:original_name: UpdatePolicy.html
.. _UpdatePolicy:
Updating a Policy
=================
Function
--------
This API is used to update a policy. The request body can contain only the part to be updated.
URI
---
PATCH /v1/{project_id}/waf/policy/{policy_id}
.. table:: **Table 1** Path Parameters
+------------+-----------+--------+--------------------------------------------------------------------------------+
| Parameter | Mandatory | Type | Description |
+============+===========+========+================================================================================+
| project_id | Yes | String | Project ID |
+------------+-----------+--------+--------------------------------------------------------------------------------+
| policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. |
+------------+-----------+--------+--------------------------------------------------------------------------------+
Request Parameters
------------------
.. table:: **Table 2** Request header parameters
+-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+
| Parameter | Mandatory | Type | Description |
+=================+=================+=================+==========================================================================================================+
| X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
+-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+
| Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 |
| | | | |
| | | | Default: **application/json;charset=utf8** |
+-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+
.. table:: **Table 3** Request body parameters
+-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Mandatory | Type | Description |
+=================+=================+=================================================================+===============================================================================================================================================================================================================================================================================================+
| name | No | String | Array of details of policies |
+-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| action | No | :ref:`PolicyAction ` object | PolicyAction |
+-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| options | No | :ref:`PolicyOption ` object | PolicyOption |
+-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| robot_action | No | :ref:`Action ` object | Feature-based anti-crawler protection mode. This parameter is unavailable for newly created protection policies. The default protection mode is **Log only**. |
+-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| level | No | Integer | Protection level |
| | | | |
| | | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. |
| | | | |
| | | | - **2**: WAF detects remote file inclusion, third-party software vulnerabilities, web shell, and cp and ftp commands. This is the default value. |
| | | | |
| | | | - **3**: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill. |
+-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| full_detection | No | Boolean | Detection mode in the precise protection rule |
| | | | |
| | | | - **true**: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. |
| | | | |
| | | | - **false**: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. |
+-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _updatepolicy__request_policyaction:
.. table:: **Table 4** PolicyAction
+-----------------+-----------------+-----------------+-----------------------------------------+
| Parameter | Mandatory | Type | Description |
+=================+=================+=================+=========================================+
| category | No | String | Protection level. The value can be: |
| | | | |
| | | | - block: WAF blocks attacks. |
| | | | |
| | | | - log: WAF only logs detected attacks. |
| | | | |
| | | | Enumeration values: |
| | | | |
| | | | - **block** |
| | | | |
| | | | - **log** |
+-----------------+-----------------+-----------------+-----------------------------------------+
.. _updatepolicy__request_policyoption:
.. table:: **Table 5** PolicyOption
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Mandatory | Type | Description |
+=================+=================+=================+=====================================================================================================================================================================================================================================================================+
| webattack | No | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| common | No | Boolean | Whether general check is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| anticrawler | No | Boolean | JavaScript anti-crawler function. |
| | | | |
| | | | - **true**: Enabled |
| | | | |
| | | | - **false**: Disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler_engine | No | Boolean | Whether the search engine is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler_scanner | No | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler_script | No | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler_other | No | Boolean | Whether other crawler check is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| webshell | No | Boolean | Whether webshell check is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| cc | No | Boolean | Whether the CC attack protection rule is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| custom | No | Boolean | Whether precise protection is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| whiteblackip | No | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| geoip | No | Boolean | Whether geolocation access control is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ignore | No | Boolean | Whether false alarm masking is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| privacy | No | Boolean | Whether data masking is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| antitamper | No | Boolean | Whether the web tamper protection is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| antileakage | No | Boolean | Whether the information leakage prevention is enabled. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| followed_action | No | Boolean | Whether the Known Attack Source protection is enabled.. The value can be: |
| | | | |
| | | | - true: enabled |
| | | | |
| | | | - false: disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| bot_enable | No | Boolean | Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: |
| | | | |
| | | | - **true**: Enabled |
| | | | |
| | | | - **false**: Disabled |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler | No | Boolean | This parameter is reserved and can be ignored currently. |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| precise | No | Boolean | This parameter is reserved and can be ignored currently. |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| modulex_enabled | No | Boolean | This parameter is reserved and can be ignored currently. |
| | | | |
| | | | Enumeration values: |
| | | | |
| | | | - **true** |
| | | | |
| | | | - **false** |
+-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _updatepolicy__request_action:
.. table:: **Table 6** Action
+-----------------+-----------------+-----------------+---------------------------------------------------------+
| Parameter | Mandatory | Type | Description |
+=================+=================+=================+=========================================================+
| category | No | String | Protective action for feature-based anti-crawler rules: |
| | | | |
| | | | - **log**: WAF only logs discovered attacks. |
| | | | |
| | | | - **block**: WAF blocks discovered attacks. |
| | | | |
| | | | Enumeration values: |
| | | | |
| | | | - **log** |
| | | | |
| | | | - **block** |
+-----------------+-----------------+-----------------+---------------------------------------------------------+
Response Parameters
-------------------
**Status code: 200**
.. table:: **Table 7** Response body parameters
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Type | Description |
+=======================+======================================================================+===================================================================================================================================================================================================================================================================================================================+
| id | String | Policy ID |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| name | String | Array of details of policies |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| action | :ref:`PolicyAction ` object | PolicyAction |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| options | :ref:`PolicyOption ` object | PolicyOption |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| level | Integer | Protection level |
| | | |
| | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. |
| | | |
| | | - **2**: WAF detects remote file inclusion, third-party software vulnerabilities, web shell and ftp commands. This is the default value. |
| | | |
| | | - **3**: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill. |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| full_detection | Boolean | Detection mode in the precise protection rule |
| | | |
| | | - **true**: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. |
| | | |
| | | - **false**: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| bind_host | Array of :ref:`BindHost ` objects | Basic information about the protected domain. |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hosts | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| robot_action | :ref:`Action ` object | Feature-based anti-crawler protection mode. This parameter is unavailable for newly created protection policies. The default protection mode is **Log only**. |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| extend | :ref:`PolicyExtend ` object | Switch for enabling or disabling **Deep Inspection** and **Header Inspection** in **Basic Web Protection**. |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| share_info | :ref:`ShareInfo ` object | Whether to share a policy. This parameter is reserved and can be ignored currently. |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| modulex_options | :ref:`ModulexOptions ` object | Whether to enable intelligent CC protection. This parameter is reserved and can be ignored currently. |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| timestamp | Integer | Time a policy is created |
+-----------------------+----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _updatepolicy__response_policyaction:
.. table:: **Table 8** PolicyAction
+-----------------------+-----------------------+-----------------------------------------+
| Parameter | Type | Description |
+=======================+=======================+=========================================+
| category | String | Protection level. The value can be: |
| | | |
| | | - block: WAF blocks attacks. |
| | | |
| | | - log: WAF only logs detected attacks. |
| | | |
| | | Enumeration values: |
| | | |
| | | - **block** |
| | | |
| | | - **log** |
+-----------------------+-----------------------+-----------------------------------------+
.. _updatepolicy__response_policyoption:
.. table:: **Table 9** PolicyOption
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Type | Description |
+=======================+=======================+=====================================================================================================================================================================================================================================================================+
| webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| common | Boolean | Whether general check is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| anticrawler | Boolean | JavaScript anti-crawler function. |
| | | |
| | | - **true**: Enabled |
| | | |
| | | - **false**: Disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler_engine | Boolean | Whether the search engine is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler_other | Boolean | Whether other crawler check is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| webshell | Boolean | Whether webshell check is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| custom | Boolean | Whether precise protection is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| geoip | Boolean | Whether geolocation access control is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ignore | Boolean | Whether false alarm masking is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| privacy | Boolean | Whether data masking is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| followed_action | Boolean | Whether the Known Attack Source protection is enabled.. The value can be: |
| | | |
| | | - true: enabled |
| | | |
| | | - false: disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| bot_enable | Boolean | Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: |
| | | |
| | | - **true**: Enabled |
| | | |
| | | - **false**: Disabled |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| crawler | Boolean | This parameter is reserved and can be ignored currently. |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| precise | Boolean | This parameter is reserved and can be ignored currently. |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| modulex_enabled | Boolean | This parameter is reserved and can be ignored currently. |
| | | |
| | | Enumeration values: |
| | | |
| | | - **true** |
| | | |
| | | - **false** |
+-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _updatepolicy__response_bindhost:
.. table:: **Table 10** BindHost
+-----------+--------+--------------------------------------------------------------------------------------------------------------------+
| Parameter | Type | Description |
+===========+========+====================================================================================================================+
| id | String | Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF |
+-----------+--------+--------------------------------------------------------------------------------------------------------------------+
| hostname | String | Domain name |
+-----------+--------+--------------------------------------------------------------------------------------------------------------------+
| waf_type | String | WAF mode of the domain name. The value is premium. |
+-----------+--------+--------------------------------------------------------------------------------------------------------------------+
.. _updatepolicy__response_action:
.. table:: **Table 11** Action
+-----------------------+-----------------------+---------------------------------------------------------+
| Parameter | Type | Description |
+=======================+=======================+=========================================================+
| category | String | Protective action for feature-based anti-crawler rules: |
| | | |
| | | - **log**: WAF only logs discovered attacks. |
| | | |
| | | - **block**: WAF blocks discovered attacks. |
| | | |
| | | Enumeration values: |
| | | |
| | | - **log** |
| | | |
| | | - **block** |
+-----------------------+-----------------------+---------------------------------------------------------+
.. _updatepolicy__response_policyextend:
.. table:: **Table 12** PolicyExtend
+-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Type | Description |
+=======================+=======================+==========================================================================================================================================================================+
| extend | String | Protection statuses for advanced settings in basic web protection. By default, this parameter is left blank, and the Deep Inspection and Header Inspection are disabled. |
| | | |
| | | - If **deep_decode** is set to **true**, the Deep Inspection is enabled. |
| | | |
| | | - If **check_all_headers** is set to **true**, the Header Inspection is enabled. |
| | | |
| | | - If **deep_decode** and **check_all_headers** are set to **false**, the Deep Inspection and Header Inspection are disabled. |
+-----------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _updatepolicy__response_shareinfo:
.. table:: **Table 13** ShareInfo
+----------------+---------+--------------------------------------------------------+
| Parameter | Type | Description |
+================+=========+========================================================+
| share_count | Integer | Total number of the users who share the address group. |
+----------------+---------+--------------------------------------------------------+
| accept_count | Integer | Number of users who accept the sharing |
+----------------+---------+--------------------------------------------------------+
| process_status | Integer | Status |
+----------------+---------+--------------------------------------------------------+
.. _updatepolicy__response_modulexoptions:
.. table:: **Table 14** ModulexOptions
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| Parameter | Type | Description |
+============================+=======================+=============================================================================================================+
| global_rate_enabled | Boolean | Status of the global rate limiting function (counting requests to all WAF instances when limiting traffic). |
| | | |
| | | - **false**: Disabled. |
| | | |
| | | - **true**: Enabled. |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| global_rate_mode | String | Protection mode of the global rate limiting function. |
| | | |
| | | - **log**: WAF logs the event only. |
| | | |
| | | - **block**: WAF blocks requests. |
| | | |
| | | Enumeration values: |
| | | |
| | | - **log** |
| | | |
| | | - **block** |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| precise_rules_enabled | Boolean | Status of the intelligent precise protection. |
| | | |
| | | - **false**: Disabled. |
| | | |
| | | - **true**: Enabled. |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| precise_rules_mode | String | Protection mode of the intelligent precise protection. |
| | | |
| | | - **log**: WAF logs the event only. |
| | | |
| | | - **block**: WAF blocks requests. |
| | | |
| | | Enumeration values: |
| | | |
| | | - **log** |
| | | |
| | | - **block** |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| precise_rules_managed_mode | String | Management mode of the intelligent precise protection. |
| | | |
| | | - **auto**: WAF manages automatically generated rules. |
| | | |
| | | - **manual**: You can manage rules that are automatically generated by WAF. |
| | | |
| | | Enumeration values: |
| | | |
| | | - **auto** |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| precise_rules_aging_mode | String | Aging mode of the intelligent precise protection. |
| | | |
| | | - **manual**: You can customize the maximum age of the rule. |
| | | |
| | | - **auto**: Automatic |
| | | |
| | | Enumeration values: |
| | | |
| | | - **auto** |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| precise_rules_retention | Integer | Maximum age of the intelligent precise protection. |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| cc_rules_enabled | Boolean | Status of the intelligent CC attack protection. |
| | | |
| | | - **false**: Disabled. |
| | | |
| | | - **true**: Enabled. |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| cc_rules_mode | String | Protection mode of the intelligent CC attack protection rule. |
| | | |
| | | - **log**: WAF logs the event only. |
| | | |
| | | - **block**: WAF blocks requests. |
| | | |
| | | Enumeration values: |
| | | |
| | | - **log** |
| | | |
| | | - **block** |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| cc_rules_managed_mode | String | Management mode of the intelligent CC attack protection. |
| | | |
| | | - **auto**: WAF manages automatically generated rules. |
| | | |
| | | - **manual**: You can manage rules that are automatically generated by WAF. |
| | | |
| | | Enumeration values: |
| | | |
| | | - **auto** |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| cc_rules_aging_mode | String | Aging mode of the intelligent CC attack protection.. |
| | | |
| | | - **manual**: You can customize the maximum age of the rule. |
| | | |
| | | - **auto**: Automatic |
| | | |
| | | Enumeration values: |
| | | |
| | | - **auto** |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
| cc_rules_retention | Integer | Maximum age of the intelligent CC attack protection. |
+----------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------+
**Status code: 400**
.. table:: **Table 15** Response body parameters
========== ====== =============
Parameter Type Description
========== ====== =============
error_code String Error code
error_msg String Error message
========== ====== =============
**Status code: 401**
.. table:: **Table 16** Response body parameters
========== ====== =============
Parameter Type Description
========== ====== =============
error_code String Error code
error_msg String Error message
========== ====== =============
**Status code: 500**
.. table:: **Table 17** Response body parameters
========== ====== =============
Parameter Type Description
========== ====== =============
error_code String Error code
error_msg String Error message
========== ====== =============
Example Requests
----------------
.. code-block::
PATCH https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}?
{
"options" : {
"whiteblackip" : true
}
}
Example Responses
-----------------
**Status code: 200**
Request succeeded.
.. code-block::
{
"id" : "38ff0cb9a10e4d5293c642bc0350fa6d",
"name" : "demo",
"level" : 2,
"action" : {
"category" : "log"
},
"options" : {
"webattack" : true,
"common" : true,
"crawler" : true,
"crawler_engine" : false,
"crawler_scanner" : true,
"crawler_script" : false,
"crawler_other" : false,
"webshell" : false,
"cc" : true,
"custom" : true,
"precise" : false,
"whiteblackip" : true,
"geoip" : true,
"ignore" : true,
"privacy" : true,
"antitamper" : true,
"anticrawler" : false,
"antileakage" : false,
"followed_action" : false,
"bot_enable" : true
},
"hosts" : [ "c0268b883a854adc8a2cd352193b0e13" ],
"timestamp" : 1650529538732,
"full_detection" : false,
"bind_host" : [ {
"id" : "c0268b883a854adc8a2cd352193b0e13",
"hostname" : "www.demo.com",
"waf_type" : "cloud"
} ],
"share_info" : {
"is_receiver" : false,
"provider_display" : {
"share_count" : 0,
"accept_count" : 0,
"process_status" : 0
}
}
}
Status Codes
------------
=========== =============================================
Status Code Description
=========== =============================================
200 Request succeeded.
400 Request failed.
401 The token does not have required permissions.
500 Internal server error.
=========== =============================================
Error Codes
-----------
See :ref:`Error Codes `.