================+ + | description | No | String | Rule description. | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | No | String | Rule name. | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | addr | Yes | String | IP addresses or an IP address range. -IP addresses: IP addresses to be added to the blacklist or whitelist, for example, 192.x.x.3 -IP address range: IP address and subnet mask, for example, 10.x.x.0/24 | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | white | Yes | String | Protective action. The value can be: | + | | | | | + | | | | - 0: WAF blocks the requests that hit the rule. | + | | | | | + | | | | - 1: WAF allows the requests that hit the rule. | + | | | | | + | | | | - 2: WAF only logs the requests that hit the rule. | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action_id | No | String | ID of a known attack source rule. This parameter can be configured only when **white** is set to **0**. | + +--------------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Response Parameters ------------------- @@ -70,6 +76,8 @@ Response Parameters +=======================+=======================+=====================================================+ | id | String | Rule ID | +-----------------------+-----------------------+-----------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+-----------------------------------------------------+ | policyid | String | Policy ID. | +-----------------------+-----------------------+-----------------------------------------------------+ | timestamp | Long | Rule creation time | @@ -82,7 +90,7 @@ Response Parameters | | | | | | | - 1: The rule is enabled. | +-----------------------+-----------------------+-----------------------------------------------------+ - | addr | String | lacklisted or whitelisted IP addresses | + | addr | String | Blacklisted or whitelisted IP addresses | +-----------------------+-----------------------+-----------------------------------------------------+ | white | Integer | Protective action. The value can be: | | | | | @@ -92,6 +100,8 @@ Response Parameters | | | | | | | - 2: WAF only logs the requests that hit the rule. | +-----------------------+-----------------------+-----------------------------------------------------+ + | followed_action_id | String | ID of the known attack source rule. | + +-----------------------+-----------------------+-----------------------------------------------------+ **Status code: 400** @@ -136,7 +146,7 @@ Example Requests { "white" : 0, "description" : "demo", - "addr" : "10.1.1.2" + "addr" : "10.1.1.0/24" } Example Responses @@ -154,7 +164,7 @@ Request succeeded. "timestamp" : 1650531872900, "description" : "demo", "status" : 1, - "addr" : "10.1.1.2", + "addr" : "10.1.1.0/24", "white" : 0 } diff --git a/api-ref/source/apis/rule_management/updating_a_cc_attack_protection_rule.rst b/api-ref/source/apis/rule_management/updating_a_cc_attack_protection_rule.rst index acfd7da..0d5f76f 100644 --- a/api-ref/source/apis/rule_management/updating_a_cc_attack_protection_rule.rst +++ b/api-ref/source/apis/rule_management/updating_a_cc_attack_protection_rule.rst @@ -17,13 +17,15 @@ PUT /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String policyid - rule_id Yes String ccRuleId - ========== ========= ====== =========== + +------------+-----------+--------+---------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+===========================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+---------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+---------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the cc rule. It can be obtained by calling the **ListCcRules** API. | + +------------+-----------+--------+---------------------------------------------------------------------------+ Request Parameters ------------------ @@ -42,79 +44,185 @@ Request Parameters .. table:: **Table 3** Request body parameters - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=====================================================+==============================================================================================================================================================================================================+ - | description | No | String | Rule description | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_num | No | Integer | Frequency limits | - | | | | | - | | | | Minimum: **0** | - | | | | | - | | | | Maximum: **10000** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_period | No | Integer | Frequency limit unit | - | | | | | - | | | | Minimum: **0** | - | | | | | - | | | | Maximum: **10000** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | No | String | url | - | | | | | - | | | | Minimum: **0** | - | | | | | - | | | | Maximum: **10000** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | mode | No | Integer | Work mode. The value can be 0 (standard) or 1 (advanced). The parameters of the advanced mode cannot be described in the same document of the same API. For details, see this parameter on the console page. | - | | | | | - | | | | Enumeration values: | - | | | | | - | | | | - **0** | - | | | | | - | | | | - **1** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | No | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tag_type | No | String | Protection mode. | - | | | | | - | | | | - ip: A website visitor is identified by the IP address. | - | | | | | - | | | | - cookie: A website visitor is identified by the cookie key value. | - | | | | | - | | | | - other: A website visitor is identified by the Referer field (user-defined request source). | - | | | | | - | | | | Enumeration values: | - | | | | | - | | | | - **ip** | - | | | | | - | | | | - **other** | - | | | | | - | | | | - **cookie** | - +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=========================================================================+==============================================================================================================================================================================================================================================================================================================================================================================================+ + | mode | Yes | Integer | Protection mode of the CC attack protection rule, which corresponds to the **Mode** field in the **Add CC Attack Protection Rule** dialog box on the WAF console. | + | | | | | + | | | | - **0**: standard. Only the protected paths of domain names can be specified. | + | | | | | + | | | | - **1**: The path, IP address, cookie, header, and params fields can all be set. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **0** | + | | | | | + | | | | - **1** | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | Yes | String | Path to be protected in the CC attack protection rule. This parameter is mandatory when the CC attack protection rule is in standard mode (i.e. the value of **mode** is **0**). | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | No | Array of :ref:`CcCondition ` objects | Rate limit conditions of the CC attack protection rule. This parameter is mandatory when the CC attack protection rule is in advanced mode (i.e. the value of **mode** is **1**). | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | Yes | :ref:`action ` object | Protection action to take if the number of requests reaches the upper limit. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | Yes | String | Rate limit mode. | + | | | | | + | | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | | + | | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | | + | | | | - **header**: User-based rate limiting. Website visitors are identified by the header field. | + | | | | | + | | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + | | | | | + | | | | - **other** | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_index | No | String | User identifier. This parameter is mandatory when the rate limit mode is set to **user** (cookie or header). | + | | | | | + | | | | - **cookie**: Set the cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported. For example, if a website uses the name field in the cookie to uniquely identify a website visitor, select name. | + | | | | | + | | | | - **header**: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_condition | No | :ref:`tag_condition ` object | User tag. This parameter is mandatory when the rate limit mode is set to **other**. - **other**: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | Yes | Integer | Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | Yes | Integer | Rate limit period, in seconds. The value ranges from 1 to 3,600. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unlock_num | No | Integer | Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. This parameter is required only when the protection action type is **dynamic_block**. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | No | Integer | Block duration, in seconds. The value ranges from 0 to 65,535. Specifies the period within which access is blocked. An error page is displayed in this period. | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+-------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updateccrule__request_cccondition: + +.. table:: **Table 4** CcCondition + + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+===========================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | Yes | String | Field type. The value can be **url**, **ip**, **params**, **cookie**, or **header**. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **url** | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | Yes | String | Logic for matching the condition. | + | | | | | + | | | | - If the category is **url**, the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal | + | | | | | + | | | | - If the category is **ip**, the optional operations are: equal, not_equal, , equal_any and not_equal_all | + | | | | | + | | | | - If the category is **params**, **cookie** and **header**, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **contain** | + | | | | | + | | | | - **not_contain** | + | | | | | + | | | | - **equal** | + | | | | | + | | | | - **not_equal** | + | | | | | + | | | | - **prefix** | + | | | | | + | | | | - **not_prefix** | + | | | | | + | | | | - **suffix** | + | | | | | + | | | | - **not_suffix** | + | | | | | + | | | | - **contain_any** | + | | | | | + | | | | - **not_contain_all** | + | | | | | + | | | | - **equal_any** | + | | | | | + | | | | - **not_equal_all** | + | | | | | + | | | | - **prefix_any** | + | | | | | + | | | | - **not_prefix_all** | + | | | | | + | | | | - **suffix_any** | + | | | | | + | | | | - **not_suffix_all** | + | | | | | + | | | | - **num_greater** | + | | | | | + | | | | - **num_less** | + | | | | | + | | | | - **num_equal** | + | | | | | + | | | | - **num_not_equal** | + | | | | | + | | | | - **exist** | + | | | | | + | | | | - **not_exist** | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Content of the conditions. This parameter is mandatory when the suffix of **logic_operation** is not any or all. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | No | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of **logic_operation** is any or all. The reference table type must be the same as the category type. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | No | String | Subfield. When **category** is set to params, cookie, or header, set this parameter based on site requirements. This parameter is mandatory. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updateccrule__request_action: -.. table:: **Table 4** action +.. table:: **Table 5** action - +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+===========================================================================================================================================================+ - | category | No | String | Action type: | - | | | | | - | | | | - **block**: WAF blocks discovered attacks. | - | | | | | - | | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | - | | | | | - | | | | - If **tag_type** is set to **other**, the value can only be **block**. | - +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | detail | No | String | Action details. If detail is null, the default block page is displayed by default. | - | | | | | - | | | | - This parameter cannot be included when **category** is set to **captcha**. | - | | | | | - | | | | - This parameter is required when **category** is set to **block**. | - +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=====================================================+==========================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | Yes | String | Action type: | + | | | | | + | | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | | + | | | | - **block**: WAF blocks the requests. When **tag_type** is set to **other**, the value can only be **block**. | + | | | | | + | | | | - **log**: WAF logs the event only. | + | | | | | + | | | | - **dynamic_block**: In the previous rate limit period, if the request frequency exceeds the value of Rate Limit Frequency, the request is blocked. In the next rate limit period, if the request frequency exceeds the value of Permit Frequency, the request is still blocked. Note: The **dynamic_block** protection action can be set only when the advanced protection mode is enabled for the CC protection rule. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **captcha** | + | | | | | + | | | | - **block** | + | | | | | + | | | | - **log** | + | | | | | + | | | | - **dynamic_block** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | No | :ref:`detail ` object | Block page information. When protection action **category** is set to **block** or **dynamic_block**, you need to set the returned block page. | + | | | | | + | | | | - If you want to use the default block page, this parameter can be excluded. | + | | | | | + | | | | - If you want to use a custom block page, set this parameter. | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. table:: **Table 5** detail +.. _updateccrule__request_detail: + +.. table:: **Table 6** detail +-----------+-----------+---------------------------------------------------------+----------------+ | Parameter | Mandatory | Type | Description | @@ -124,144 +232,274 @@ Request Parameters .. _updateccrule__request_response: -.. table:: **Table 6** response +.. table:: **Table 7** response - +--------------+-----------+--------+-------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +==============+===========+========+===============================================================================+ - | content_type | No | String | Content type. The value can only be application/json, text/html, or text/xml. | - +--------------+-----------+--------+-------------------------------------------------------------------------------+ - | content | No | String | Protection page content. | - +--------------+-----------+--------+-------------------------------------------------------------------------------+ + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================================================+ + | content_type | No | String | Content type. The value can only be **application/json**, **text/html**, or **text/xml**. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **application/json** | + | | | | | + | | | | - **text/html** | + | | | | | + | | | | - **text/xml** | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------+ + | content | No | String | Protection page content. | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------+ + +.. _updateccrule__request_tag_condition: + +.. table:: **Table 8** tag_condition + + +-----------+-----------+------------------+-----------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+==================+=====================================================+ + | category | No | String | User identifier. The value is fixed at **referer**. | + +-----------+-----------+------------------+-----------------------------------------------------+ + | contents | No | Array of strings | Content of the user identifier field. | + +-----------+-----------+------------------+-----------------------------------------------------+ Response Parameters ------------------- **Status code: 200** -.. table:: **Table 7** Response body parameters +.. table:: **Table 9** Response body parameters - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+========================================================================+========================================================================================================================================================================+ - | id | String | Rule ID. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | - | | | | - | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | - | | | | - | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | mode | Integer | Mode. | - | | | | - | | | - **0**: Standard. | - | | | | - | | | - **1**: Advanced | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | limit_period | String | Rate limiting period | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | tag_type | String | Protection mode. | - | | | | - | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | - | | | | - | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | - | | | | - | | | - other: A website visitor is identified by the Referer field (user-defined request source). | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be **0** or **1**. | - | | | | - | | | - **0**: The rule is disabled. | - | | | | - | | | - **1**: The rule is enabled. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Rule description | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Time the rule is created. | - +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==========================================================================+==============================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard. | + | | | | + | | | - **1**: Advanced. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`CcCondition ` objects | Rate limit conditions of the CC attack protection rule. This parameter is mandatory when the CC attack protection rule is in advanced mode (i.e. the value of **mode** is **1**). | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Protection action to take if the number of requests reaches the upper limit. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Rate limit mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | + | | | | + | | | Enumeration values: | + | | | | + | | | - **ip** | + | | | | + | | | - **other** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_index | String | User identifier. This parameter is mandatory when the rate limit mode is set to **user** (cookie or header). | + | | | | + | | | - **cookie**: Set the cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported. For example, if a website uses the name field in the cookie to uniquely identify a website visitor, select name. | + | | | | + | | | - **header**: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_condition | :ref:`tag_condition ` object | User tag. This parameter is mandatory when the rate limit mode is set to **other**. - **other**: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | Integer | Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | Integer | Rate limit period, in seconds. The value ranges from 1 to 3,600. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unlock_num | Integer | Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. This parameter is required only when the protection action type is **dynamic_block**. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | Integer | Block duration, in seconds. The value ranges from 0 to 65,535. The period within which access is blocked. An error page is displayed in this period. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | total_num | Integer | This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | unaggregation | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updateccrule__response_cccondition: + +.. table:: **Table 10** CcCondition + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **url**, **ip**, **params**, **cookie**, or **header**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **url** | + | | | | + | | | - **ip** | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | - If the category is **url**, the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal | + | | | | + | | | - If the category is **ip**, the optional operations are: equal, not_equal, , equal_any and not_equal_all | + | | | | + | | | - If the category is **params**, **cookie** and **header**, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. This parameter is mandatory when the suffix of **logic_operation** is not any or all. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of **logic_operation** is any or all. The reference table type must be the same as the category type. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield. When **category** is set to params, cookie, or header, set this parameter based on site requirements. This parameter is mandatory. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updateccrule__response_action: -.. table:: **Table 8** action +.. table:: **Table 11** action - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===========================================================================================================================================================+ - | category | String | Action type: | - | | | | - | | | - **block**: WAF blocks discovered attacks. | - | | | | - | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | - | | | | - | | | - If **tag_type** is set to **other**, the value can only be **block**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | detail | String | Action details. If detail is null, the default block page is displayed by default. | - | | | | - | | | - This parameter cannot be included when **category** is set to **captcha**. | - | | | | - | | | - This parameter is required when **category** is set to **block**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+======================================================+==========================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - captcha: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - **block**: WAF blocks the requests. When **tag_type** is set to **other**, the value can only be **block**. | + | | | | + | | | - **log**: WAF logs the event only. | + | | | | + | | | - **dynamic_block**: In the previous rate limit period, if the request frequency exceeds the value of Rate Limit Frequency, the request is blocked. In the next rate limit period, if the request frequency exceeds the value of Permit Frequency, the request is still blocked. Note: The **dynamic_block** protection action can be set only when the advanced protection mode is enabled for the CC protection rule. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **captcha** | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + | | | | + | | | - **dynamic_block** | + +-----------------------+------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | :ref:`detail ` object | Block page information. When protection action **category** is set to **block** or **dynamic_block**, you need to set the returned block page. | + | | | | + | | | - If you want to use the default block page, this parameter can be excluded. | + | | | | + | | | - If you want to use a custom block page, set this parameter. | + +-----------------------+------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. table:: **Table 9** detail +.. _updateccrule__response_detail: - +-----------+----------------------------------------------------------+----------------+ - | Parameter | Type | Description | - +===========+==========================================================+================+ - | response | :ref:`response ` object | Returned page. | - +-----------+----------------------------------------------------------+----------------+ +.. table:: **Table 12** detail + + +-----------+----------------------------------------------------------+-------------+ + | Parameter | Type | Description | + +===========+==========================================================+=============+ + | response | :ref:`response ` object | Block Page | + +-----------+----------------------------------------------------------+-------------+ .. _updateccrule__response_response: -.. table:: **Table 10** response +.. table:: **Table 13** response - +--------------+--------+-------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +==============+========+===============================================================================+ - | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | - +--------------+--------+-------------------------------------------------------------------------------+ - | content | String | Contents | - +--------------+--------+-------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================+ + | content_type | String | Content type. The value can only be **application/json**, **text/html**, or **text/xml**. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **application/json** | + | | | | + | | | - **text/html** | + | | | | + | | | - **text/xml** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ + | content | String | Block page information. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------+ -.. _updateccrule__response_conditions: +.. _updateccrule__response_tag_condition: -.. table:: **Table 11** conditions +.. table:: **Table 14** tag_condition - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================================================================================================================================================================================================================================+ - | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Parameter description: | - | | | | - | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | - | | | | - | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | - | | | | - | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | - | | | | - | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | - | | | | - | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------+------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +===========+==================+=====================================================+ + | category | String | User identifier. The value is fixed at **referer**. | + +-----------+------------------+-----------------------------------------------------+ + | contents | Array of strings | Content of the user identifier field. | + +-----------+------------------+-----------------------------------------------------+ **Status code: 400** -.. table:: **Table 12** Response body parameters +.. table:: **Table 15** Response body parameters ========== ====== ============= Parameter Type Description @@ -272,7 +510,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 13** Response body parameters +.. table:: **Table 16** Response body parameters ========== ====== ============= Parameter Type Description @@ -283,7 +521,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 14** Response body parameters +.. table:: **Table 17** Response body parameters ========== ====== ============= Parameter Type Description @@ -321,7 +559,6 @@ Request succeeded. .. code-block:: { - "aging_time" : 0, "description" : "", "id" : "a5f3fd28db564696b199228f0ac346b2", "limit_num" : 10, @@ -333,7 +570,9 @@ Request succeeded. "status" : 1, "tag_type" : "ip", "total_num" : 0, + "aging_time" : 0, "unaggregation" : false, + "producer" : 1, "url" : "/path1" } diff --git a/api-ref/source/apis/rule_management/updating_a_geolocation_access_control_rule.rst b/api-ref/source/apis/rule_management/updating_a_geolocation_access_control_rule.rst index 5a3f4ee..fca3aff 100644 --- a/api-ref/source/apis/rule_management/updating_a_geolocation_access_control_rule.rst +++ b/api-ref/source/apis/rule_management/updating_a_geolocation_access_control_rule.rst @@ -17,13 +17,15 @@ PUT /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+======================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the geolocation access control rule. It can be obtained by calling the **ListGeoipRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -42,63 +44,67 @@ Request Parameters .. table:: **Table 3** Request body parameters - +-----------------+-----------------+-----------------+-------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+=======================================================+ - | geoip | Yes | String | Applicable regions. The value can be the region code. | - | | | | | - | | | | - CA: Canada | - | | | | | - | | | | - US: USA | - | | | | | - | | | | - AU: Australia | - | | | | | - | | | | - IN: India | - | | | | | - | | | | - JP: Japan | - | | | | | - | | | | - UK: United Kingdom | - | | | | | - | | | | - FR: France | - | | | | | - | | | | - DE: Germany | - | | | | | - | | | | - BR: Brazil | - | | | | | - | | | | - Ukraine: Ukraine | - | | | | | - | | | | - Pakistan: Pakistan | - | | | | | - | | | | - Palestine: Palestine | - | | | | | - | | | | - Israel: Israel | - | | | | | - | | | | - Iraq: Afghanistan | - | | | | | - | | | | - Libya: Libya | - | | | | | - | | | | - Turkey: Turkey | - | | | | | - | | | | - Thailand: Thailand | - | | | | | - | | | | - Singapore: Singapore | - | | | | | - | | | | - South Africa: South Africa | - | | | | | - | | | | - Mexico: Mexico | - | | | | | - | | | | - Peru: Peru | - +-----------------+-----------------+-----------------+-------------------------------------------------------+ - | white | Yes | Integer | Protective action. The value can be: | - | | | | | - | | | | - 0: WAF blocks the requests that hit the rule. | - | | | | | - | | | | - 1: WAF allows the requests that hit the rule. | - | | | | | - | | | | - 2: WAF only logs the requests that hit the rule. | - +-----------------+-----------------+-----------------+-------------------------------------------------------+ - | description | No | String | Rule description | - +-----------------+-----------------+-----------------+-------------------------------------------------------+ + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==================================================================================================================================+ + | geoip | Yes | String | Applicable regions. The value can be the region code. | + | | | | | + | | | | - CA: Canada | + | | | | | + | | | | - US: USA | + | | | | | + | | | | - AU: Australia | + | | | | | + | | | | - IN: India | + | | | | | + | | | | - JP: Japan | + | | | | | + | | | | - UK: United Kingdom | + | | | | | + | | | | - FR: France | + | | | | | + | | | | - DE: Germany | + | | | | | + | | | | - BR: Brazil | + | | | | | + | | | | - Ukraine: Ukraine | + | | | | | + | | | | - Pakistan: Pakistan | + | | | | | + | | | | - Palestine: Palestine | + | | | | | + | | | | - Israel: Israel | + | | | | | + | | | | - Iraq: Afghanistan | + | | | | | + | | | | - Libya: Libya | + | | | | | + | | | | - Turkey: Turkey | + | | | | | + | | | | - Thailand: Thailand | + | | | | | + | | | | - Singapore: Singapore | + | | | | | + | | | | - South Africa: South Africa | + | | | | | + | | | | - Mexico: Mexico | + | | | | | + | | | | - Peru: Peru | + | | | | | + | | | | - For more geographical location codes, see "Appendix - Geographic Location Codes." | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ + | white | Yes | Integer | Protective action. The value can be: | + | | | | | + | | | | - 0: WAF blocks the requests that hit the rule. | + | | | | | + | | | | - 1: WAF allows the requests that hit the rule. | + | | | | | + | | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ + | name | No | String | Rule name. Currently, the console does not support configuring names for geolocation access control rule. Ignore this parameter. | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------------------------+ Response Parameters ------------------- @@ -107,75 +113,81 @@ Response Parameters .. table:: **Table 4** Response body parameters - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+====================================================================+ - | id | String | Rule ID. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | policyid | String | Policy ID | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | geoip | String | Applicable regions. The value can be the region code. | - | | | | - | | | - CA: Canada | - | | | | - | | | - US: USA | - | | | | - | | | - AU: Australia | - | | | | - | | | - IN: India | - | | | | - | | | - JP: Japan | - | | | | - | | | - UK: United Kingdom | - | | | | - | | | - FR: France | - | | | | - | | | - DE: Germany | - | | | | - | | | - BR: Brazil | - | | | | - | | | - Ukraine: Ukraine | - | | | | - | | | - Pakistan: Pakistan | - | | | | - | | | - Palestine: Palestine | - | | | | - | | | - Israel: Israel | - | | | | - | | | - Iraq: Afghanistan | - | | | | - | | | - Libya: Libya | - | | | | - | | | - Turkey: Turkey | - | | | | - | | | - Thailand: Thailand | - | | | | - | | | - Singapore: Singapore | - | | | | - | | | - South Africa: South Africa | - | | | | - | | | - Mexico: Mexico | - | | | | - | | | - Peru: Peru | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | white | Integer | Protective action. The value can be: | - | | | | - | | | - 0: WAF blocks the requests that hit the rule. | - | | | | - | | | - 1: WAF allows the requests that hit the rule. | - | | | | - | | | - 2: WAF only logs the requests that hit the rule. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | - +-----------------------+-----------------------+--------------------------------------------------------------------+ - | description | String | Rule description | - +-----------------------+-----------------------+--------------------------------------------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Rule name. Currently, the console does not support configuring names for geolocation access control rule. Ignore this parameter. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoTagList | Array of strings | List of geographical locations hit the geolocation access control rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | geoip | String | Applicable regions. The value can be the region code. | + | | | | + | | | - CA: Canada | + | | | | + | | | - US: USA | + | | | | + | | | - AU: Australia | + | | | | + | | | - IN: India | + | | | | + | | | - JP: Japan | + | | | | + | | | - UK: United Kingdom | + | | | | + | | | - FR: France | + | | | | + | | | - DE: Germany | + | | | | + | | | - BR: Brazil | + | | | | + | | | - Ukraine: Ukraine | + | | | | + | | | - Pakistan: Pakistan | + | | | | + | | | - Palestine: Palestine | + | | | | + | | | - Israel: Israel | + | | | | + | | | - Iraq: Afghanistan | + | | | | + | | | - Libya: Libya | + | | | | + | | | - Turkey: Turkey | + | | | | + | | | - Thailand: Thailand | + | | | | + | | | - Singapore: Singapore | + | | | | + | | | - South Africa: South Africa | + | | | | + | | | - Mexico: Mexico | + | | | | + | | | - Peru: Peru | + | | | | + | | | - For more geographical location codes, see "Appendix - Geographic Location Codes." | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -236,6 +248,7 @@ Request succeeded. "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d", "name" : "demo", "description" : "demo", + "geoTagList" : [ "BR" ], "geoip" : "BR", "white" : 1 } diff --git a/api-ref/source/apis/rule_management/querying_a_false_alarm_masking_rule.rst b/api-ref/source/apis/rule_management/updating_a_global_protection_whitelist_false_alarm_masking_rule.rst similarity index 58% rename from api-ref/source/apis/rule_management/querying_a_false_alarm_masking_rule.rst rename to api-ref/source/apis/rule_management/updating_a_global_protection_whitelist_false_alarm_masking_rule.rst index dab771c..8b35c70 100644 --- a/api-ref/source/apis/rule_management/querying_a_false_alarm_masking_rule.rst +++ b/api-ref/source/apis/rule_management/updating_a_global_protection_whitelist_false_alarm_masking_rule.rst @@ -1,29 +1,31 @@ -:original_name: ShowIgnoreRule.html +:original_name: UpdateIgnoreRule.html -.. _ShowIgnoreRule: +.. _UpdateIgnoreRule: -Querying a False Alarm Masking Rule -=================================== +Updating a Global Protection Whitelist (False Alarm Masking) Rule +================================================================= Function -------- -This API is used to query a false alarm masking rule. +This API is used to update a global protection whitelist (false alarm masking) rule. URI --- -GET /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} +PUT /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the false alarm masking rule. It can be obtained by calling the **ListIgnoreRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -40,94 +42,146 @@ Request Parameters | | | | Default: **application/json;charset=utf8** | +-----------------+-----------------+-----------------+--------------------------------------------+ +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=====================================================================================+================================================================================================================================================================================================================================================================================================================================================================================================================+ + | domain | Yes | Array of strings | Domain names to be protected. If the array length is **0**, this rule will take effect for all domain names that are protected by the policies this rule belongs to. | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Yes | Array of :ref:`CreateCondition ` objects | Condition list | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Yes | Integer | The value is fixed at **1**, indicating v2 false alarm masking rules. | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | Yes | String | Items to be masked. You can provide multiple items and separate them with semicolons (;). | + | | | | | + | | | | - If you want to disable a specific built-in rule for a domain name, the value of this parameter is the rule ID. When requests are blocked against a certain built-in rule while you do not want this rule to block requests later, you can query the rule in the **Events** page on the console and find its rule ID in the **Hit Rule** column. Then, you can disk the rule by its ID (including 6 digits). | + | | | | | + | | | | - If you want to mask a type of basic web protection rules, set this parameter to the name of the type of basic web protection rules. **xss**: XSS attacks **webshell**: Web shells **vuln**: Other types of attacks **sqli**: SQL injection attack **robot**: Malicious crawlers **rfi**: Remote file inclusion **lfi**: Local file inclusion **cmdi**: Command injection attack | + | | | | | + | | | | - To bypass the basic web protection, set this parameter to **all**. | + | | | | | + | | | | - To bypass all WAF protection, set this parameter to **bypass**. | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | No | Array of :ref:`Advanced ` objects | To ignore attacks of a specific field, specify the field in the Advanced settings area. After you add the rule, WAF will stop blocking attacks of the specified field. This parameter is not included if all modules are bypassed. | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Description of the rule | + +-----------------+-----------------+-------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updateignorerule__request_createcondition: + +.. table:: **Table 4** CreateCondition + + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+=================================================================================================================================================================================================================================================================================================================================================================================+ + | category | No | String | Field type. The value can be **url**, **ip**, **params**, **cookie**, or **header**. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **url** | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Content. The array length is limited to **1**. The content format varies depending on the field type. For example, if the field type is **ip**, the value must be an IP address or IP address range. If the field type is **url**, the value must be in the standard URL format. IF the field type is **params**, **cookie**, or **header**, the content format is not limited. | + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | No | String | The matching logic varies depending on the field type. For example, if the field type is **ip**, the logic can be **equal** or **not_equal**. If the field type is **url**, **params**, **cookie**, or **header**, the logic can be **equal**, **not_equal**, **contain**, **not_contain**, **prefix**, **not_prefix**, **suffix**, **not_suffix**. | + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | No | String | If the field type is **ip** and the subfield is the client IP address, the **index** parameter is not required. If the subfield type is **X-Forwarded-For**, the value is **x-forwarded-for**; If the field type is **params**, **header**, or **cookie**, and the subfield is user-defined, the value of **index** is the user-defined subfield. | + +-----------------+-----------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updateignorerule__request_advanced: + +.. table:: **Table 5** Advanced + + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+=====================================================================================================================================+ + | index | No | String | Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. | + | | | | | + | | | | - When you select **Params**, **Cookie**, or **Header**, you can set this parameter to **all** or configure subfields as required. | + | | | | | + | | | | - When you select **Body** or **Multipart**, set this parameter to **all**. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Subfield of the specified field type. The default value is **all**. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + Response Parameters ------------------- **Status code: 200** -.. table:: **Table 3** Response body parameters +.. table:: **Table 6** Response body parameters - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ - | id | String | Rule ID. | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | policyid | String | Policy ID. | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | timestamp | Long | Rule creation time. | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | description | String | Provides supplementary information about the assignment. | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | status | Integer | Rule status. The value can be: | - | | | | - | | | - 0: The rule is disabled. | - | | | | - | | | - 1: The rule is enabled. | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | rule | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | - | | | | - | | | - xss or sqli: XSS attacks | - | | | | - | | | - cmdi: Command injectionrobot: Malicious crawlers | - | | | | - | | | - lfi: Local file inclusion | - | | | | - | | | - rfi: Remote file inclusionwebshell: Website Trojans | - | | | | - | | | - cc: CC attacks -custom_custom: Precise protection | - | | | | - | | | - custom_whiteblackip: IP address blacklist and whitelist | - | | | | - | | | - custom_geoip: Geolocation access control | - | | | | - | | | - antitamper: Web tamper protection | - | | | | - | | | - anticrawler: Anti-crawler protection | - | | | | - | | | - leakage: Data leakage prevention | - | | | | - | | | - illegal: Illegal requests | - | | | | - | | | - vuln: Other attack types | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | url_logic | String | URL match logic: | - | | | | - | | | - **equal**: full match | - | | | | - | | | - **prefix**: prefix match | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | domains | Array of strings | Protected domain name | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | advanced | :ref:`advanced ` object | advanced | - +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==========================================================================+================================================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | String | Items to be masked. You can provide multiple items and separate them with semicolons (;). | + | | | | + | | | - If you want to disable a specific built-in rule for a domain name, the value of this parameter is the rule ID. When requests are blocked against a certain built-in rule while you do not want this rule to block requests later, you can query the rule in the **Events** page on the console and find its rule ID in the **Hit Rule** column. Then, you can disk the rule by its ID (including 6 digits). | + | | | | + | | | - If you want to mask a type of basic web protection rules, set this parameter to the name of the type of basic web protection rules. **xss**: XSS attacks **webshell**: Web shells **vuln**: Other types of attacks **sqli**: SQL injection attack **robot**: Malicious crawlers **rfi**: Remote file inclusion **lfi**: Local file inclusion **cmdi**: Command injection attack | + | | | | + | | | - To bypass the basic web protection, set this parameter to **all**. | + | | | | + | | | - To bypass all WAF protection, set this parameter to **bypass**. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | The value is fixed at **1**, indicating v2 false alarm masking rules are used. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`Condition ` objects | Condition list | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | Array of :ref:`Advanced ` objects | Advanced settings | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domain | Array of strings | Domain names to be protected. If the array length is **0**, this rule will take effect for all domain names that are protected by the policies this rule belongs to. | + +-----------------------+--------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. _showignorerule__response_advanced: +.. _updateignorerule__response_condition: -.. table:: **Table 4** advanced +.. table:: **Table 7** Condition - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=====================================================================================================================================================================================================================================+ - | index | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | - | | | | - | | | - cookie: session cookie | - | | | | - | | | - header: header field | - | | | | - | | | - body: body field | - | | | | - | | | - multipart: multipart/form-data type data | - | | | | - | | | - params: parameter | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | content | String | Specified field (available only for param, cookie, and header) | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=========================+==================+=====================================================================================================================================================================================================================================================================================================================================================+ + | category | String | Field type. The value can be **ip**, **url**, **params**, **cookie**, or **header**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address range. If the field type is url, the value must be a URL in standard format. If the field type is params, cookie, or header, the content format is not limited. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | The matching logic varies depending on the field type. For example, if the field type is **ip**, the logic can be **equal** or **not_equal**. If the field type is **url**, **params**, **cookie**, or **header**, the logic can be **equal**, **not_equal**, **contain**, **not_contain**, **prefix**, **not_prefix**, **suffix**, **not_suffix**. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | check_all_indexes_logic | Integer | This parameter is reserved and can be ignored. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | If the field type is **ip** and the subfield is the client IP address, the **index** parameter does not exist. If the subfield type is **X-Forwarded-For**, the value is **x-forwarded-for**. If the field type is **params**, **header**, or **cookie**, and the subfield is user-defined, the value of **index** is the user-defined subfield. | + +-------------------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updateignorerule__response_advanced: + +.. table:: **Table 8** Advanced + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================+ + | index | String | Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. | + | | | | + | | | - When you select **Params**, **Cookie**, or **Header**, you can set this parameter to **all** or configure subfields as required. | + | | | | + | | | - When you select **Body** or **Multipart**, set this parameter to **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Subfield of the specified field type. The default value is **all**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+ **Status code: 400** -.. table:: **Table 5** Response body parameters +.. table:: **Table 9** Response body parameters ========== ====== ============= Parameter Type Description @@ -138,7 +192,7 @@ Response Parameters **Status code: 401** -.. table:: **Table 6** Response body parameters +.. table:: **Table 10** Response body parameters ========== ====== ============= Parameter Type Description @@ -149,7 +203,7 @@ Response Parameters **Status code: 500** -.. table:: **Table 7** Response body parameters +.. table:: **Table 11** Response body parameters ========== ====== ============= Parameter Type Description @@ -163,7 +217,20 @@ Example Requests .. code-block:: text - GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}? + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}? + + { + "domain" : [ "www.example.com" ], + "mode" : 1, + "description" : "", + "conditions" : [ { + "category" : "ip", + "logic_operation" : "equal", + "index" : null, + "contents" : [ "x.x.x.x" ] + } ], + "rule" : "006602" + } Example Responses ----------------- @@ -175,15 +242,19 @@ Request succeeded. .. code-block:: { - "id" : "c20f67b3e1c040c0b0d8866e568ee8bf", - "policyid" : "a75e96d8284c4c4f98ada7d391e8342c", - "timestamp" : 1656507126528, - "description" : "", + "id" : "40484384970948d79fffe4e4ae1fc54d", + "policyid" : "f385eceedf7c4c34a4d1def19eafbe85", + "timestamp" : 1650512535222, + "description" : "demo", "status" : 1, - "domain" : [ "test3.th.com" ], - "rule" : "webshell", - "url_logic" : "equal", - "url" : "/demo" + "rule" : "006602", + "mode" : 1, + "conditions" : [ { + "category" : "ip", + "contents" : [ "x.x.x.x" ], + "logic_operation" : "equal" + } ], + "domain" : [ "www.example.com" ] } Status Codes diff --git a/api-ref/source/apis/rule_management/updating_a_javascript_anti-crawler_rule.rst b/api-ref/source/apis/rule_management/updating_a_javascript_anti-crawler_rule.rst new file mode 100644 index 0000000..18c9f5b --- /dev/null +++ b/api-ref/source/apis/rule_management/updating_a_javascript_anti-crawler_rule.rst @@ -0,0 +1,213 @@ +:original_name: UpdateAnticrawlerRule.html + +.. _UpdateAnticrawlerRule: + +Updating a JavaScript Anti-Crawler Rule +======================================= + +Function +-------- + +This API is used to update a JavaScript anti-crawler rule. + +URI +--- + +PUT /v1/{project_id}/waf/policy/{policy_id}/anticrawler/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=========================================================================================================================================================================================================================================+ + | project_id | Yes | String | Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose **My Credentials**. Then, in the **Projects** area, view **Project ID** of the corresponding project. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | ID of a protection policy. You can specify a protection policy ID to query the rules used in the protection policy. You can obtain the policy ID by calling the **ListPolicy** API. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | Rule ID. | + +------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=======================+===========+========+============================================================================+ + | enterprise_project_id | No | String | You can obtain the ID by calling the **ListEnterpriseProject** API of EPS. | + +-----------------------+-----------+--------+----------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==============================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of **X-Subject-Token** in the response header). | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 4** Request body parameters + + +-----------------+-----------------+-----------------+--------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+================================+ + | url | Yes | String | URL to which the rule applies. | + +-----------------+-----------------+-----------------+--------------------------------+ + | logic | Yes | Integer | Rule matching logic | + | | | | | + | | | | - **1**: Include | + | | | | | + | | | | - **2**: Not include | + | | | | | + | | | | - **3**: Equal | + | | | | | + | | | | - **4**: Not equal | + | | | | | + | | | | - **5**: Prefix is | + | | | | | + | | | | - **6**: Prefix is not | + | | | | | + | | | | - **7**: Suffix is | + | | | | | + | | | | - **8**: Suffix is not | + +-----------------+-----------------+-----------------+--------------------------------+ + | name | Yes | String | Rule name. | + +-----------------+-----------------+-----------------+--------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 5** Response body parameters + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | id | String | Rule ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | logic | Integer | Rule matching logic | + | | | | + | | | - **1**: Include | + | | | | + | | | - **2**: Not include | + | | | | + | | | - **3**: Equal | + | | | | + | | | - **4**: Not equal | + | | | | + | | | - **5**: Prefix is | + | | | | + | | | - **6**: Prefix is not | + | | | | + | | | - **7**: Suffix is | + | | | | + | | | - **8**: Suffix is not | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | name | String | Rule name. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | type | String | JavaScript anti-crawler rule type. | + | | | | + | | | - **anticrawler_specific_url**: used to protect a specific path specified by the rule. | + | | | | + | | | - **anticrawler_except_url**: used to protect all paths except the one specified by the rule. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/anticrawler/{rule_id}? + + { + "url" : "/patent/id", + "logic" : 3, + "name" : "demo" + } + +Example Responses +----------------- + +**Status code: 200** + +ok + +.. code-block:: + + { + "id" : "607d14b8153540c0af51a00fe2140d05", + "policyid" : "777716e0b7b84b5192b9d373f7c6d4f0", + "name" : "demo", + "timestamp" : 1675152776784, + "status" : 1, + "url" : "/patent/id", + "logic" : 3, + "type" : "anticrawler_except_url" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 ok +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/updating_a_known_attack_source_rule.rst b/api-ref/source/apis/rule_management/updating_a_known_attack_source_rule.rst new file mode 100644 index 0000000..8272f11 --- /dev/null +++ b/api-ref/source/apis/rule_management/updating_a_known_attack_source_rule.rst @@ -0,0 +1,169 @@ +:original_name: UpdatePunishmentRule.html + +.. _UpdatePunishmentRule: + +Updating a Known Attack Source Rule +=================================== + +Function +-------- + +This API is used update a known attack source rule. + +URI +--- + +PUT /v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+====================================================================================================+ + | project_id | Yes | String | project_id | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the known attack source rule. It can be obtained by calling the **ListPunishmentRules** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-------------+-----------+---------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=============+===========+=========+===========================================================================================================================================================================================================================================================+ + | block_time | Yes | Integer | Block duration, in seconds. If prefix **long** is selected for the rule type, the value for **block_time** ranges from **301** to **1800**. If prefix **short** is selected for the rule type, the value for **block_time** ranges from **0** to **300**. | + +-------------+-----------+---------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Description | + +-------------+-----------+---------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+--------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+======================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+--------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------+ + | block_time | Integer | Block duration, in seconds. | + +-----------------------+-----------------------+--------------------------------------+ + | category | String | Type of the know attack source rule. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **long_ip_block** | + | | | | + | | | - **long_cookie_block** | + | | | | + | | | - **long_params_block** | + | | | | + | | | - **short_ip_block** | + | | | | + | | | - **short_cookie_block** | + | | | | + | | | - **short_params_block** | + +-----------------------+-----------------------+--------------------------------------+ + | description | String | Description | + +-----------------------+-----------------------+--------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id}? + + { + "category" : "long_ip_block", + "block_time" : "1233", + "description" : "update" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "block_time" : 1233, + "category" : "long_ip_block", + "description" : "update", + "id" : "2c3afdcc982b429da4f72ee483aece3e", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668148186106 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/updating_a_precise_protection_rule.rst b/api-ref/source/apis/rule_management/updating_a_precise_protection_rule.rst index b8b4bbc..3aa2235 100644 --- a/api-ref/source/apis/rule_management/updating_a_precise_protection_rule.rst +++ b/api-ref/source/apis/rule_management/updating_a_precise_protection_rule.rst @@ -17,15 +17,15 @@ PUT /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} .. table:: **Table 1** Path Parameters - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +============+===========+========+================================================================================+ - | project_id | Yes | String | Project ID | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | - +------------+-----------+--------+--------------------------------------------------------------------------------+ - | rule_id | Yes | String | rule id | - +------------+-----------+--------+--------------------------------------------------------------------------------+ + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the precise protection rule. It can be obtained by calling the **ListCustomeRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------+ Request Parameters ------------------ @@ -47,7 +47,7 @@ Request Parameters +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Parameter | Mandatory | Type | Description | +=================+=================+=======================================================================================+====================================================================================================================================================================================+ - | time | No | Boolean | Time the precise protection rule takes effect. | + | time | Yes | Boolean | Time the precise protection rule takes effect. | | | | | | | | | | - false: The rule takes effect immediately. | | | | | | @@ -61,46 +61,136 @@ Request Parameters +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | conditions | No | Array of :ref:`CustomConditions ` objects | Match condition List | +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action | No | :ref:`CustomAction ` object | Protective action of the precise protection rule. | + | action | Yes | :ref:`CustomAction ` object | Protective action of the precise protection rule. | +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | priority | No | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | + | priority | Yes | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updatecustomrule__request_customconditions: .. table:: **Table 4** CustomConditions - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+==================+=============================================================================================================================================================================================================+ - | category | No | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | No | String | Subfield | - | | | | | - | | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | - | | | | | - | | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | No | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | No | Array of strings | Condition content for matching the rule | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | value_list_id | No | String | ID of the reference table | - +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+============================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | category | No | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **url** | + | | | | | + | | | | - **user-agent** | + | | | | | + | | | | - **referer** | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **method** | + | | | | | + | | | | - **request_line** | + | | | | | + | | | | - **request** | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | No | String | Subfield | + | | | | | + | | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | | + | | | | - When the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | No | String | Logic for matching the condition. | + | | | | | + | | | | - If the category is **url**, **user-agent** or **referer** , the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal | + | | | | | + | | | | - If the category is **ip**, the optional operations are: equal, not_equal, , equal_any and not_equal_all | + | | | | | + | | | | - If the category is **method**, the optional operations are: equal and not_equal | + | | | | | + | | | | - If the category is **request_line** and **request**, the optional operations are: len_greater, len_less, len_equal and len_not_equal | + | | | | | + | | | | - If the category is **params**, **header**, and **cookie**, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **contain** | + | | | | | + | | | | - **not_contain** | + | | | | | + | | | | - **equal** | + | | | | | + | | | | - **not_equal** | + | | | | | + | | | | - **prefix** | + | | | | | + | | | | - **not_prefix** | + | | | | | + | | | | - **suffix** | + | | | | | + | | | | - **not_suffix** | + | | | | | + | | | | - **contain_any** | + | | | | | + | | | | - **not_contain_all** | + | | | | | + | | | | - **equal_any** | + | | | | | + | | | | - **not_equal_all** | + | | | | | + | | | | - **prefix_any** | + | | | | | + | | | | - **not_prefix_all** | + | | | | | + | | | | - **suffix_any** | + | | | | | + | | | | - **not_suffix_all** | + | | | | | + | | | | - **num_greater** | + | | | | | + | | | | - **num_less** | + | | | | | + | | | | - **num_equal** | + | | | | | + | | | | - **num_not_equal** | + | | | | | + | | | | - **exist** | + | | | | | + | | | | - **not_exist** | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Content of the conditions. This parameter is mandatory when the suffix of **logic_operation** is not any or all. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | No | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of **logic_operation** is any or all. The reference table type must be the same as the category type. | + +-----------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updatecustomrule__request_customaction: .. table:: **Table 5** CustomAction - +-----------------+-----------------+-----------------+-------------------------------+ - | Parameter | Mandatory | Type | Description | - +=================+=================+=================+===============================+ - | category | No | String | Action type. | - | | | | | - | | | | - block: WAF blocks attacks. | - | | | | | - | | | | - pass: WAF allows requests. | - +-----------------+-----------------+-----------------+-------------------------------+ + +--------------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +====================+=================+=================+================================================================================================================+ + | category | Yes | String | Operation type | + | | | | | + | | | | - **block**: WAF blocks attacks. | + | | | | | + | | | | - **pass**: WAF allows requests. | + | | | | | + | | | | - **log**: WAF only logs detected attacks. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **block** | + | | | | | + | | | | - **pass** | + | | | | | + | | | | - **log** | + +--------------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------+ + | followed_action_id | No | String | ID of a known attack source rule. This parameter can be configured only when **category** is set to **block**. | + +--------------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------------+ Response Parameters ------------------- @@ -128,8 +218,6 @@ Response Parameters +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | action_mode | Boolean | This parameter is reserved and can be ignored. | - +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | timestamp | Long | Timestamp when the precise protection rule is created. | @@ -138,40 +226,112 @@ Response Parameters +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | aging_time | Integer | Rule aging time. This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | producer | Integer | Rule creation object. This parameter is reserved and can be ignored currently. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updatecustomrule__response_conditions: .. table:: **Table 7** conditions - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+=============================================================================================================================================================================================================+ - | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | index | String | Subfield | - | | | | - | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | - | | | | - | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | contents | Array of strings | Content of the conditions. | - +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - When the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **contain** | + | | | | + | | | - **not_contain** | + | | | | + | | | - **equal** | + | | | | + | | | - **not_equal** | + | | | | + | | | - **prefix** | + | | | | + | | | - **not_prefix** | + | | | | + | | | - **suffix** | + | | | | + | | | - **not_suffix** | + | | | | + | | | - **contain_any** | + | | | | + | | | - **not_contain_all** | + | | | | + | | | - **equal_any** | + | | | | + | | | - **not_equal_all** | + | | | | + | | | - **prefix_any** | + | | | | + | | | - **not_prefix_all** | + | | | | + | | | - **suffix_any** | + | | | | + | | | - **not_suffix_all** | + | | | | + | | | - **len_greater** | + | | | | + | | | - **len_less** | + | | | | + | | | - **len_equal** | + | | | | + | | | - **num_greater** | + | | | | + | | | - **num_less** | + | | | | + | | | - **num_equal** | + | | | | + | | | - **num_not_equal** | + | | | | + | | | - **exist** | + | | | | + | | | - **not_exist** | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is available only when a reference table is used when a protection rule is created. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. _updatecustomrule__response_customaction: .. table:: **Table 8** CustomAction - +-----------------------+-----------------------+-------------------------------+ - | Parameter | Type | Description | - +=======================+=======================+===============================+ - | category | String | Action type. | - | | | | - | | | - block: WAF blocks attacks. | - | | | | - | | | - pass: WAF allows requests. | - +-----------------------+-----------------------+-------------------------------+ + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+================================================================================================================+ + | category | String | Operation type | + | | | | + | | | - **block**: WAF blocks attacks. | + | | | | + | | | - **pass**: WAF allows requests. | + | | | | + | | | - **log**: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **pass** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ + | followed_action_id | String | ID of a known attack source rule. This parameter can be configured only when **category** is set to **block**. | + +-----------------------+-----------------------+----------------------------------------------------------------------------------------------------------------+ **Status code: 400** @@ -214,21 +374,18 @@ Example Requests PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}? { - "description": "", - "action": { - "category": "block" - }, - "priority": 50, - "conditions": [ - { - "category": "header", - "logic_operation": "contain", - "index": "demo2" - "content" ["demo"] - } - ], - ], - "time": false + "action" : { + "category" : "block" + }, + "time" : false, + "priority" : 50, + "description" : "", + "conditions" : [ { + "category" : "url", + "logic_operation" : "contain", + "index" : null, + "contents" : [ "test" ] + } ] } Example Responses @@ -241,23 +398,24 @@ Request succeeded. .. code-block:: { + "id" : "88e8bf4158324b2d9a233e7ffb95516d", + "policyid" : "dde63c25e8394b21b16a2a49a99e659b", + "timestamp" : 1678799936830, + "description" : "", + "status" : 1, + "time" : false, + "priority" : 50, + "action_mode" : false, + "conditions" : [ { + "category" : "url", + "contents" : [ "test" ], + "logic_operation" : "contain" + } ], "action" : { "category" : "block" }, - "action_mode" : false, - "aging_time" : 0, - "conditions" : [ { - "category" : "header", - "index" : "demo2", - "logic_operation" : "contain", - "content" : [ "demo" ] - } ], - "description" : "", - "id" : "2a3caa2bc9814c09ad73d02e3485b4a4", - "policyid" : "1f016cde588646aca3fb19f277c44d03", - "priority" : 50, - "status" : 1, - "time" : false + "producer" : 1, + "aging_time" : 0 } Status Codes diff --git a/api-ref/source/apis/rule_management/updating_an_information_leakage_prevention_rule.rst b/api-ref/source/apis/rule_management/updating_an_information_leakage_prevention_rule.rst new file mode 100644 index 0000000..4dbdabd --- /dev/null +++ b/api-ref/source/apis/rule_management/updating_an_information_leakage_prevention_rule.rst @@ -0,0 +1,197 @@ +:original_name: UpdateAntileakageRule.html + +.. _UpdateAntileakageRule: + +Updating an Information Leakage Prevention Rule +=============================================== + +Function +-------- + +This API is used to update an information leakage prevention rule. + +URI +--- + +PUT /v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================================================+ + | project_id | Yes | String | project ID | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the information leakage protection rule. It can be obtained by calling the **ListAntileakageRules** API. | + +------------+-----------+--------+----------------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+===================================================================================================================================================================================+ + | url | Yes | String | URL to which the rule applies. | + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | category | Yes | String | Sensitive information type in the information leakage prevention rule. | + | | | | | + | | | | - **sensitive**: The rule masks sensitive user information, such as ID code, phone numbers, and email addresses. | + | | | | | + | | | | - **code**: The rule blocks response pages of specified HTTP response code. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **code** | + | | | | | + | | | | - **sensitive** | + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Yes | Array of strings | Content corresponding to the sensitive information type. Multiple options can be set. | + | | | | | + | | | | - When **category** is set to **code**, the pages that contain the following HTTP response codes will be blocked: 400, 401, 402, 403, 404, 405, 500, 501, 502, 503, 504 and 507. | + | | | | | + | | | | - When **category** is set to **sensitive**, parameters **phone**, **id_card**, and **email** can be set. | + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Description. | + +-----------------+-----------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==============================================================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------+ + | url | String | URL to which the rule applies. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------+ + | category | String | Sensitive information type in the information leakage prevention rule. | + | | | | + | | | - **code**: The rule masks sensitive user information, such as ID code, phone numbers, and email addresses. | + | | | | + | | | - **sensitive**: The rule blocks response pages of specified HTTP response code. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **code** | + | | | | + | | | - **sensitive** | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Value | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **0** | + | | | | + | | | - **1** | + +-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id}? + + { + "url" : "/login", + "category" : "sensitive", + "contents" : [ "id_card" ] + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "82c4f04f84fd4b2b9ba4b4ea0df8ee82", + "policyid" : "2fcbcb23ef0d48d99d24d7dcff00307d", + "timestamp" : 1668152426471, + "description" : "demo", + "status" : 1, + "url" : "/login", + "category" : "sensitive", + "contents" : [ "id_card" ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/updating_the_cache_for_a_web_tamper_protection_rule.rst b/api-ref/source/apis/rule_management/updating_the_cache_for_a_web_tamper_protection_rule.rst new file mode 100644 index 0000000..6c5e430 --- /dev/null +++ b/api-ref/source/apis/rule_management/updating_the_cache_for_a_web_tamper_protection_rule.rst @@ -0,0 +1,148 @@ +:original_name: UpdateAntiTamperRuleRefresh.html + +.. _UpdateAntiTamperRuleRefresh: + +Updating the Cache for a Web Tamper Protection Rule +=================================================== + +Function +-------- + +This API is used to updating the cache for a web tamper protection Rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}/refresh + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+======================================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the web tamper protection rule. It can be obtained by calling the **ListAntitamperRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp | + +-----------------------+-----------------------+------------------------------------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------+ + | hostname | String | Websites name protected by the web tamper protection rule, such as www.example.com | + +-----------------------+-----------------------+------------------------------------------------------------------------------------+ + | url | String | URL for the web tamper protection rule. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}/refresh? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "description" : "", + "hostname" : "www.domain.com", + "id" : "0f59185b76c143f884d21cd0d88e6fa8", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1666506256928, + "url" : "/login" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/updating_the_data_masking_rule_list.rst b/api-ref/source/apis/rule_management/updating_the_data_masking_rule_list.rst index 1514324..3c80465 100644 --- a/api-ref/source/apis/rule_management/updating_the_data_masking_rule_list.rst +++ b/api-ref/source/apis/rule_management/updating_the_data_masking_rule_list.rst @@ -17,13 +17,15 @@ PUT /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} .. table:: **Table 1** Path Parameters - ========== ========= ====== =========== - Parameter Mandatory Type Description - ========== ========= ====== =========== - project_id Yes String Project ID - policy_id Yes String Policy ID - rule_id Yes String Rule ID - ========== ========= ====== =========== + +------------+-----------+--------+------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+==========================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+------------------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the **ListPolicy** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------+ + | rule_id | Yes | String | ID of the data masking rule. It can be obtained by calling the **ListPrivacyRules** API. | + +------------+-----------+--------+------------------------------------------------------------------------------------------+ Request Parameters ------------------ diff --git a/api-ref/source/appendix/error_codes.rst b/api-ref/source/appendix/error_codes.rst index 3f67c8b..5e2b9d1 100644 --- a/api-ref/source/appendix/error_codes.rst +++ b/api-ref/source/appendix/error_codes.rst @@ -42,7 +42,7 @@ Error Codes +-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ | 400 | WAF.00012001 | invalid.token | Illegal token | Check whether the token is correct | +-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ -| 400 | WAF.00012002 | invalid.project | Inconsistency between project_id and token | Check Consistency of project_id and token | +| 400 | WAF.00012002 | invalid.project | Inconsistency between project_id and token | Check consistency of project_id and token | +-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ | 400 | WAF.00012003 | permission.denied | No permission | Assign WAF required permissions to account | +-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ diff --git a/api-ref/source/appendix/geographical_location_codes.rst b/api-ref/source/appendix/geographical_location_codes.rst new file mode 100644 index 0000000..3adc567 --- /dev/null +++ b/api-ref/source/appendix/geographical_location_codes.rst @@ -0,0 +1,166 @@ +:original_name: waf_02_0186.html + +.. _waf_02_0186: + +Geographical Location Codes +=========================== + ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Geographical Location Code | Geolocation | Code | Geolocation | Code | Geolocation | ++==============================================+==============================================+========================+========================+==================================+==================================+ +| Afghanistan | Afghanistan | Djibouti | Djibouti | Liechtenstein | Liechtenstein | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Ahvenanmaa | Ahvenanmaa | Dominica | Dominica | Lithuania | Lithuania | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Albania | Albania | Dominican Republic | Dominican Republic | Luxembourg | Luxembourg | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Algeria | Algeria | East Timor | East Timor | Spain | Spain | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| American Samoa | American Samoa | Ecuador | Ecuador | Madagascar | Madagascar | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Andorra | Andorra | Egypt | Egypt | Malawi | Malawi | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Angola | Angola | El Salvador | El Salvador | Malaysia | Malaysia | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Anguilla | Anguilla | Equatorial Guinea | Equatorial Guinea | Maldives | Maldives | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Antigua and Barbuda | Antigua and Barbuda | Eritrea | Eritrea | Mali | Mali | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Argentina | Argentina | Estonia | Estonia | Malta | Malta | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Armenia | Armenia | Ethiopia | Ethiopia | Marshall Islands | Marshall Islands | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Aruba | Aruba | Falkland Islands | Falkland Islands | Martinique | Martinique | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| AU | Australia | Faroe Islands | Faroe Islands | Mauritania | Mauritania | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Austria | Austria | Fiji | Fiji | Mauritius | Mauritius | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Azerbaijan | Azerbaijan | Finland | Finland | Mayotte | Mayotte | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Bahamas | Bahamas | FR | France | Mexico | Mexico | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Bahrain | Bahrain | French Guiana | French Guiana | Micronesia | Micronesia | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Bangladesh | Bangladesh | French Polynesia | French Polynesia | Moldova | Moldova | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Barbados | Barbados | Gabon | Gabon | Monaco | Monaco | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Belarus | Belarus | Gambia | Gambia | Mongolia | Mongolia | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Belgium | Belgium | Georgia | Georgia | Montenegro | Montenegro | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Belize | Belize | Ghana | Ghana | Montserrat | Montserrat | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Benin | Benin | Gibraltar | Gibraltar | Morocco | Morocco | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Bermuda | Bermuda | Greece | Greece | Mozambique | Mozambique | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Bhutan | Bhutan | Greenland | Greenland | Myanmar | Myanmar | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Bolivia | Bolivia | Grenada | Grenada | Namibia | Namibia | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Bosnia and Herzegovina | Bosnia and Herzegovina | Guadeloupe | Guadeloupe | Nauru | Nauru | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Botswana | Botswana | Guam | Guam | Nepal | Nepal | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Bouvet Island | Bouvet Island | Guatemala | Guatemala | New Caledonia | New Caledonia | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| BR | Brazil | Guernsey | Guernsey | New Zealand | New Zealand | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| British Indian Ocean Territory | British Indian Ocean Territory | Guinea | Guinea | Nicaragua | Nicaragua | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| British Virgin Islands | British Virgin Islands | Guinea-Bissau | Guinea-Bissau | Niger | Niger | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Brunei Darussalam | Brunei Darussalam | Guyana | Guyana | Nigeria | Nigeria | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Bulgaria | Bulgaria | Haiti | Haiti | Niue | Niue | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Burkina Faso | Burkina Faso | Honduras | Honduras | Norfolk Island | Norfolk Island | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Burundi | Burundi | Hungary | Hungary | North Korea | North Korea | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| CA | Canada | Iceland | Iceland | Northern Mariana Islands | Northern Mariana Islands | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Cambodia | Cambodia | IN | India | Norway | Norway | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Cameroon | Cameroon | Indonesia | Indonesia | Oman | Oman | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Cape Verde | Cape Verde | Turkmenistan | Turkmenistan | Pakistan | Pakistan | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Caribbean Netherlands | Caribbean Netherlands | Iraq | Iraq | Palau | Palau | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Cayman Islands | Cayman Islands | Ireland | Ireland | Palestine | Palestine | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Central African Republic | Central African Republic | Isle of Man | Isle of Man | Panama | Panama | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Chad | Chad | Israel | Israel | Papua New Guinea | Papua New Guinea | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Chile | Chile | Italy | Italy | Paraguay | Paraguay | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Christmas Island | Christmas Island | Jamaica | Jamaica | Peru | Peru | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Colombia | Colombia | Jersey | Jersey | Philippines | Philippines | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Comoros | Comoros | Jordan | Jordan | Poland | Poland | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Congo | Congo | JP | Japan | Portugal | Portugal | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Congo, Democratic Republic | Congo, Democratic Republic | Kazakhstan | Kazakhstan | Puerto Rico | Puerto Rico | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Cook Islands | Cook Islands | Kenya | Kenya | Qatar | Qatar | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Costa Rica | Costa Rica | Kiribati | Kiribati | Reunion | Reunion | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Cote D'Ivoire (Ivory Coast) | Cote D'Ivoire (Ivory Coast) | Kuwait | Kuwait | Romania | Romania | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Croatia | Croatia | Kyrgyzstan | Kyrgyzstan | Turks and Caicos Islands | Turks and Caicos Islands | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Cuba | Cuba | Laos | Laos | Rwanda | Rwanda | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Curaao | Curaao | Latvia | Latvia | Saint Barthelemy | Saint Barthelemy | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Cyprus | Cyprus | Lebanon | Lebanon | Saint Kitts and Nevis | Saint Kitts and Nevis | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Czech Republic | Czech Republic | Lesotho | Lesotho | Saint Lucia | Saint Lucia | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| DE | Germany | Liberia | Liberia | Saint Martin | Saint Martin | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Denmark | Denmark | Libya | Libya | Saint Vincent and the Grenadines | Saint Vincent and the Grenadines | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Saint-Pierre and Miquelon | Saint-Pierre and Miquelon | Sultan | Sultan | Tuvalu | Tuvalu | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Samoa | Samoa | Suriname | Suriname | Uganda | Uganda | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| San Marino | San Marino | Swaziland | Swaziland | UK | United Kingdom | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Sao Tome and Principe | Sao Tome and Principe | Sweden | Sweden | United Arab Emirates | United Arab Emirates | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Saudi Arabia | Saudi Arabia | Switzerland | Switzerland | United States Virgin Islands | United States Virgin Islands | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Senegal | Senegal | Syria | Syria | Uruguay | Uruguay | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Serbia | Serbia | Tajikistan | Tajikistan | US | United States | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Seychelles | Seychelles | Tanzania | Tanzania | Uzbekistan | Uzbekistan | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Sierra Leone | Sierra Leone | Thailand | Thailand | Vanuatu | Vanuatu | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Singapore | Singapore | The Netherlands | The Netherlands | Vatican City | Vatican City | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Sint Maarten | Sint Maarten | The Republic of Korea | The Republic of Korea | Venezuela | Venezuela | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Slovakia | Slovakia | The Republic of Kosovo | The Republic of Kosovo | Viet Nam | Vietnam | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Slovenia | Slovenia | Togo | Togo | Wallis and Futuna | Wallis and Futuna | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Solomon Islands | Solomon Islands | Tokelau | Tokelau | Yemen | Yemen | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| Somalia | Somalia | Tonga | Tonga | Zambia | Zambia | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| South Africa | South Africa | Trinidad and Tobago | Trinidad and Tobago | Zimbabwe | Zimbabwe | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| South Georgia and The South Sandwich Islands | South Georgia and The South Sandwich Islands | Tunisia | Tunisia | Sri Lanka | Sri Lanka | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ +| South Sudan | South Sudan | ``-`` | ``-`` | ``-`` | ``-`` | ++----------------------------------------------+----------------------------------------------+------------------------+------------------------+----------------------------------+----------------------------------+ diff --git a/api-ref/source/appendix/index.rst b/api-ref/source/appendix/index.rst index 79f85a9..2d9766e 100644 --- a/api-ref/source/appendix/index.rst +++ b/api-ref/source/appendix/index.rst @@ -8,6 +8,7 @@ Appendix - :ref:`Status Codes ` - :ref:`Error Codes ` - :ref:`Character Set Specifications ` +- :ref:`Geographical Location Codes ` .. toctree:: :maxdepth: 1 @@ -16,3 +17,4 @@ Appendix status_codes error_codes character_set_specifications + geographical_location_codes diff --git a/api-ref/source/change_history.rst b/api-ref/source/change_history.rst index 5afa857..6e70577 100644 --- a/api-ref/source/change_history.rst +++ b/api-ref/source/change_history.rst @@ -5,8 +5,33 @@ Change History ============== -=========== =================================== -Released On Description -=========== =================================== -2022-10-30 This is the first official release. -=========== =================================== ++-----------------------------------+----------------------------------------------------------------------------------------------------+ +| Released On | Description | ++===================================+====================================================================================================+ +| 2023-03-30 | - Added "Geographical Location Codes." | +| | - Revised the document based on review comments. | ++-----------------------------------+----------------------------------------------------------------------------------------------------+ +| 2023-03-03 | Revised the document based on review comments. | ++-----------------------------------+----------------------------------------------------------------------------------------------------+ +| 2022-11-30 | - Added section "Permissions and Supported Actions". | +| | - Add the following APIs: | +| | | +| | - **Querying the List of Known Attack Source Rules** | +| | - **Creating a Known Attack Source Rule** | +| | - **Querying a Known Attack Source Rule by ID** | +| | - **Updating a Known Attack Source Rule** | +| | - **Deleting a Known Attack Source Rule** | +| | - **Updating the Cache for a Web Tamper Protection Rule** | +| | - **Querying the List of Information Leakage Prevention Rules** | +| | - **Creating an Information Leakage Protection Rule** | +| | - **Querying an Information Leakage Prevention Rule** | +| | - **Updating an Information Leakage Prevention Rule** | +| | - **Deleting an Information Leakage Prevention Rule** | +| | | +| | - Modified the following sections: | +| | | +| | - **Rule Management**: Modified the descriptions of parameters **Content-Type** and **addr**. | +| | - **Querying Bandwidth Usage Statistics**: Modified the description of parameter **group_by**. | ++-----------------------------------+----------------------------------------------------------------------------------------------------+ +| 2022-10-30 | This is the first official release. | ++-----------------------------------+----------------------------------------------------------------------------------------------------+ diff --git a/api-ref/source/index.rst b/api-ref/source/index.rst index 41ccd0b..2e9016b 100644 --- a/api-ref/source/index.rst +++ b/api-ref/source/index.rst @@ -7,5 +7,6 @@ Dedicated Web Application Firewall - API Reference api_usage_guidelines apis/index + permissions_and_supported_actions/index appendix/index change_history diff --git a/api-ref/source/permissions_and_supported_actions/index.rst b/api-ref/source/permissions_and_supported_actions/index.rst new file mode 100644 index 0000000..c13e22b --- /dev/null +++ b/api-ref/source/permissions_and_supported_actions/index.rst @@ -0,0 +1,16 @@ +:original_name: waf_02_0119.html + +.. _waf_02_0119: + +Permissions and Supported Actions +================================= + +- :ref:`Introduction ` +- :ref:`Supported Actions ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + introduction + supported_actions diff --git a/api-ref/source/permissions_and_supported_actions/introduction.rst b/api-ref/source/permissions_and_supported_actions/introduction.rst new file mode 100644 index 0000000..df267a4 --- /dev/null +++ b/api-ref/source/permissions_and_supported_actions/introduction.rst @@ -0,0 +1,18 @@ +:original_name: waf_02_0129.html + +.. _waf_02_0129: + +Introduction +============ + +This chapter describes fine-grained permissions management for your WAF. If your account does not need individual IAM users, then you may skip over this chapter. + +By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions. + +You can grant users permissions by using roles and policies. Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions, meeting requirements for secure access control. + +.. note:: + + Policy-based authorization is useful if you want to allow or deny the access to an API. + +An account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully. diff --git a/api-ref/source/permissions_and_supported_actions/supported_actions.rst b/api-ref/source/permissions_and_supported_actions/supported_actions.rst new file mode 100644 index 0000000..3323dc5 --- /dev/null +++ b/api-ref/source/permissions_and_supported_actions/supported_actions.rst @@ -0,0 +1,182 @@ +:original_name: waf_02_0139.html + +.. _waf_02_0139: + +Supported Actions +================= + +WAF provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. The following are related concepts: + +- Permission: A statement in a policy that allows or denies certain operations. +- APIs: REST APIs that can be called in a custom policy +- Actions: Added to a custom policy to control permissions for specific operations. +- Dependent actions: actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the dependent actions. +- IAM projects or enterprise projects: Scope of users a permission is granted to. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect in IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Project. + + .. note:: + + The check mark (Y) indicates that an action takes effect. The cross mark (x) indicates that an action does not take effect. + + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Permission | API | Action | Dependency Item | IAM Project | + +===============================================================+===========================================================================+==================================+=================+=============+ + | Querying Details about a Dedicated WAF Instance | GET /v1/{project_id}/premium-waf/instance/{instance_id} | waf:premiumInstance:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Dedicated WAF Engine | DELETE /v1/{project_id}/premium-waf/instance/{instance_id} | waf:premiumInstance:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Renaming a Dedicated WAF Engine | PUT /v1/{project_id}/premium-waf/instance/{instance_id} | waf:premiumInstance:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Dedicated WAF Engine | POST /v1/{project_id}/premium-waf/instance | waf:premiumInstance:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Operations on a Dedicated WAF Instance | POST /v1/{project_id}/premium-waf/instance/{instance_id}/action | waf:premiumInstance:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the List of Dedicated WAF Engines | GET /v1/{project_id}/premium-waf/instance | waf:premiumInstance:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Adding a Protected Domain Name | POST /v1/{project_id}/premium-waf/host | waf:instance:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying Domain Names Protected by Dedicated WAF Engines | GET /v1/{project_id}/premium-waf/host | waf:instance:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Modifying a Domain Name Protected by a Dedicated WAF Instance | PUT /v1/{project_id}/premium-waf/host/{host_id} | waf:instance:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying Domain Name Settings in Dedicated Mode | GET /v1/{project_id}/premium-waf/host/{host_id} | waf:instance:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Domain Name from a Dedicated WAF Instance | DELETE /v1/{project_id}/premium-waf/host/{host_id} | waf:instance:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying Protection Policies | GET /v1/{project_id}/waf/policy | waf:instance:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Policy | POST /v1/{project_id}/waf/policy | waf:policy:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying a Policy by ID | GET /v1/{project_id}/waf/policy/{policy_id} | waf:policy:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Updating a policy | PATCH /v1/{project_id}/waf/policy/{policy_id} | waf:policy:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Policy | DELETE /v1/{project_id}/waf/policy/{policy_id} | waf:policy:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Changing the Status of a Blacklist or Whitelist Rule | PUT/v1/{projectId}/waf/policy/{policyId}/whiteblackip/{ruleId}/status | waf:whiteBlackIpRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Changing the Status of a CC attack protection rule | PUT/v1/{projectId}/waf/policy/{policyId}/cc/{ruleId}/status | waf:ccRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Changing the Status of a Precise Protection Rule | PUT/v1/{projectId}/waf/policy/{policyId}/custom/{ruleId}/status | waf:preciseProtectionRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Changing the Status of a Data Masking Rule | PUT/v1/{projectId}/waf/policy/{policyId}/privacy/{ruleId}/status | waf:privacyRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Changing the Status of an Information Leakage Protection Rule | PUT/v1/{projectId}/waf/policy/{policyId}/antileakage/{ruleId}/status | waf:antiLeakageRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Changing the Status of a False Alarm Masking Rule | PUT/v1/{projectId}/waf/policy/{policyId}/ignore/{ruleId}/status | waf:falseAlarmMaskRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Changing the Status of a Geolocation Access Control Rule | PUT/v1/{projectId}/waf/policy/{policyId}/geoip/{ruleId}/status | waf:geoIpRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Changing the Status of a Web Tamper Protection Rule | PUT/v1/{projectId}/waf/policy/{policyId}/antitamper/{ruleId}/status | waf:antiTamperRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the Blacklist and Whitelist Rule List | GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip | waf:whiteBlackIpRule:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Blacklist or Whitelist Rule | POST /v1/{project_id}/waf/policy/{policy_id}/whiteblackip | waf:whiteBlackIpRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying a Blacklist or Whitelist Rule | GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} | waf:whiteBlackIpRule:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Updating a Blacklist or Whitelist Rule | PUT /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} | waf:whiteBlackIpRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Blacklist or Whitelist Rule | DELETE /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} | waf:whiteBlackIpRule:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying CC Attack Protection Rules | GET /v1/{project_id}/waf/policy/{policy_id}/cc | waf:ccRule:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a CC attack protection rule | POST /v1/{project_id}/waf/policy/{policy_id}/cc | waf:ccRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying a CC Attack Protection Rule by ID | GET /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} | waf:ccRule:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Updating a CC Attack Protection Rule | PUT /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} | waf:ccRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a CC Attack Protection Rule | DELETE /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} | waf:ccRule:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying Precise Protection Rules | GET /v1/{project_id}/waf/policy/{policy_id}/custom | waf:preciseProtectionRule:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Precise Protection Rule | POST /v1/{project_id}/waf/policy/{policy_id}/custom | waf:preciseProtectionRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying a Precise Protection Rule by ID | GET /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} | waf:preciseProtectionRule:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Updating a Precise Protection Rule | PUT /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} | waf:preciseProtectionRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Precise Protection Rule | DELETE /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} | waf:preciseProtectionRule:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the Data Masking Rule List | GET /v1/{project_id}/waf/policy/{policy_id}/privacy | waf:privacyRule:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Data Masking Rule | POST /v1/{project_id}/waf/policy/{policy_id}/privacy | waf:privacyRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying a Data Masking Rule by ID | GET /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} | waf:privacyRule:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Updating the Data Masking Rule List | PUT /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} | waf:privacyRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Data Masking Rule | DELETE /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} | waf:privacyRule:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Known Attack Source Rule | POST /v1/{project_id}/waf/policy/{policy_id}/punishment | waf:punishmentRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the List of Known Attack Source Rules | GET /v1/{project_id}/waf/policy/{policy_id}/punishment | waf:punishmentRule:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying a Known Attack Source Rule by ID | GET /v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id} | waf:punishmentRule:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Updating a Known Attack Source Rule | PUT /v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id} | waf:punishmentRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Known Attack Source Rule | DELETE /v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id} | waf:punishmentRule:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the List of Web Tamper Protection Rules | GET /v1/{project_id}/waf/policy/{policy_id}/antitamper | waf:antiTamperRule:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Web Tamper Protection Rule | POST /v1/{project_id}/waf/policy/{policy_id}/antitamper | waf:antiTamperRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying a Web Tamper Protection Rule by ID | GET /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} | waf:antiTamperRule:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Updating the Cache for a Web Tamper Protection Rule | POST /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}/refresh | waf:antiTamperRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Web Tamper Protection Rule | DELETE /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} | waf:antiTamperRule:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the List of Information Leakage Prevention Rules | GET /v1/{project_id}/waf/policy/{policy_id}/antileakage | waf:antiLeakageRule:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating an Information Leakage Protection Rule | POST /v1/{project_id}/waf/policy/{policy_id}/antileakage | waf:antiLeakageRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying an Information Leakage Prevention Rule | GET /v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id} | waf:antiLeakageRule:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Updating an Information Leakage Prevention Rule | PUT /v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id} | waf:antiLeakageRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting an Information Leakage Prevention Rule | DELETE /v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id} | waf:antiLeakageRule:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the False Alarm Masking Rule List | GET /v1/{project_id}/waf/policy/{policy_id}/ignore | waf:falseAlarmMaskRule:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a False Alarm Masking Rule | POST /v1/{project_id}/waf/policy/{policy_id}/ignore | waf:falseAlarmMaskRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying a False Alarm Masking Rule | GET /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} | waf:falseAlarmMaskRule:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a False Alarm Masking Rule | DELETE /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} | waf:falseAlarmMaskRule:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the List of Geolocation Access Control Rule | GET /v1/{project_id}/waf/policy/{policy_id}/geoip | waf:geoIpRule:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Geolocation Access Control Rule | POST /v1/{project_id}/waf/policy/{policy_id}/geoip | waf:geoIpRule:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Updating a Geolocation Access Control Rule | PUT /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} | waf:geoIpRule:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Geolocation Access Control Rule | DELETE /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} | waf:geoIpRule:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the Reference Table List | GET /v1/{project_id}/waf/valuelist | waf:valuelist:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Reference Table | POST /v1/{project_id}/waf/valuelist | waf:valueList:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Modifying a Reference Table | PUT /v1/{project_id}/waf/valuelist/{valuelistid} | waf:valueList:put | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Reference Table | DELETE /v1/{project_id}/waf/valuelist/{valuelistid} | waf:valueList:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the Certificate List | GET /v1/{project_id}/waf/certificate | waf:certificate:list | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Creating a Certificate | POST /v1/{project_id}/waf/certificate | waf:certificate:create | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying a Certificate | GET /v1/{project_id}/waf/certificate/{certificate_id} | waf:certificate:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Deleting a Certificate | DELETE /v1/{project_id}/waf/certificate/{certificate_id} | waf:certificate:delete | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying Website Request Statistics | GET /v1/{project_id}/waf/overviews/statistics | waf:event:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the QPS Statistics | GET /v1/{project_id}/waf/overviews/qps/timeline | waf:event:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying Bandwidth Usage Statistics | GET /v1/{project_id}/waf/overviews/bandwidth/timeline | waf:event:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying the List of Attack Event | GET /v1/{project_id}/waf/event | waf:event:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+ + | Querying Attack Event Details | GET /v1/{project_id}/waf/event/{eventid} | waf:event:get | ``-`` | Y | + +---------------------------------------------------------------+---------------------------------------------------------------------------+----------------------------------+-----------------+-------------+