diff --git a/api-ref/source/api_usage_guidelines.rst b/api-ref/source/api_usage_guidelines.rst new file mode 100644 index 0000000..0d6a5a8 --- /dev/null +++ b/api-ref/source/api_usage_guidelines.rst @@ -0,0 +1,26 @@ +:original_name: waf_02_0001.html + +.. _waf_02_0001: + +API Usage Guidelines +==================== + +Public cloud APIs comply with the RESTful API design principles. REST-based Web services are organized into resources. Each resource is identified by one or more Uniform Resource Identifiers (URIs). An application accesses a resource based on the resource's Unified Resource Locator (URL). A URL is usually in the following format: *https://Endpoint/uri*. In the URL, **uri** indicates the resource path, that is, the API access path. + +Public cloud APIs use HTTPS as the transmission protocol. Requests/Responses are transmitted by using JSON messages, with media type represented by **Application/json**. + +For details about how to use APIs, see `API Usage Guidelines `__. + +.. important:: + + The following table lists the additional request header fields required for the POST, PUT, PATCH, and DELETE methods. + ++-----------------------+-----------------------------------------------+-----------------+-----------------+ +| Parameter | Description | Mandatory | Example | ++=======================+===============================================+=================+=================+ +| x-request-source-type | Type of a request resource | Yes | ApiCall | +| | | | | +| | - **ApiCall**: invoked by an API. | | | +| | - **ConsoleAction**: invoked by the console. | | | +| | - **SystemAction**: invoked by the system. | | | ++-----------------------+-----------------------------------------------+-----------------+-----------------+ diff --git a/api-ref/source/apis/certificate_management/creating_a_certificate.rst b/api-ref/source/apis/certificate_management/creating_a_certificate.rst new file mode 100644 index 0000000..d2eef58 --- /dev/null +++ b/api-ref/source/apis/certificate_management/creating_a_certificate.rst @@ -0,0 +1,148 @@ +:original_name: CreateCertificate.html + +.. _CreateCertificate: + +Creating a Certificate +====================== + +Function +-------- + +This API is used to create a certificate. + +URI +--- + +POST /v1/{project_id}/waf/certificate + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------+-----------+--------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+========+==================================================================================================================================================================+ + | name | Yes | String | Certificate name. The value can contain a maximum of 64 characters. Only digits, letters, hyphens (-), underscores (_), and periods (.) are allowed. | + +-----------+-----------+--------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | content | Yes | String | Certificate file. Only certificates and private key files in PEM format are supported, and the newline characters in the file must be replaced with \\n. | + +-----------+-----------+--------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | key | Yes | String | Certificate private key. Only certificates and private key files in PEM format are supported, and the newline characters in the files must be replaced with \\n. | + +-----------+-----------+--------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + =========== ====== ========================================== + Parameter Type Description + =========== ====== ========================================== + id String Certificate ID + name String Certificate name + expire_time Long Timestamp when the certificate expires + timestamp Long Timestamp when the certificate is uploaded + =========== ====== ========================================== + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/certificate? + + { + "name" : "demo", + "content" : "-----BEGIN CERTIFICATE----- MIIDyzCCArOgAwIBAgIJAN5U0Z4Bh5ccMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV BAYTAlpIMRIwEAYDVQQIDAlHVUFOR0RPTkcxETAPBgNVBAcMCERPTkdHVUFOMQ0w CwYDVQQKDARERUtFMQswCQYDVQQLDAJESzELMAkGA1UEAwwCT0QxHTAbBgkqhkiG 9w0BCQEWDk8IZC5odWF3ZWkuY29tMB4XDTIxMTExNTA4MTk0MVoXDTIyMTExNTA4 MTk0MVowfDELMAkGA1UEBhMCWkgxEjAQBgNVBAgMCUdVQU5HRE9ORzERMA8GA1UE BwwIRE9OR0dVQU4xDTALBgNVBAoMBERFS0UxCzAJBgNVBAsMAkRLMQswCQYDVQQD DAJPRDEdMBsGCSqGSIb3DQEJARYOTwhkLmh1YXdlaS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDcoLFK62//r0RHFyweYBj97S4NsJ8Qj0RG+Y02 OgwhQmRiNNjubJwP8Nqqyd86zr+fsSQxKBaBCosn1PcN2Pj2vPJD6NEk4I6VdOWr /kFYMlOcimhSfW4wt6VakniOKIYGrCxxvQe1X2OyBxT+ocTLRgEIB8ZbvJyPNseg feLEUuPYRpQ5kXLgJH2/3NwZFOgBHVv/b07l4fR+sWJMnIA2yIjSBQ0DEAOSusXo FQ/WRbBRH7DrQmxGiXsq4VELEr9Nnc/Kywq+9pYi8L+mKeRL+lcMMbXC/3k6OfMB tVTiwcmS1Mkr3iG03i8u6H7RSvRwyBz9G9sE+tmJZTPH6lYtAgMBAAGjUDBOMB0G A1UdDgQWBBQprUUFXW+gIkpzXdrYlsWjfSahWjAfBgNVHSMEGDAWgBQprUUFXW+g IkpzXdrYlsWjfSahWjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA2 603KozsQoIKeLvqDJlcAXwWRfNW8SvlaSJAulhHgneMt9bQgIL+3PJWA/iMniOhU o/kVwkiUIcxw4t7RwP0hVms0OZw59MuqKd3oCSWkYO4vEHs3t40JDWnGDnmQ4sol RkOWJwL4w8tnPe3qY9JSupjlsu6Y1hlvKtEfN2vEKFnsuMhidkUpUAJWodHhWBQH wgIDo4/6yTnWZNGK8JDal86Dm5IchXea1EoYBJsHxiJb7HeWQlkre+MCYi1RHOin 4mIXTr0oT4/jWlgklSz6/ZhGRq+7W7tIl7cvzCe+4XsVZIenAcYoNd/WLfo91PD4 yAsRXrOjW1so1Bj0BkDz -----END CERTIFICATE-----", + "key" : "-----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcoLFK62//r0RH FyweYBj97S4NsJ8Qj0RG+Y02OgwhQmRiNNjubJwP8Nqqyd86zr+fsSQxKBaBCosn 1PcN2Pj2vPJD6NEk4I6VdOWr/kFYMlOcimhSfW4wt6VakniOKIYGrCxxvQe1X2Oy BxT+ocTLRgEIB8ZbvJyPNsegfeLEUuPYRpQ5kXLgJH2/3NwZFOgBHVv/b07l4fR+ sWJMnIA2yIjSBQ0DEAOSusXoFQ/WRbBRH7DrQmxGiXsq4VELEr9Nnc/Kywq+9pYi 8L+mKeRL+lcMMbXC/3k6OfMBtVTiwcmS1Mkr3iG03i8u6H7RSvRwyBz9G9sE+tmJ ZTPH6lYtAgMBAAECggEBAL+xZxm/QoqXT+2stoqV2GEYaMFASpRqxlocjZMmEE/9 jZa+cBWIjHhVPsjRqYFBDcHEebu0JwlrjcjIAvgnIvnO5XgXm1A9Q+WbscokmcX1 xCvpHgc+MDVn+uWdCd4KW5kEk4EnSsFN5iNSf+1VxNURN+gwSSp/0E+muwA5IISO G6HQ+p6qs52JAitX5t/7ruKoHYXJxBnf7TUs7768qrh++KPKpPlq044qoYlcGO1n 4urPBHuNLy04GgGw+vkaqjqOvZrNLVOMMaFWBxsDWBehgSSBQTj+f3NCxneGYtt8 3SCTZQI5nIkb+r/M455EwKTSXuEsNHoIwx7L6GEPbQECgYEA8IxgK2fYykloICoh TFJaRAvyjyKa2+Aza4qT9SGY9Y30VPClPjBB1vUu5M9KrFufzlv06nGEcHmpEwOe 8vbRu7nLAQTGYFi8VK63q8w6FlFdAyCG6Sx+BWCfWxJzXsZLAJTfklwi8HsOSlqh 6QNv0xbE2fLjXKf8MHvtrufip40CgYEA6sy87eDrkVgtq4ythAik3i1C5Z3v0fvx mTblG52Z21OyocNq3Tf/b1ZwoIc1ik6cyBzY6z1bIrbSzArCqm0sb2iD+kJL81O0 /qqdXjBxZUkKiVAMNNp7xJGZHHFKWUxT2+UX/tlyx4tT4dzrFIkdDXkcMmqfsRxd 1NEVaAaT8SECgYAoU7BPtpIun43YTpfUfr3pSIN6oZeKoxSbw9i4MNC+4fSDRPC+ 80ImcmZRL7taF+Y7p0jxAOTuIkdJC8NbAiv5J9WzrwQ+5MF2BPB/2bYnRa6tNofH kZDy/9bXYsl6qw2p5Ety8wVcgZTMvFMGiG/32IpZ65FYWEU8L5qSRwfFhQKBgQC9 ihjZTj/bTHtRiHZppzCvyYm/Igd+Uwtsy0uXR1n0G1SQENgrTBD/J6AzdfJae6tE P0U8YIM5Oqxf2i/as9ay+IPRecMl4eSxz7jJWAGx6Yx/3AZ+hAB1ZbNbqniCLYNk d0MvjwmA25ATO+ro4OZ7AdEpQbk3l9aG/WFyYBz9AQKBgQCucFPA1l5eslL8196V WMr2Qo0tqzl7CGSoWQk2Sa2HZtZdfofXAaaqo+zvJ6RPHtJh0jgJtx536DVV3egI 37YrdQyJbCPZXQ3SPgqWCorUnXBwq/nxS06uwu6JBxUFc57ijmMU4fWYNrvkkmWb 7keAg/r5Uy1joMAvBN1I6lB8pg== -----END PRIVATE KEY-----" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "6e2be127b79f4a418414952ad5d8c59f", + "name" : "certificatename94319", + "content" : "-----BEGIN CERTIFICATE-----\nMIIB+TCCAaOgAwIBAgIUJP9I8OupQ77w0bGL2yWOQXreM4kwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDzANBgNVBAoMBkh1YXdlaTEcMBoGA1UEAwwTd2FmLmh1YXdlaWNsb3VkLmNvbTAeFw0yMDA3MDkwNTQ2MDRaFw0yMDA4MDgwNTQ2MDRaMFExCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZIdWF3ZWkxHDAaBgNVBAMME3dhZi5odWF3ZWljbG91ZC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA0UEbMzbvgOJTKrKcDUw9xjFqxM7BaQFM3SLsQlmD5hkzygyL1ra+cWajPJlTCxz9Ph6qldna2+OrIuTdvCcpjwIDAQABo1MwUTAdBgNVHQ4EFgQUE7ZQNcgl3lmryx1s5gy9mnC1rsYwHwYDVR0jBBgwFoAUE7ZQNcgl3lmryx1s5gy9mnC1rsYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAANBAM5wGi88jYWLgOnGbae5hH3I9lMBKxGqv17Cbm1tjWuUogVINz86lqvCpuhzLvD/vzJAqPIuDwqM8uvzjgRfZs8=\n-----END CERTIFICATE-----", + "key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBANFBGzM274DiUyqynA1MPcYxasTOwWkBTN0i7EJZg+YZM8oMi9a2vnFmozyZUwsc/T4eqpXZ2tvjqyLk3bwnKY8CAwEAAQJBAI7LMPaH/HQk/b/bVmY0qsr+me9nb9BqFLuqwzKbx0hSmWPOWFsd3rOFlSopyHqgYtAsPfvPumEdGbdnCyU8zAECIQD71768K1ejb+ei2lqZqHaczqdUNQxMh54yot9F2yVWjwIhANS1Y1Jv89WEU/ZvvMS9a4638Msv2c4GGp08RtXNYn0BAiA0H4b+cwoEbZjHf+HYg6Fo+uxu5TvSaw8287a6Qo0LyQIfVZSlYYWplT6oiX5rdLzBiap4N0gJWdsa2ihmV59LAQIgK8N+j1daq63b0bJ9k4HruhQtpgxI6U9nFBemH4zTRYM=\n-----END RSA PRIVATE KEY-----", + "timestamp" : 1650595334578, + "expire_time" : 1596865564000 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/certificate_management/deleting_a_certificate.rst b/api-ref/source/apis/certificate_management/deleting_a_certificate.rst new file mode 100644 index 0000000..3305d33 --- /dev/null +++ b/api-ref/source/apis/certificate_management/deleting_a_certificate.rst @@ -0,0 +1,130 @@ +:original_name: DeleteCertificate.html + +.. _DeleteCertificate: + +Deleting a Certificate +====================== + +Function +-------- + +This API is used to delete a certificate. + +URI +--- + +DELETE /v1/{project_id}/waf/certificate/{certificate_id} + +.. table:: **Table 1** Path Parameters + + +----------------+-----------+--------+--------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +================+===========+========+==================================================================================================+ + | project_id | Yes | String | Project ID | + +----------------+-----------+--------+--------------------------------------------------------------------------------------------------+ + | certificate_id | Yes | String | HTTPS certificate ID. It can be obtained by calling the 2.3.1 Querying the Certificate List API. | + +----------------+-----------+--------+--------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + =========== ====== ========================================== + Parameter Type Description + =========== ====== ========================================== + id String Certificate ID + name String Certificate name + expire_time Long Timestamp when the certificate expires + timestamp Long Timestamp when the certificate is uploaded + =========== ====== ========================================== + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/certificate/{certificate_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "e1d87ba2d88d4ee4a3b0c829e935e5e0", + "name" : "certificatename29556", + "timestamp" : 1650594410630, + "expire_time" : 1596865564000 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/certificate_management/index.rst b/api-ref/source/apis/certificate_management/index.rst new file mode 100644 index 0000000..33322c3 --- /dev/null +++ b/api-ref/source/apis/certificate_management/index.rst @@ -0,0 +1,20 @@ +:original_name: topic_300000004.html + +.. _topic_300000004: + +Certificate Management +====================== + +- :ref:`Querying the Certificate List ` +- :ref:`Creating a Certificate ` +- :ref:`Querying a Certificate ` +- :ref:`Deleting a Certificate ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + querying_the_certificate_list + creating_a_certificate + querying_a_certificate + deleting_a_certificate diff --git a/api-ref/source/apis/certificate_management/querying_a_certificate.rst b/api-ref/source/apis/certificate_management/querying_a_certificate.rst new file mode 100644 index 0000000..89426b8 --- /dev/null +++ b/api-ref/source/apis/certificate_management/querying_a_certificate.rst @@ -0,0 +1,160 @@ +:original_name: ShowCertificate.html + +.. _ShowCertificate: + +Querying a Certificate +====================== + +Function +-------- + +This API is used to query a certificate. + +URI +--- + +GET /v1/{project_id}/waf/certificate/{certificate_id} + +.. table:: **Table 1** Path Parameters + + +----------------+-----------+--------+-------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +================+===========+========+===============================================================================+ + | project_id | Yes | String | Project ID | + +----------------+-----------+--------+-------------------------------------------------------------------------------+ + | certificate_id | Yes | String | HTTPS certificate ID. It can be obtained by calling the Certificate List API. | + +----------------+-----------+--------+-------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-------------+-----------------------------------------------------------------------+----------------------------------------------+ + | Parameter | Type | Description | + +=============+=======================================================================+==============================================+ + | id | String | Certificate ID | + +-------------+-----------------------------------------------------------------------+----------------------------------------------+ + | name | String | Certificate name | + +-------------+-----------------------------------------------------------------------+----------------------------------------------+ + | content | String | Certificate file in PEM format | + +-------------+-----------------------------------------------------------------------+----------------------------------------------+ + | key | String | Private key of the certificate in PEM format | + +-------------+-----------------------------------------------------------------------+----------------------------------------------+ + | expire_time | Long | Timestamp when the certificate expire | + +-------------+-----------------------------------------------------------------------+----------------------------------------------+ + | timestamp | Long | Timestamp when the certificate is uploaded | + +-------------+-----------------------------------------------------------------------+----------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Domain name associated with the certificate | + +-------------+-----------------------------------------------------------------------+----------------------------------------------+ + +.. _showcertificate__response_bindhost: + +.. table:: **Table 4** BindHost + + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+====================================================================================================================+ + | id | String | Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | waf_type | String | WAF mode of the domain name. The value is premium. | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/certificate/{certificate_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "6e2be127b79f4a418414952ad5d8c59f", + "name" : "certificatename94319", + "content" : "-----BEGIN CERTIFICATE-----\nMIIB+TCCAaOgAwIBAgIUJP9I8OupQ77w0bGL2yWOQXreM4kwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDzANBgNVBAoMBkh1YXdlaTEcMBoGA1UEAwwTd2FmLmh1YXdlaWNsb3VkLmNvbTAeFw0yMDA3MDkwNTQ2MDRaFw0yMDA4MDgwNTQ2MDRaMFExCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZIdWF3ZWkxHDAaBgNVBAMME3dhZi5odWF3ZWljbG91ZC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA0UEbMzbvgOJTKrKcDUw9xjFqxM7BaQFM3SLsQlmD5hkzygyL1ra+cWajPJlTCxz9Ph6qldna2+OrIuTdvCcpjwIDAQABo1MwUTAdBgNVHQ4EFgQUE7ZQNcgl3lmryx1s5gy9mnC1rsYwHwYDVR0jBBgwFoAUE7ZQNcgl3lmryx1s5gy9mnC1rsYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAANBAM5wGi88jYWLgOnGbae5hH3I9lMBKxGqv17Cbm1tjWuUogVINz86lqvCpuhzLvD/vzJAqPIuDwqM8uvzjgRfZs8=\n-----END CERTIFICATE-----", + "key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBANFBGzM274DiUyqynA1MPcYxasTOwWkBTN0i7EJZg+YZM8oMi9a2vnFmozyZUwsc/T4eqpXZ2tvjqyLk3bwnKY8CAwEAAQJBAI7LMPaH/HQk/b/bVmY0qsr+me9nb9BqFLuqwzKbx0hSmWPOWFsd3rOFlSopyHqgYtAsPfvPumEdGbdnCyU8zAECIQD71768K1ejb+ei2lqZqHaczqdUNQxMh54yot9F2yVWjwIhANS1Y1Jv89WEU/ZvvMS9a4638Msv2c4GGp08RtXNYn0BAiA0H4b+cwoEbZjHf+HYg6Fo+uxu5TvSaw8287a6Qo0LyQIfVZSlYYWplT6oiX5rdLzBiap4N0gJWdsa2ihmV59LAQIgK8N+j1daq63b0bJ9k4HruhQtpgxI6U9nFBemH4zTRYM=\n-----END RSA PRIVATE KEY-----", + "timestamp" : 1650595334578, + "expire_time" : 1596865564000, + "bind_host" : [ { + "id" : "978b411657624c2db069cd5484195d1c", + "hostname" : "www.demo.com", + "waf_type" : "cloud" + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/certificate_management/querying_the_certificate_list.rst b/api-ref/source/apis/certificate_management/querying_the_certificate_list.rst new file mode 100644 index 0000000..3232e77 --- /dev/null +++ b/api-ref/source/apis/certificate_management/querying_the_certificate_list.rst @@ -0,0 +1,204 @@ +:original_name: ListCertificates.html + +.. _ListCertificates: + +Querying the Certificate List +============================= + +Function +-------- + +This API is used to query the certificate list. + +URI +--- + +GET /v1/{project_id}/waf/certificate + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================================================================================================================================================================+ + | page | No | Integer | Page. | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. If this parameter is not specified, the default value -1 is used. All certificates are queried regardless of the value of Page. | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | No | String | Certificate name. Fuzzy search is supported. | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | host | No | Boolean | Whether to obtain the domain name associated with the certificate. The value can be true or false. | + | | | | | + | | | | - true: When a certificate is queried, the domain name associated with the certificate is also queried. The returned certificate information contains the associated domain name. | + | | | | | + | | | | - false: When a certificate is queried, the domain name associated with the certificate is not queried. The returned certificate information does not contain the associated domain name. | + | | | | | + | | | | - Default value: false | + | | | | | + | | | | Default: **false** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | exp_status | No | Integer | Certificate status. The value can be: | + | | | | | + | | | | - 0: The certificate is valid. | + | | | | | + | | | | - 1: The certificate has expired.2: The certificate will expire within one month. | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+----------------------------------------------------------------------------------------------+------------------------------+ + | Parameter | Type | Description | + +===========+==============================================================================================+==============================+ + | items | Array of :ref:`ListCertificateBody ` objects | Certificate list | + +-----------+----------------------------------------------------------------------------------------------+------------------------------+ + | total | Integer | Total number of certificates | + +-----------+----------------------------------------------------------------------------------------------+------------------------------+ + +.. _listcertificates__response_listcertificatebody: + +.. table:: **Table 5** ListCertificateBody + + +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ + | Parameter | Type | Description | + +=======================+========================================================================+==================================================+ + | id | String | Certificate ID | + +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ + | name | String | Certificate name | + +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ + | expire_time | Long | Timestamp when the certificate expire | + +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ + | exp_status | Integer | Certificate expiration status. The value can be: | + | | | | + | | | - 0: The certificate is valid. | + | | | | + | | | - 1: The certificate has expired. | + | | | | + | | | - 2: The certificate is about to expire. | + +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ + | timestamp | Long | Timestamp when the certificate is uploaded | + +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Domain name associated with the certificate | + +-----------------------+------------------------------------------------------------------------+--------------------------------------------------+ + +.. _listcertificates__response_bindhost: + +.. table:: **Table 6** BindHost + + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+====================================================================================================================+ + | id | String | Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | waf_type | String | WAF mode of the domain name. The value is premium. | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/certificate? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "dc443ca4f29c4f7e8d4adaf485be317b", + "name" : "demo", + "timestamp" : 1643181401751, + "expire_time" : 1650794100000, + "bind_host" : [ ], + "exp_status" : 2 + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/dashboard/index.rst b/api-ref/source/apis/dashboard/index.rst new file mode 100644 index 0000000..e6fb21c --- /dev/null +++ b/api-ref/source/apis/dashboard/index.rst @@ -0,0 +1,18 @@ +:original_name: topic_300000005.html + +.. _topic_300000005: + +Dashboard +========= + +- :ref:`Querying Website Request Statistics ` +- :ref:`Querying the QPS Statistics ` +- :ref:`Querying Bandwidth Usage Statistics ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + querying_website_request_statistics + querying_the_qps_statistics + querying_bandwidth_usage_statistics diff --git a/api-ref/source/apis/dashboard/querying_bandwidth_usage_statistics.rst b/api-ref/source/apis/dashboard/querying_bandwidth_usage_statistics.rst new file mode 100644 index 0000000..a66741e --- /dev/null +++ b/api-ref/source/apis/dashboard/querying_bandwidth_usage_statistics.rst @@ -0,0 +1,183 @@ +:original_name: ListBandwidthTimeline.html + +.. _ListBandwidthTimeline: + +Querying Bandwidth Usage Statistics +=================================== + +Function +-------- + +This API is used to query bandwidth usage statistics. + +URI +--- + +GET /v1/{project_id}/waf/overviews/bandwidth/timeline + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+========+===============================================================================================+ + | from | Yes | Long | Start time (13-digit timestamp in millisecond). This parameter must be used together with to. | + +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ + | to | Yes | Long | End time (13-digit timestamp in millisecond). This parameter must be used together with from. | + +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ + | hosts | No | String | List of domain names to query, which can be obtained by calling the ListHost API | + +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ + | instances | No | String | List of instance to query (only for the instantiation mode). | + +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ + | group_by | No | String | Display dimension. For example, the value is DAY if data is displayed by the day. | + +-----------+-----------+--------+-----------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+---------------------------------------------------------------------------------------------------------------+-----------------------------------+ + | Parameter | Type | Description | + +===========+===============================================================================================================+===================================+ + | [items] | Array of :ref:`ListBandwidthTimelineItem ` objects | ListBandwidthTimelineResponseBody | + +-----------+---------------------------------------------------------------------------------------------------------------+-----------------------------------+ + +.. _listbandwidthtimeline__response_listbandwidthtimelineitem: + +.. table:: **Table 5** ListBandwidthTimelineItem + + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=====================================================================================+==================================================+ + | key | String | The following statistics can be included: | + | | | | + | | | - IN_BANDWIDTH: Inbound bandwidth, in byte/s. | + | | | | + | | | - OUT_BANDWIDTH: Outbound bandwidth, in byte/s. | + | | | | + | | | - BANDWIDTH: Total bandwidth, in byte/s. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------+ + | timeline | Array of :ref:`TimeLineItem ` objects | Timeline corresponding to the key value | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------+ + +.. _listbandwidthtimeline__response_timelineitem: + +.. table:: **Table 6** TimeLineItem + + ========= ======= ====================================== + Parameter Type Description + ========= ======= ====================================== + time Long Time-point + num Integer Quantity. Aggregated data is returned. + ========= ======= ====================================== + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/overviews/bandwidth/timeline?from=1650470400196&to=1650522936196 + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + [ { + "key" : "IN_BANDWIDTH", + "timeline" : [ { + "time" : 1650470400000, + "num" : 0 + } ] + }, { + "key" : "OUT_BANDWIDTH", + "timeline" : [ { + "time" : 1650470400000, + "num" : 0 + } ] + }, { + "key" : "BANDWIDTH", + "timeline" : [ { + "time" : 1650470400000, + "num" : 0 + } ] + } ] + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/dashboard/querying_the_qps_statistics.rst b/api-ref/source/apis/dashboard/querying_the_qps_statistics.rst new file mode 100644 index 0000000..309977c --- /dev/null +++ b/api-ref/source/apis/dashboard/querying_the_qps_statistics.rst @@ -0,0 +1,207 @@ +:original_name: ListQpsTimeline.html + +.. _ListQpsTimeline: + +Querying the QPS Statistics +=========================== + +Function +-------- + +This API is used to query the website QPS statistics. + +URI +--- + +GET /v1/{project_id}/waf/overviews/qps/timeline + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------+-----------+--------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+========+===================================================================================================================================================================================================================================================+ + | from | Yes | Long | Start time (13-digit timestamp in millisecond). This parameter must be used together with to. | + +-----------+-----------+--------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | to | Yes | Long | End time (13-digit timestamp in millisecond). This parameter must be used together with from. | + +-----------+-----------+--------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | No | String | IDs of the domain names you want to query. If this parameter is not specified, all protected domain names are queried by default. | + +-----------+-----------+--------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instances | No | String | IDs of the dedicated WAF engine instances you want to query. If this parameter is not specified, all dedicated WAF engine instances are queried by default. | + +-----------+-----------+--------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | group_by | No | String | How the queried data is displayed. The data can be displayed by the day or by the minute. For example, if the value is set to DAY, data is displayed by the day. By default, this parameter is not included, and data is displayed by the minute. | + +-----------+-----------+--------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+---------------------------------------------------------------------------------------------+-----------------------------+ + | Parameter | Type | Description | + +===========+=============================================================================================+=============================+ + | [items] | Array of :ref:`ListQpsTimelineItem ` objects | ListQpsTimelineResponseBody | + +-----------+---------------------------------------------------------------------------------------------+-----------------------------+ + +.. _listqpstimeline__response_listqpstimelineitem: + +.. table:: **Table 5** ListQpsTimelineItem + + +-----------------------+-------------------------------------------------------------------------------+--------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+===============================================================================+==============================================================+ + | key | String | The following statistics can be included: | + | | | | + | | | - ACCESS: The number of requests | + | | | | + | | | - CRAWLER: Crawler attacks identified | + | | | | + | | | - CC: CC attacks identified | + | | | | + | | | - WEB_ATTACK: Attacks blocked against basic web protection | + | | | | + | | | - PRECISE: Attacks blocked against precise protection rules | + | | | | + | | | - TOTAL_ATTACK: Total number of attacks | + +-----------------------+-------------------------------------------------------------------------------+--------------------------------------------------------------+ + | timeline | Array of :ref:`TimeLineItem ` objects | TimeLineItem | + +-----------------------+-------------------------------------------------------------------------------+--------------------------------------------------------------+ + +.. _listqpstimeline__response_timelineitem: + +.. table:: **Table 6** TimeLineItem + + ========= ======= ====================================== + Parameter Type Description + ========= ======= ====================================== + time Long Time-point + num Integer Quantity. Aggregated data is returned. + ========= ======= ====================================== + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/overviews/qps/timeline?from=1650470400196&to=1650522936196 + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + [ { + "key" : "ACCESS", + "timeline" : [ { + "time" : 1650470400000, + "num" : 0 + } ] + }, { + "key" : "PRECISE", + "timeline" : [ { + "time" : 1650470400000, + "num" : 0 + } ] + }, { + "key" : "CRAWLER", + "timeline" : [ { + "time" : 1650470400000, + "num" : 0 + } ] + }, { + "key" : "CC", + "timeline" : [ { + "time" : 1650470400000, + "num" : 0 + } ] + }, { + "key" : "TOTAL_ATTACK", + "timeline" : [ { + "time" : 1650470400000, + "num" : 0 + } ] + }, { + "key" : "WEB_ATTACK", + "timeline" : [ { + "time" : 1650470400000, + "num" : 0 + } ] + } ] + +Status Codes +------------ + +=========== ================================================ +Status Code Description +=========== ================================================ +200 Request succeeded. +400 Invalid request +401 The token does not have the required permission. +500 Internal server error. +=========== ================================================ + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/dashboard/querying_website_request_statistics.rst b/api-ref/source/apis/dashboard/querying_website_request_statistics.rst new file mode 100644 index 0000000..c9f4990 --- /dev/null +++ b/api-ref/source/apis/dashboard/querying_website_request_statistics.rst @@ -0,0 +1,176 @@ +:original_name: ListStatistics.html + +.. _ListStatistics: + +Querying Website Request Statistics +=================================== + +Function +-------- + +This API is used to query website request statistics. + +URI +--- + +GET /v1/{project_id}/waf/overviews/statistics + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------+-----------+--------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+========+=============================================================================================================================================================+ + | from | Yes | Long | Start time (13-digit timestamp). This parameter must be used together with to. | + +-----------+-----------+--------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | to | Yes | Long | End time (13-digit timestamp). This parameter must be used together with from. | + +-----------+-----------+--------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | No | String | IDs of the domain names you want to query. If this parameter is not specified, all protected domain names are queried by default. | + +-----------+-----------+--------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instances | No | String | IDs of the dedicated WAF engine instances you want to query. If this parameter is not specified, all dedicated WAF engine instances are queried by default. | + +-----------+-----------+--------+-------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==============================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of **X-Subject-Token** in the response header). | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+------------------------------------------------------------------------------------------+----------------------------+ + | Parameter | Type | Description | + +===========+==========================================================================================+============================+ + | [items] | Array of :ref:`ListStatisticsItem ` objects | ListStatisticsResponseBody | + +-----------+------------------------------------------------------------------------------------------+----------------------------+ + +.. _liststatistics__response_liststatisticsitem: + +.. table:: **Table 5** ListStatisticsItem + + +-----------------------+-----------------------+--------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==============================================================+ + | key | String | The following statistics can be included: | + | | | | + | | | - ACCESS: The number of requests | + | | | | + | | | - CRAWLER: Crawler attacks identified | + | | | | + | | | - CC: CC attacks identified | + | | | | + | | | - WEB_ATTACK: Attacks blocked against basic web protection | + | | | | + | | | - PRECISE: Attacks blocked against precise protection rules | + | | | | + | | | - TOTAL_ATTACK: Total number of attacks | + +-----------------------+-----------------------+--------------------------------------------------------------+ + | num | Integer | Quantity | + +-----------------------+-----------------------+--------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/overviews/statistics?from=1650470400196&to=1650522936196 + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + [ { + "key" : "ACCESS", + "num" : 1190 + }, { + "key" : "PRECISE", + "num" : 0 + }, { + "key" : "CRAWLER", + "num" : 10 + }, { + "key" : "WEB_ATTACK", + "num" : 22 + }, { + "key" : "CC", + "num" : 0 + }, { + "key" : "ATTACK", + "num" : 32 + } ] + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/dedicated_instance_management/creating_a_dedicated_waf_engine.rst b/api-ref/source/apis/dedicated_instance_management/creating_a_dedicated_waf_engine.rst new file mode 100644 index 0000000..c658482 --- /dev/null +++ b/api-ref/source/apis/dedicated_instance_management/creating_a_dedicated_waf_engine.rst @@ -0,0 +1,178 @@ +:original_name: CreateInstance.html + +.. _CreateInstance: + +Creating a Dedicated WAF Engine +=============================== + +Function +-------- + +This API is used to create a dedicated WAF engine + +URI +--- + +POST /v1/{project_id}/premium-waf/instance + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +================+===========+==================+=========================================================================================================================================================================================================================================================================================================+ + | chargemode | No | Integer | Billing mode. Currently, only pay-per-use billing (30) is supported. Make sure your account balance is enough, or the dedicated WAF engine will forward requests directly to the origin server without inspection. | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | Yes | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | available_zone | Yes | String | AZ where the dedicated engine is to be created. | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | Yes | String | Dedicated engine CPU architecture. Its value can be x86 . | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | Yes | String | Prefix of the dedicated WAF engine name, which is user-defined. | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | Yes | String | Specifications of the dedicated engine version. The value can be waf.instance.enterprise or waf.instance.professional. An enterprise edition dedicated engine has more functions than a professional edition one. For more details, see the Web Application Firewall (WAF) User Guide. | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | Yes | String | ID of the specifications of the ECS hosting the dedicated engine. It can be obtained by calling the ECS ListFlavors API. For the enterprise edition, ECS specifications with 8 vCPUs and 16 GB memory are used. For the professional edition, ECS specifications with 2 vCPUs and 4 GB memory are used. | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | Yes | String | ID of the VPC where the dedicated engine is located. It can be obtained by calling the ListVpcs API. | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | Yes | String | ID of the VPC subnet where the dedicated engine is located. It can be obtained by calling the **ListSubnets API**. **subnet_id** has the same value as **network_id** obtained by calling the OpenStack APIs | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group | Yes | Array of strings | ID of the security group where the dedicated engine is located. It can be obtained by calling the ListSecurityGroups API. | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | count | Yes | Integer | Number of dedicated engines to be provisioned | + +----------------+-----------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+------------------------------------------------------------------------------+-------------+ + | Parameter | Type | Description | + +===========+==============================================================================+=============+ + | instances | Array of :ref:`instanceInfo ` objects | instances | + +-----------+------------------------------------------------------------------------------+-------------+ + +.. _createinstance__response_instanceinfo: + +.. table:: **Table 5** instanceInfo + + ========= ====== =========== + Parameter Type Description + ========= ====== =========== + id String id + name String Name + ========= ====== =========== + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{endpoint}/v1/{project_id}/premium-waf/instance + + { + "chargemode" : 30, + "region" : "region-01-4", + "available_zone" : "region-01-4a", + "arch" : "x86", + "instancename" : "demo", + "specification\"" : "waf.instance.enterprise", + "cpu_flavor" : "c3ne.2xlarge.2", + "vpc_id" : "d7b6a5ff-6c53-4cd4-9d57-f20ee8753056", + "subnet_id" : "e59ccd18-7e15-4588-b689-04b856f4e78b", + "security_group" : [ "09b156a2-f0f0-41fd-9891-60e594601cfd" ], + "count" : 1 + } + +Example Responses +----------------- + +**Status code: 200** + +Information about the created dedicated WAF engine. + +.. code-block:: + + { + "instances" : [ { + "id" : "50a6b6c9bdb643f9a8038976fc58ad02", + "name" : "demo-6wvl" + } ] + } + +Status Codes +------------ + +=========== =================================================== +Status Code Description +=========== =================================================== +200 Information about the created dedicated WAF engine. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== =================================================== + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/dedicated_instance_management/deleting_a_dedicated_waf_engine.rst b/api-ref/source/apis/dedicated_instance_management/deleting_a_dedicated_waf_engine.rst new file mode 100644 index 0000000..9a9421b --- /dev/null +++ b/api-ref/source/apis/dedicated_instance_management/deleting_a_dedicated_waf_engine.rst @@ -0,0 +1,214 @@ +:original_name: DeleteInstance.html + +.. _DeleteInstance: + +Deleting a Dedicated WAF Engine +=============================== + +Function +-------- + +This API is used to delete a dedicated WAF engine. + +URI +--- + +DELETE /v1/{project_id}/premium-waf/instance/{instance_id} + +.. table:: **Table 1** Path Parameters + + +-------------+-----------+--------+------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=============+===========+========+==========================================================================================+ + | project_id | Yes | String | Project ID | + +-------------+-----------+--------+------------------------------------------------------------------------------------------+ + | instance_id | Yes | String | ID of the dedicated WAF instance. It can be obtained by calling the WAF ListInstance API | + +-------------+-----------+--------+------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+====================================================================================+==================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instance_name | String | Name of the dedicated WAF engine. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deleteinstance__response_idhostnameentry: + +.. table:: **Table 4** IdHostnameEntry + + +-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+=============================================================================================+ + | id | String | ID of the protected domain name. This is a unique ID automatically generated by the system. | + +-----------+--------+---------------------------------------------------------------------------------------------+ + | hostname | String | Protected domain name | + +-----------+--------+---------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{endpoint}z/v1/{project_id}/premium-waf/instance/{instance_id} + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "0619871acb764d48a112695e8f7cbb10", + "region" : "region-01-7", + "zone" : "region-01-7a", + "specification" : "8vCPUs | 16GB", + "arch" : "x86", + "upgradable" : 0, + "status" : 0, + "serverId" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "server_id" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "cloudServiceType" : "hws.service.type.waf", + "resourceType" : "hws.resource.type.waf.instance", + "resourceSpecCode" : "waf.instance.enterprise", + "vpc_id" : "13718074-a3f9-408d-82aa-3c41ef55e589", + "subnet_id" : "74d1b5a6-c7eb-4e9a-8372-181212552fcc", + "service_ip" : "192.168.10.68", + "security_group_ids" : [ "34287bdb-7aba-471a-b041-27427f1af76a" ], + "cpu_flavor" : "Si2.2xlarge.2", + "run_status" : 2, + "access_status" : 1, + "hosts" : [ { + "id" : "c3be17bbe3a641c7a1ded6019c377402", + "hostname" : "demo.www.com" + } ], + "instancename" : "0412elb", + "instance_name" : "0412elb" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/dedicated_instance_management/index.rst b/api-ref/source/apis/dedicated_instance_management/index.rst new file mode 100644 index 0000000..f97e0e5 --- /dev/null +++ b/api-ref/source/apis/dedicated_instance_management/index.rst @@ -0,0 +1,24 @@ +:original_name: topic_300000000.html + +.. _topic_300000000: + +Dedicated Instance Management +============================= + +- :ref:`Creating a Dedicated WAF Engine ` +- :ref:`Querying the List of Dedicated WAF Engines ` +- :ref:`Querying Details about a Dedicated WAF Engine ` +- :ref:`Renaming a Dedicated WAF Engine ` +- :ref:`Deleting a Dedicated WAF Engine ` +- :ref:`Operations on a Dedicated WAF Instance ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + creating_a_dedicated_waf_engine + querying_the_list_of_dedicated_waf_engines + querying_details_about_a_dedicated_waf_engine + renaming_a_dedicated_waf_engine + deleting_a_dedicated_waf_engine + operations_on_a_dedicated_waf_instance diff --git a/api-ref/source/apis/dedicated_instance_management/operations_on_a_dedicated_waf_instance.rst b/api-ref/source/apis/dedicated_instance_management/operations_on_a_dedicated_waf_instance.rst new file mode 100644 index 0000000..badb58d --- /dev/null +++ b/api-ref/source/apis/dedicated_instance_management/operations_on_a_dedicated_waf_instance.rst @@ -0,0 +1,228 @@ +:original_name: UpgradeInstance.html + +.. _UpgradeInstance: + +Operations on a Dedicated WAF Instance +====================================== + +Function +-------- + +This API is used to operate a dedicated WAF instance. + +URI +--- + +POST /v1/{project_id}/premium-waf/instance/{instance_id}/action + +.. table:: **Table 1** Path Parameters + + =========== ========= ====== ============================== + Parameter Mandatory Type Description + =========== ========= ====== ============================== + project_id Yes String Project ID. + instance_id Yes String ID of the dedicated WAF engine + =========== ========= ====== ============================== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================================+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+------------------------------------------------------------+ + | X-Auth-Token | No | String | User token. | + +-----------------+-----------------+-----------------+------------------------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=======================================================================+ + | action | Yes | String | peration name. | + | | | | | + | | | | - upgrade: Upgrade the software version of the dedicated WAF engine. | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=====================================================================================+==================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instance_name | String | Name of the dedicated WAF engine. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+-------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _upgradeinstance__response_idhostnameentry: + +.. table:: **Table 5** IdHostnameEntry + + +-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+=============================================================================================+ + | id | String | ID of the protected domain name. This is a unique ID automatically generated by the system. | + +-----------+--------+---------------------------------------------------------------------------------------------+ + | hostname | String | Protected domain name | + +-----------+--------+---------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{endpoint}/v1/{project_id}/premium-waf/instance/{instance_id}/action + + { + "action" : "upgrade" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "0619871acb764d48a112695e8f7cbb10", + "region" : "region-01-7", + "zone" : "region-01-7a", + "specification" : "8vCPUs | 16GB", + "arch" : "x86", + "upgradable" : 0, + "status" : 0, + "serverId" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "server_id" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "cloudServiceType" : "hws.service.type.waf", + "resourceType" : "hws.resource.type.waf.instance", + "resourceSpecCode" : "waf.instance.enterprise", + "vpc_id" : "13718074-a3f9-408d-82aa-3c41ef55e589", + "subnet_id" : "74d1b5a6-c7eb-4e9a-8372-181212552fcc", + "service_ip" : "192.168.10.68", + "security_group_ids" : [ "34287bdb-7aba-471a-b041-27427f1af76a" ], + "cpu_flavor" : "Si2.2xlarge.2", + "run_status" : 2, + "access_status" : 1, + "hosts" : [ { + "id" : "c3be17bbe3a641c7a1ded6019c377402", + "hostname" : "demo.www.com" + } ], + "instancename" : "0412elb", + "instance_name" : "0412elb", + "create_time" : 1649923548548 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/dedicated_instance_management/querying_details_about_a_dedicated_waf_engine.rst b/api-ref/source/apis/dedicated_instance_management/querying_details_about_a_dedicated_waf_engine.rst new file mode 100644 index 0000000..5bb97d3 --- /dev/null +++ b/api-ref/source/apis/dedicated_instance_management/querying_details_about_a_dedicated_waf_engine.rst @@ -0,0 +1,217 @@ +:original_name: ShowInstance.html + +.. _ShowInstance: + +Querying Details about a Dedicated WAF Engine +============================================= + +Function +-------- + +This API is used to query details about a dedicated WAF engine. + +URI +--- + +GET /v1/{project_id}/premium-waf/instance/{instance_id} + +.. table:: **Table 1** Path Parameters + + +-------------+-----------+--------+------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=============+===========+========+==========================================================================================+ + | project_id | Yes | String | Project ID | + +-------------+-----------+--------+------------------------------------------------------------------------------------------+ + | instance_id | Yes | String | ID of the dedicated WAF instance. It can be obtained by calling the WAF ListInstance API | + +-------------+-----------+--------+------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==================================================================================+==================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instance_name | String | Name of the dedicated WAF engine. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | create_time | Long | Timestamp when the dedicated WAF engine was created. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showinstance__response_idhostnameentry: + +.. table:: **Table 4** IdHostnameEntry + + +-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+=============================================================================================+ + | id | String | ID of the protected domain name. This is a unique ID automatically generated by the system. | + +-----------+--------+---------------------------------------------------------------------------------------------+ + | hostname | String | Protected domain name | + +-----------+--------+---------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{endpoint}/v1/{project_id}/premium-waf/instance/{instance_id} + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "0619871acb764d48a112695e8f7cbb10", + "region" : "region-01-7", + "zone" : "region-01-7a", + "specification" : "8vCPUs | 16GB", + "arch" : "x86", + "upgradable" : 0, + "status" : 0, + "serverId" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "server_id" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "cloudServiceType" : "hws.service.type.waf", + "resourceType" : "hws.resource.type.waf.instance", + "resourceSpecCode" : "waf.instance.enterprise", + "vpc_id" : "13718074-a3f9-408d-82aa-3c41ef55e589", + "subnet_id" : "74d1b5a6-c7eb-4e9a-8372-181212552fcc", + "service_ip" : "192.168.10.68", + "security_group_ids" : [ "34287bdb-7aba-471a-b041-27427f1af76a" ], + "cpu_flavor" : "Si2.2xlarge.2", + "run_status" : 2, + "access_status" : 1, + "hosts" : [ { + "id" : "c3be17bbe3a641c7a1ded6019c377402", + "hostname" : "demo.www.com" + } ], + "instancename" : "0412elb", + "instance_name" : "0412elb", + "create_time" : 1649217360674 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/dedicated_instance_management/querying_the_list_of_dedicated_waf_engines.rst b/api-ref/source/apis/dedicated_instance_management/querying_the_list_of_dedicated_waf_engines.rst new file mode 100644 index 0000000..3ee4c7b --- /dev/null +++ b/api-ref/source/apis/dedicated_instance_management/querying_the_list_of_dedicated_waf_engines.rst @@ -0,0 +1,244 @@ +:original_name: ListInstance.html + +.. _ListInstance: + +Querying the List of Dedicated WAF Engines +========================================== + +Function +-------- + +This API is used to query the list of dedicated WAF engines. + +URI +--- + +GET /v1/{project_id}/premium-waf/instance + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +--------------+-----------+---------+-----------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +==============+===========+=========+===============================================================================================+ + | page | No | Integer | Page number, which is required for pagination query | + +--------------+-----------+---------+-----------------------------------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page, which is required for pagination query | + +--------------+-----------+---------+-----------------------------------------------------------------------------------------------+ + | instancename | No | String | Fuzzy query for dedicated WAF engine names. Only prefix and suffix match query are supported. | + +--------------+-----------+---------+-----------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content-Type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+----------------------------------------------------------------------------+--------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+============================================================================+================================================================================+ + | total | Integer | Total number of dedicated engines | + +-----------------------+----------------------------------------------------------------------------+--------------------------------------------------------------------------------+ + | purchased | Boolean | Whether any dedicated engine has been created. The value can be false or true. | + | | | | + | | | - false: No dedicated WAF engine has been created. | + | | | | + | | | - true: At least one dedicated WAF engine has been created. | + +-----------------------+----------------------------------------------------------------------------+--------------------------------------------------------------------------------+ + | items | Array of :ref:`ListInstance ` objects | Details about the dedicated engine | + +-----------------------+----------------------------------------------------------------------------+--------------------------------------------------------------------------------+ + +.. _listinstance__response_listinstance: + +.. table:: **Table 5** ListInstance + + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==================================================================================+==================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listinstance__response_idhostnameentry: + +.. table:: **Table 6** IdHostnameEntry + + +-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+=============================================================================================+ + | id | String | ID of the protected domain name. This is a unique ID automatically generated by the system. | + +-----------+--------+---------------------------------------------------------------------------------------------+ + | hostname | String | Protected domain name | + +-----------+--------+---------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{endpoint}/v1/{project_id}/premium-waf/instance + +Example Responses +----------------- + +**Status code: 200** + +Lists of dedicated WAF engines + +.. code-block:: + + { + "purchased" : true, + "total" : 1, + "items" : [ { + "id" : "0619871acb764d48a112695e8f7cbb10", + "region" : "region-01-7", + "zone" : "region-01-7a", + "specification" : "8vCPUs | 16GB", + "arch" : "x86", + "upgradable" : 0, + "status" : 0, + "serverId" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "server_id" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "cloudServiceType" : "hws.service.type.waf", + "resourceType" : "hws.resource.type.waf.instance", + "resourceSpecCode" : "waf.instance.enterprise", + "vpc_id" : "13718074-a3f9-408d-82aa-3c41ef55e589", + "subnet_id" : "74d1b5a6-c7eb-4e9a-8372-181212552fcc", + "service_ip" : "192.168.10.68", + "security_group_ids" : [ "34287bdb-7aba-471a-b041-27427f1af76a" ], + "cpu_flavor" : "Si2.2xlarge.2", + "run_status" : 2, + "access_status" : 1, + "hosts" : [ { + "id" : "c3be17bbe3a641c7a1ded6019c377402", + "hostname" : "demo.www.com" + } ], + "instancename" : "0412elb", + "instance_name" : "0412elb" + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Lists of dedicated WAF engines +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/dedicated_instance_management/renaming_a_dedicated_waf_engine.rst b/api-ref/source/apis/dedicated_instance_management/renaming_a_dedicated_waf_engine.rst new file mode 100644 index 0000000..c273a71 --- /dev/null +++ b/api-ref/source/apis/dedicated_instance_management/renaming_a_dedicated_waf_engine.rst @@ -0,0 +1,226 @@ +:original_name: RenameInstance.html + +.. _RenameInstance: + +Renaming a Dedicated WAF Engine +=============================== + +Function +-------- + +This API is used to rename a dedicated WAF engine + +URI +--- + +PUT /v1/{project_id}/premium-waf/instance/{instance_id} + +.. table:: **Table 1** Path Parameters + + +-------------+-----------+--------+------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=============+===========+========+==========================================================================================+ + | project_id | Yes | String | Project ID | + +-------------+-----------+--------+------------------------------------------------------------------------------------------+ + | instance_id | Yes | String | ID of the dedicated WAF instance. It can be obtained by calling the WAF ListInstance API | + +-------------+-----------+--------+------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | No | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + ============ ========= ====== ==================================== + Parameter Mandatory Type Description + ============ ========= ====== ==================================== + instancename Yes String New name of the dedicated WAF engine + ============ ========= ====== ==================================== + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+====================================================================================+==================================================================================================================================================================================================+ + | id | String | ID of the dedicated WAF engine | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instance_name | String | Name of the dedicated WAF engine. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | instancename | String | Name of the dedicated WAF engine. This parameter is repeated and can be ignored. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | region | String | Region where a dedicated engine is to be created. Its value is EU-DE. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | zone | String | AZ ID. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | arch | String | CPU architecture | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cpu_flavor | String | ECS specification ID | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | ID of the VPC where the dedicated engine is located | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | subnet_id | String | Subnet ID of the VPC where the dedicated engine is located. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ip | String | Service plane IP address of the dedicated engine | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | service_ipv6 | String | IPv6 address of the service plane of the dedicated engine | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | security_group_ids | Array of strings | Security groups bound to the dedicated engine ECS | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Billing status of dedicated WAF engine. The value can be 0, 1, or 2. | + | | | | + | | | - 0: The billing is normal. | + | | | | + | | | - 1: The billing account is frozen. Resources and data will be retained, but the cloud services cannot be used by the account. | + | | | | + | | | - 2: The billing is terminated. Resources and data will be cleared. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | run_status | Integer | unning status of the dedicated engine. The value can be 0 (creating), 1 (running), 2 (deleting), 3 (deleted), 4 (creation failed), 5 (frozen), 6 (abnormal), 7 (updating), or 8 (update failed). | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Access status of the dedicated engine. The value can be 0 or 1. | + | | | | + | | | - 0: the dedicated engine is not connected. | + | | | | + | | | - 1: the dedicated engine is connected. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | upgradable | Integer | Whether the dedicated engine can be upgraded. The value can be 0 for no or 1 for yes. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cloudServiceType | String | Cloud service code. This is a unique code used to distinguish cloud services from each other. You can ignore it. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceType | String | Cloud service resource type. Cloud services are purchased by resource type. You can ignore it. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | resourceSpecCode | String | Resource specifications code. This code is used to identify the resource specifications the dedicated engine uses. You can ignore it. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | specification | String | Dedicated engine ECS specifications, for example, 8 vCPUs \| 16 GB. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | Array of :ref:`IdHostnameEntry ` objects | Domain name protected by the dedicated engine. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server_id | String | ID of the ECS hosting the dedicated engine. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | serverId | String | ID of the ECS hosting the dedicated engine. This parameter is the same as server_id, and will be deleted. | + +-----------------------+------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _renameinstance__response_idhostnameentry: + +.. table:: **Table 5** IdHostnameEntry + + +-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+=============================================================================================+ + | id | String | ID of the protected domain name. This is a unique ID automatically generated by the system. | + +-----------+--------+---------------------------------------------------------------------------------------------+ + | hostname | String | Protected domain name | + +-----------+--------+---------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{endpoint}/v1/{project_id}/premium-waf/instance/{instance_id} + + { + "instancename" : "0412elb" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "0619871acb764d48a112695e8f7cbb10", + "region" : "region-01-7", + "zone" : "region-01-7a", + "specification" : "8vCPUs | 16GB", + "arch" : "x86", + "upgradable" : 0, + "status" : 0, + "serverId" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "server_id" : "477353dc-8687-4bf4-b45b-1d7fee74fa63", + "cloudServiceType" : "hws.service.type.waf", + "resourceType" : "hws.resource.type.waf.instance", + "resourceSpecCode" : "waf.instance.enterprise", + "vpc_id" : "13718074-a3f9-408d-82aa-3c41ef55e589", + "subnet_id" : "74d1b5a6-c7eb-4e9a-8372-181212552fcc", + "service_ip" : "192.168.10.68", + "security_group_ids" : [ "34287bdb-7aba-471a-b041-27427f1af76a" ], + "cpu_flavor" : "Si2.2xlarge.2", + "run_status" : 2, + "access_status" : 1, + "hosts" : [ { + "id" : "c3be17bbe3a641c7a1ded6019c377402", + "hostname" : "demo.www.com" + } ], + "instancename" : "0412elb", + "instance_name" : "0412elb" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/event_management/index.rst b/api-ref/source/apis/event_management/index.rst new file mode 100644 index 0000000..142ad99 --- /dev/null +++ b/api-ref/source/apis/event_management/index.rst @@ -0,0 +1,16 @@ +:original_name: topic_300000006.html + +.. _topic_300000006: + +Event Management +================ + +- :ref:`Querying the List of Attack Events ` +- :ref:`Querying Attack Event Details ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + querying_the_list_of_attack_events + querying_attack_event_details diff --git a/api-ref/source/apis/event_management/querying_attack_event_details.rst b/api-ref/source/apis/event_management/querying_attack_event_details.rst new file mode 100644 index 0000000..522875d --- /dev/null +++ b/api-ref/source/apis/event_management/querying_attack_event_details.rst @@ -0,0 +1,246 @@ +:original_name: ShowEvent.html + +.. _ShowEvent: + +Querying Attack Event Details +============================= + +Function +-------- + +This API is used to query the details about an attack event. + +URI +--- + +GET /v1/{project_id}/waf/event/{eventid} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + eventid Yes String Event ID. + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------+-----------------------------------------------------------------------------+-------------------------+ + | Parameter | Type | Description | + +===========+=============================================================================+=========================+ + | total | Integer | Number of attack events | + +-----------+-----------------------------------------------------------------------------+-------------------------+ + | items | Array of :ref:`ShowEventItems ` objects | Attack event details | + +-----------+-----------------------------------------------------------------------------+-------------------------+ + +.. _showevent__response_showeventitems: + +.. table:: **Table 4** ShowEventItems + + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=====================================================+============================================================================+ + | id | String | Event ID | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | time | Integer | Occurrences | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | sip | String | Source IP address | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | host | String | Domain name | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | url | String | Attacked URL | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | attack | String | Attack type. The value of attack type can be: | + | | | | + | | | - xss or sqli: XSS attacks | + | | | | + | | | - cmdi: Command injection | + | | | | + | | | - robot: Malicious crawlers | + | | | | + | | | - lfi: Local file inclusion | + | | | | + | | | - rfi: Remote file inclusion | + | | | | + | | | - webshell: Website Trojans | + | | | | + | | | - cc: CC attacks | + | | | | + | | | - custom_custom: Precise protection | + | | | | + | | | - custom_whiteblackip: IP address blacklist and whitelist | + | | | | + | | | - custom_geoip: Geolocation access control | + | | | | + | | | - antitamper: Web tamper protection | + | | | | + | | | - anticrawler: Anti-crawler protection | + | | | | + | | | - leakage: Data leakage prevention | + | | | | + | | | - illegal: Illegal requests | + | | | | + | | | - vuln: Other attack types | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | rule | String | ID of the matched rule. Note that there is no ID for a precise protection. | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | payload | String | Hit payload | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | payload_location | String | Malicious load location | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | action | String | Protective action | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | request_line | String | Request method and path | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | headers | :ref:`Headers ` object | Request header | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | cookie | String | Request cookie | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | status | String | Response code status | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | process_time | Integer | The time of the WAF service processing the request. | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | region | String | Geographical location of the source IP address. | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | host_id | String | Domain name ID | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | response_time | Long | Time to response | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | response_size | Integer | Response body size | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | response_body | String | Response body content. | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + +.. _showevent__response_headers: + +.. table:: **Table 5** Headers + + ============== ====== ============================ + Parameter Type Description + ============== ====== ============================ + content-length String Request length + host String Domain name + content-type String Content type. + user-agent String proxy + accept String Type of the received content + ============== ====== ============================ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/event{event_id}?enterprise_project_id=0 + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "09-0000-0000-0000-12120220421093806-a60a6166", + "time" : 1650505086000, + "policyid" : "173ed802272a4b0798049d7edffeff03", + "host" : "x.x.x.x:xxxxxx-xxx-xxx-xxx-xxxxxxxxx", + "url" : "/mobile/DBconfigReader.jsp", + "attack" : "vuln", + "rule" : "091004", + "payload" : " /mobile/dbconfigreader.jsp", + "payload_location" : "uri", + "sip" : "x.x.x.x", + "action" : "block", + "request_line" : "GET /mobile/DBconfigReader.jsp", + "headers" : { + "accept" : "*/*", + "host" : "x.x.x.x:81", + "user-agent" : "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 CSIRTx/2022" + }, + "cookie" : "HWWAFSESID=2a0bf76a111c93926d; HWWAFSESTIME=1650505086260", + "status" : "418", + "region" : "Reserved IP", + "host_id" : "e093a352fd3a4ddd994c585e2e1dda59", + "response_time" : 0, + "response_size" : 3318, + "response_body" : "", + "process_time" : 0 + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/event_management/querying_the_list_of_attack_events.rst b/api-ref/source/apis/event_management/querying_the_list_of_attack_events.rst new file mode 100644 index 0000000..338d565 --- /dev/null +++ b/api-ref/source/apis/event_management/querying_the_list_of_attack_events.rst @@ -0,0 +1,275 @@ +:original_name: ListEvent.html + +.. _ListEvent: + +Querying the List of Attack Events +================================== + +Function +-------- + +This API is used to query the list of attack events for a specific period. It cannot be used to query all attack events. The pagesize parameter cannot be set to -1. + +URI +--- + +GET /v1/{project_id}/waf/event + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================================================================================================================================================================================+ + | recent | No | String | Time range for querying logs. This parameter cannot be used together with from or to. Note that either parameter recent or from and to must be configured. If both of them are configured, recent is preferentially used. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **yesterday** | + | | | | | + | | | | - **today** | + | | | | | + | | | | - **3days** | + | | | | | + | | | | - **1week** | + | | | | | + | | | | - **1month** | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | from | No | Long | Start time (13-digit timestamp). This parameter must be used together with to, but cannot be used together with recent. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | to | No | Long | End time (13-digit timestamp). This parameter must be used together with from but cannot be used together with recent. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hosts | No | Array | Domain name ID. It can be obtained by calling the ListPremiumHost API. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | page | No | Integer | Page. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+-----------------------------------------------------------------------------+-------------------------+ + | Parameter | Type | Description | + +===========+=============================================================================+=========================+ + | total | Integer | Number of attack events | + +-----------+-----------------------------------------------------------------------------+-------------------------+ + | items | Array of :ref:`ListEventItems ` objects | Attack event details | + +-----------+-----------------------------------------------------------------------------+-------------------------+ + +.. _listevent__response_listeventitems: + +.. table:: **Table 5** ListEventItems + + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=====================================================+============================================================================+ + | id | String | Event ID | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | time | Integer | Occurrences | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | sip | String | Source IP address | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | host | String | Domain name | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | url | String | Attacked URL | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | attack | String | Attack type. The value of attack type can be: | + | | | | + | | | - xss or sqli: XSS attacks | + | | | | + | | | - cmdi: Command injection | + | | | | + | | | - robot: Malicious crawlers | + | | | | + | | | - lfi: Local file inclusion | + | | | | + | | | - rfi: Remote file inclusion | + | | | | + | | | - webshell: Website Trojans | + | | | | + | | | - cc: CC attacks | + | | | | + | | | - custom_custom: Precise protection | + | | | | + | | | - custom_whiteblackip: IP address blacklist and whitelist | + | | | | + | | | - custom_geoip: Geolocation access control | + | | | | + | | | - antitamper: Web tamper protection | + | | | | + | | | - anticrawler: Anti-crawler protection | + | | | | + | | | - leakage: Data leakage prevention | + | | | | + | | | - illegal: Illegal requests | + | | | | + | | | - vuln: Other attack types | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | rule | String | ID of the matched rule. Note that there is no ID for a precise protection. | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | payload | String | Hit payload | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | payload_location | String | Malicious load location | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | action | String | Protective action | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | request_line | String | Request method and path | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | headers | :ref:`Headers ` object | Request header | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | cookie | String | Request cookie | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | status | String | Response code status | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | process_time | Integer | The time of the WAF service processing the request. | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | region | String | Geographical location of the source IP address. | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | host_id | String | Domain name ID | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | response_time | Long | Time to response | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | response_size | Integer | Response body size | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + | response_body | String | Response body content. | + +-----------------------+-----------------------------------------------------+----------------------------------------------------------------------------+ + +.. _listevent__response_headers: + +.. table:: **Table 6** Headers + + ============== ====== ============================ + Parameter Type Description + ============== ====== ============================ + content-length String Request length + host String Domain name + content-type String Content type. + user-agent String proxy + accept String Type of the received content + ============== ====== ============================ + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/event?page=1&pagesize=10&recent=today + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "04-0000-0000-0000-21120220421152601-2f7a5ceb", + "time" : 1650525961000, + "policyid" : "25f1d179896e4e3d87ceac0598f48d00", + "host" : "x.x.x.x:xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "url" : "/osclass/oc-admin/index.php", + "attack" : "lfi", + "rule" : "040002", + "payload" : " file=../../../../../../../../../../etc/passwd", + "payload_location" : "params", + "sip" : "x.x.x.x", + "action" : "block", + "request_line" : "GET /osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd", + "headers" : { + "host" : "x.x.x.x", + "accept" : "*/*", + "user-agent" : "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36" + }, + "cookie" : "HWWAFSESID=2a1d773f9199d40a53; HWWAFSESTIME=1650525961805", + "status" : "418", + "region" : "Reserved IP", + "host_id" : "6fbe595e7b874dbbb1505da3e8579b54", + "response_time" : 0, + "response_size" : 3318, + "response_body" : "", + "process_time" : 2 + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/index.rst b/api-ref/source/apis/index.rst new file mode 100644 index 0000000..5f7468b --- /dev/null +++ b/api-ref/source/apis/index.rst @@ -0,0 +1,26 @@ +:original_name: waf_02_0007.html + +.. _waf_02_0007: + +APIs +==== + +- :ref:`Dedicated Instance Management ` +- :ref:`Managing Websites Protected in Dedicated Mode ` +- :ref:`Policy Management ` +- :ref:`Rule Management ` +- :ref:`Certificate Management ` +- :ref:`Dashboard ` +- :ref:`Event Management ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + dedicated_instance_management/index + managing_websites_protected_in_dedicated_mode/index + policy_management/index + rule_management/index + certificate_management/index + dashboard/index + event_management/index diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/adding_a_protected_domain_name.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/adding_a_protected_domain_name.rst new file mode 100644 index 0000000..d58f171 --- /dev/null +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/adding_a_protected_domain_name.rst @@ -0,0 +1,350 @@ +:original_name: CreatePremiumHost.html + +.. _CreatePremiumHost: + +Adding a Protected Domain Name +============================== + +Function +-------- + +Adding a Protected Domain Name + +URI +--- + +POST /v1/{project_id}/premium-waf/host + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+===========+========================================================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================+ + | certificateid | No | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API.This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS. | + +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificatename | No | String | Certificate name. Certifacteid and certificatename are required at the same. If certificateid does not match certificatename, an error is reported.This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS. | + +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | Yes | String | Protected domain name or IP address (port allowed) | + +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | proxy | Yes | Boolean | Whether a proxy is used for the domain name. If your website has no layer-7 proxy server such as CDN and cloud acceleration service deployed in front of WAF and uses only layer-4 load balancers (or NAT), set Proxy Configured to No. Otherwise, Proxy Configured must be set to Yes. This ensures that WAF obtains real IP addresses of website visitors and takes protective actions configured in protection policies. | + +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | No | String | ID of the policy initially used to the domain name. It can be obtained by calling the API described in 2.1.1 Querying Protection Policies. | + +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server | Yes | Array of :ref:`PremiumWafServer ` objects | Server configuration in dedicated mode | + +-----------------+-----------+----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createpremiumhost__request_premiumwafserver: + +.. table:: **Table 4** PremiumWafServer + + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================================================================================================================================================================================+ + | front_protocol | Yes | String | Client protocol | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **HTTP** | + | | | | | + | | | | - **HTTPS** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | back_protocol | Yes | String | Server protocol | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **HTTP** | + | | | | | + | | | | - **HTTPS** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | address | Yes | String | IP address or domain name of the origin server that the client accesses. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | port | Yes | Integer | Server port | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | type | Yes | String | The origin server address is an IPv4 or IPv6 address. Default value: ipv4 | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **ipv4** | + | | | | | + | | | | - **ipv6** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | Yes | String | VPC ID. Perform the following steps to obtain the VPC ID: | + | | | | | + | | | | - 1.Find the name of the VPC where the dedicated engine is located. The VPC name is in the VPC\\Subnet column. Log in to the WAF console and choose Instance Management > Dedicated Engine > VPC\\Subnet. | + | | | | | + | | | | - Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 5** Response body parameters + + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=========================================================================================+===============================================================================================================================================================+ + | id | String | Protected domain name ID | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Protected domain name | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domainid | String | Tenant ID | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | projectid | String | Project ID | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | protocol | String | HTTP protocol | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | Integer | WAF status of the protected domain name. | + | | | | + | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | + | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. -1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Whether a domain name is connected to WAF. | + | | | | + | | | - 0: disconnected | + | | | | + | | | - 1: connected | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | proxy | Boolean | Whether a proxy is used. | + | | | | + | | | - true: The proxy is enabled. | + | | | | + | | | - false: The proxy is disabled. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server | Array of :ref:`PremiumWafServer ` objects | Origin server list | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configuration. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_page | :ref:`BlockPage ` object | Alarm configuration page | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | Map | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Creation time. | + +-----------------------+-----------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createpremiumhost__response_premiumwafserver: + +.. table:: **Table 6** PremiumWafServer + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+============================================================================================================================================================================================================+ + | front_protocol | String | Client protocol | + | | | | + | | | Enumeration values: | + | | | | + | | | - **HTTP** | + | | | | + | | | - **HTTPS** | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | back_protocol | String | Server protocol | + | | | | + | | | Enumeration values: | + | | | | + | | | - **HTTP** | + | | | | + | | | - **HTTPS** | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | address | String | IP address or domain name of the origin server that the client accesses. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | port | Integer | Server port | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | type | String | The origin server address is an IPv4 or IPv6 address. Default value: ipv4 | + | | | | + | | | Enumeration values: | + | | | | + | | | - **ipv4** | + | | | | + | | | - **ipv6** | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | VPC ID. Perform the following steps to obtain the VPC ID: | + | | | | + | | | - 1.Find the name of the VPC where the dedicated engine is located. The VPC name is in the VPC\\Subnet column. Log in to the WAF console and choose Instance Management > Dedicated Engine > VPC\\Subnet. | + | | | | + | | | - Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createpremiumhost__response_flag: + +.. table:: **Table 7** Flag + + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================+ + | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | + | | | | + | | | - true: PCI 3DS check is enabled. | + | | | | + | | | - false: PCI 3DS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | + | | | | + | | | - true: PCI DDS check is enabled. | + | | | | + | | | - false: PCI DDS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createpremiumhost__response_blockpage: + +.. table:: **Table 8** BlockPage + + +--------------+-------------------------------------------------------------------+-------------------+ + | Parameter | Type | Description | + +==============+===================================================================+===================+ + | template | String | Template name | + +--------------+-------------------------------------------------------------------+-------------------+ + | custom_page | :ref:`CustomPage ` object | Custom alarm page | + +--------------+-------------------------------------------------------------------+-------------------+ + | redirect_url | String | Redirection URL | + +--------------+-------------------------------------------------------------------+-------------------+ + +.. _createpremiumhost__response_custompage: + +.. table:: **Table 9** CustomPage + + ============ ====== ========================== + Parameter Type Description + ============ ====== ========================== + status_code String Status Codes + content_type String Content type of alarm page + content String Page content + ============ ====== ========================== + +**Status code: 400** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 12** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/premium-waf/host?enterprise_project_id=0 + + { + "hostname" : "www.demo.com", + "server" : [ { + "front_protocol" : "HTTP", + "back_protocol" : "HTTP", + "vpc_id" : "cf6dbace-b36a-4d51-ae04-52a3319ae247", + "type" : "ipv4", + "address" : "1.1.1.1", + "port" : 80 + } ], + "proxy" : false, + "description" : "" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "51a5649e52d341a9bb802044950969dc", + "policyid" : "1607df035bc847b582ce9c838c083b88", + "hostname" : "www.demo.com", + "protocol" : "HTTP", + "server" : [ { + "address" : "1.1.1.1", + "port" : 80, + "type" : "ipv4", + "weight" : 1, + "front_protocol" : "HTTP", + "back_protocol" : "HTTP", + "vpc_id" : "cf6dbace-b36a-4d51-ae04-52a3319ae247" + } ], + "proxy" : false, + "locked" : 0, + "timestamp" : 1650596007113, + "flag" : { + "pci_3ds" : "false", + "pci_dss" : "false" + }, + "description" : "", + "projectid" : "550500b49078408682d0d4f7d923f3e1", + "domainid" : "d4ecb00b031941ce9171b7bc3386883f", + "protect_status" : 1, + "access_status" : 0, + "extend" : { }, + "block_page" : { + "template" : "default" + } + } + +Status Codes +------------ + +=========== ================================================ +Status Code Description +=========== ================================================ +200 Request succeeded. +400 Request failed. +401 The token does not have the required permission. +500 Internal server error. +=========== ================================================ + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/deleting_a_domain_name_from_a_dedicated_waf_instance.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/deleting_a_domain_name_from_a_dedicated_waf_instance.rst new file mode 100644 index 0000000..badd2f4 --- /dev/null +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/deleting_a_domain_name_from_a_dedicated_waf_instance.rst @@ -0,0 +1,188 @@ +:original_name: DeletePremiumHost.html + +.. _DeletePremiumHost: + +Deleting a Domain Name from a Dedicated WAF Instance +==================================================== + +Function +-------- + +This API is used to delete a domain name from a dedicated WAF instance. + +URI +--- + +DELETE /v1/{project_id}/premium-waf/host/{host_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+-------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=============================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+-------------------------------------------------------------+ + | host_id | Yes | String | ID of the domain name protected by the dedicated WAF engine | + +------------+-----------+--------+-------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+----------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================+ + | keepPolicy | No | Boolean | Whether to retain the rule | + | | | | | + | | | | Default: **false** | + +-----------------+-----------------+-----------------+----------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================================================+================================================================================================================================================+ + | id | String | Domain name ID | + +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | Integer | WAF status of the protected domain name. The value can be: | + | | | | + | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | + | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | + | | | | + | | | - 1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Domain name access status. The value can be 0 or 1. | + | | | | + | | | - 0: The domain name has not been added to WAF, and no traffic is routed to the WAF engine. | + | | | | + | | | - 1: The domain name has been added to WAF, and traffic destined for the domain name has been routed to the WAF engine and the origin server. | + +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configurations. | + +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostid | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | + +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostId | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | + +-----------------------+-------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deletepremiumhost__response_flag: + +.. table:: **Table 5** Flag + + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================+ + | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | + | | | | + | | | - true: PCI 3DS check is enabled. | + | | | | + | | | - false: PCI 3DS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | + | | | | + | | | - true: PCI DDS check is enabled. | + | | | | + | | | - false: PCI DDS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/premium-waf/host/{host_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "ee896796e1a84f3f85865ae0853d8974", + "hostname" : "www.demo.com", + "flag" : { + "pci_3ds" : "false", + "pci_dss" : "false" + }, + "description" : "", + "policyid" : "df15d0eb84194950a8fdc615b6c012dc", + "protect_status" : 1, + "access_status" : 0, + "hostid" : "ee896796e1a84f3f85865ae0853d8974" + } + +Status Codes +------------ + +=========== ================================================ +Status Code Description +=========== ================================================ +200 Request succeeded. +400 Invalid request +401 The token does not have the required permission. +500 Internal server error. +=========== ================================================ + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/index.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/index.rst new file mode 100644 index 0000000..0d026b5 --- /dev/null +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/index.rst @@ -0,0 +1,22 @@ +:original_name: topic_300000001.html + +.. _topic_300000001: + +Managing Websites Protected in Dedicated Mode +============================================= + +- :ref:`Adding a Protected Domain Name ` +- :ref:`Querying Domain Names Protected by Dedicated WAF Engines ` +- :ref:`Querying Domain Name Settings in Dedicated Mode ` +- :ref:`Modifying a Domain Name Protected by a Dedicated WAF Instance ` +- :ref:`Deleting a Domain Name from a Dedicated WAF Instance ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + adding_a_protected_domain_name + querying_domain_names_protected_by_dedicated_waf_engines + querying_domain_name_settings_in_dedicated_mode + modifying_a_domain_name_protected_by_a_dedicated_waf_instance + deleting_a_domain_name_from_a_dedicated_waf_instance diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_a_domain_name_protected_by_a_dedicated_waf_instance.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_a_domain_name_protected_by_a_dedicated_waf_instance.rst new file mode 100644 index 0000000..7f5a732 --- /dev/null +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/modifying_a_domain_name_protected_by_a_dedicated_waf_instance.rst @@ -0,0 +1,368 @@ +:original_name: UpdatePremiumHost.html + +.. _UpdatePremiumHost: + +Modifying a Domain Name Protected by a Dedicated WAF Instance +============================================================= + +Function +-------- + +This API is used to modify a domain name protected by a dedicated WAF instance. + +URI +--- + +PUT /v1/{project_id}/premium-waf/host/{host_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+---------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+---------------------------------------------------------------------------------+ + | host_id | Yes | String | This API is used to modify a domain name protected by a dedicated WAF instance. | + +------------+-----------+--------+---------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+================================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================+ + | proxy | No | Boolean | Whether a proxy is used for the domain name. If your website has no layer-7 proxy server such as CDN and cloud acceleration service deployed in front of WAF and uses only layer-4 load balancers (or NAT), set Proxy Configured to No. Otherwise, Proxy Configured must be set to Yes. This ensures that WAF obtains real IP addresses of website visitors and takes protective actions configured in protection policies. | + +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificateid | No | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. | + +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificatename | No | String | HTTPS certificate name. It can be obtained by calling the ListCertificates API. Certifacteid and certificatename are required at the same. If certificateid does not match certificatename, an error is reported. | + +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tls | No | String | Minimum TLS version supported. | + | | | | | + | | | | - TLS v1.0 is used by default. | + | | | | | + | | | | - The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3 | + +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cipher | No | String | Cipher suite. The value can be: | + | | | | | + | | | | - cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH | + | | | | | + | | | | - cipher_2: EECDH+AESGCM:EDH+AESGCM | + | | | | | + | | | | - cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH | + | | | | | + | | | | - cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH n - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM | + +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | No | Integer | WAF status of the protected domain name. | + | | | | | + | | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | | + | | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. -1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_page | No | :ref:`BlockPage ` object | Alarm configuration page | + +-----------------+-----------------+----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__request_blockpage: + +.. table:: **Table 4** BlockPage + + +--------------+-----------+------------------------------------------------------------------+-------------------+ + | Parameter | Mandatory | Type | Description | + +==============+===========+==================================================================+===================+ + | template | Yes | String | Template name | + +--------------+-----------+------------------------------------------------------------------+-------------------+ + | custom_page | No | :ref:`CustomPage ` object | Custom alarm page | + +--------------+-----------+------------------------------------------------------------------+-------------------+ + | redirect_url | No | String | Redirection URL | + +--------------+-----------+------------------------------------------------------------------+-------------------+ + +.. _updatepremiumhost__request_custompage: + +.. table:: **Table 5** CustomPage + + ============ ========= ====== ========================== + Parameter Mandatory Type Description + ============ ========= ====== ========================== + status_code Yes String Status Codes + content_type Yes String Content type of alarm page + content Yes String Page content + ============ ========= ====== ========================== + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 6** Response body parameters + + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=========================================================================================+================================================================================================================================================================================================================================================================+ + | id | String | Domain name ID | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | ID of the policy initially used to the domain name. It can be obtained by calling the API described in 2.1.1 Querying Protection Policies. | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name added to cloud WAF. | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domainid | String | User domain ID | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | project_id | String | Project ID | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | protocol | String | HTTP protocol | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tls | String | Minimum TLS version supported. | + | | | | + | | | - TLS v1.0 is used by default. | + | | | | + | | | - The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3 | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cipher | String | Cipher suite. The value can be: | + | | | | + | | | - cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH | + | | | | + | | | - cipher_2: EECDH+AESGCM:EDH+AESGCM | + | | | | + | | | - cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH | + | | | | + | | | - cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH n - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server | Array of :ref:`PremiumWafServer ` objects | Origin server details | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificateid | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. n - This parameter is not required when the client protocol is HTTP. n - This parameter is mandatory when the client protocol is HTTPS. | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificatename | String | Certificate name. n - This parameter is not required when the client protocol is HTTP. n - This parameter is mandatory when the client protocol is HTTPS. | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | proxy | Boolean | Whether the proxy is enabled | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | locked | Integer | Lock status. This parameter is redundant and can be ignored. Default value: 0 | + | | | | + | | | Default: **0** | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | Integer | WAF status of the protected domain name. The value can be: | + | | | | + | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | + | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | + | | | | + | | | - 1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Whether a domain name is connected to WAF. | + | | | | + | | | - **0**: The domain name is not connected to the engine instance. | + | | | | + | | | - **1**: The domain name is connected to the engine instance. | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time a domain name is added to WAF | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configurations | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_page | :ref:`BlockPage ` object | Alarm configuration page | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | Map | Extended attribute | + +-----------------------+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__response_premiumwafserver: + +.. table:: **Table 7** PremiumWafServer + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+============================================================================================================================================================================================================+ + | front_protocol | String | Client protocol | + | | | | + | | | Enumeration values: | + | | | | + | | | - **HTTP** | + | | | | + | | | - **HTTPS** | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | back_protocol | String | Server protocol | + | | | | + | | | Enumeration values: | + | | | | + | | | - **HTTP** | + | | | | + | | | - **HTTPS** | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | address | String | IP address or domain name of the origin server that the client accesses. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | port | Integer | Server port | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | type | String | The origin server address is an IPv4 or IPv6 address. Default value: ipv4 | + | | | | + | | | Enumeration values: | + | | | | + | | | - **ipv4** | + | | | | + | | | - **ipv6** | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | VPC ID. Perform the following steps to obtain the VPC ID: | + | | | | + | | | - 1.Find the name of the VPC where the dedicated engine is located. The VPC name is in the VPC\\Subnet column. Log in to the WAF console and choose Instance Management > Dedicated Engine > VPC\\Subnet. | + | | | | + | | | - Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__response_flag: + +.. table:: **Table 8** Flag + + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================+ + | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | + | | | | + | | | - true: PCI 3DS check is enabled. | + | | | | + | | | - false: PCI 3DS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | + | | | | + | | | - true: PCI DDS check is enabled. | + | | | | + | | | - false: PCI DDS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepremiumhost__response_blockpage: + +.. table:: **Table 9** BlockPage + + +--------------+-------------------------------------------------------------------+-------------------+ + | Parameter | Type | Description | + +==============+===================================================================+===================+ + | template | String | Template name | + +--------------+-------------------------------------------------------------------+-------------------+ + | custom_page | :ref:`CustomPage ` object | Custom alarm page | + +--------------+-------------------------------------------------------------------+-------------------+ + | redirect_url | String | Redirection URL | + +--------------+-------------------------------------------------------------------+-------------------+ + +.. _updatepremiumhost__response_custompage: + +.. table:: **Table 10** CustomPage + + ============ ====== ========================== + Parameter Type Description + ============ ====== ========================== + status_code String Status Codes + content_type String Content type of alarm page + content String Page content + ============ ====== ========================== + +**Status code: 400** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 12** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 13** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/premium-waf/host/{host_id}? + + { + "proxy" : true + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "ee896796e1a84f3f85865ae0853d8974", + "hostname" : "www.demo.com", + "protocol" : "HTTPS", + "server" : [ { + "address" : "1.2.3.4", + "port" : 443, + "type" : "ipv4", + "weight" : 1, + "front_protocol" : "HTTPS", + "back_protocol" : "HTTPS", + "vpc_id" : "ebfc553a-386d-4746-b0c2-18ff3f0e903d" + } ], + "proxy" : true, + "locked" : 0, + "timestamp" : 1650593801380, + "flag" : { + "pci_3ds" : "false", + "pci_dss" : "false" + }, + "extend" : { }, + "block_page" : { + "template" : "default" + }, + "description" : "", + "policyid" : "df15d0eb84194950a8fdc615b6c012dc", + "domainid" : "0ee78615ca08419f81f539d97c9ee353", + "projectid" : "550500b49078408682d0d4f7d923f3e1", + "protect_status" : 1, + "access_status" : 0, + "certificateid" : "360f992501a64de0a65c50a64d1ca7b3", + "certificatename" : "certificatename75315" + } + +Status Codes +------------ + +=========== ================================================ +Status Code Description +=========== ================================================ +200 Request succeeded. +400 Invalid request +401 The token does not have the required permission. +500 Internal server error. +=========== ================================================ + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_name_settings_in_dedicated_mode.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_name_settings_in_dedicated_mode.rst new file mode 100644 index 0000000..a3eda6c --- /dev/null +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_name_settings_in_dedicated_mode.rst @@ -0,0 +1,302 @@ +:original_name: ShowPremiumHost.html + +.. _ShowPremiumHost: + +Querying Domain Name Settings in Dedicated Mode +=============================================== + +Function +-------- + +This API is used to query domain name settings in dedicated mode. + +URI +--- + +GET /v1/{project_id}/premium-waf/host/{host_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+-------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+=============================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+-------------------------------------------------------------+ + | host_id | Yes | String | ID of the domain name protected by the dedicated WAF engine | + +------------+-----------+--------+-------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================================================================================+================================================================================================================================================================================================================================================================+ + | id | String | Domain name ID | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | ID of the policy initially used to the domain name. It can be obtained by calling the API described in 2.1.1 Querying Protection Policies. | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name added to cloud WAF. | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domainid | String | User domain ID | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | project_id | String | Project ID | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | protocol | String | HTTP protocol | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tls | String | Minimum TLS version supported. | + | | | | + | | | - TLS v1.0 is used by default. | + | | | | + | | | - The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3 | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cipher | String | Cipher suite. The value can be: | + | | | | + | | | - cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH | + | | | | + | | | - cipher_2: EECDH+AESGCM:EDH+AESGCM | + | | | | + | | | - cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH | + | | | | + | | | - cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH n - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | server | Array of :ref:`PremiumWafServer ` objects | Origin server details | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificateid | String | HTTPS certificate ID. It can be obtained by calling the ListCertificates API. n - This parameter is not required when the client protocol is HTTP. n - This parameter is mandatory when the client protocol is HTTPS. | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | certificatename | String | Certificate name. n - This parameter is not required when the client protocol is HTTP. n - This parameter is mandatory when the client protocol is HTTPS. | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | proxy | Boolean | Whether the proxy is enabled | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | locked | Integer | Lock status. This parameter is redundant and can be ignored. Default value: 0 | + | | | | + | | | Default: **0** | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | Integer | WAF status of the protected domain name. The value can be: | + | | | | + | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | + | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | + | | | | + | | | - 1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Whether a domain name is connected to WAF. | + | | | | + | | | - **0**: The domain name is not connected to the engine instance. | + | | | | + | | | - **1**: The domain name is connected to the engine instance. | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time a domain name is added to WAF | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configurations | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | block_page | :ref:`BlockPage ` object | Alarm configuration page | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | Map | Extended attribute | + +-----------------------+---------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showpremiumhost__response_premiumwafserver: + +.. table:: **Table 4** PremiumWafServer + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+============================================================================================================================================================================================================+ + | front_protocol | String | Client protocol | + | | | | + | | | Enumeration values: | + | | | | + | | | - **HTTP** | + | | | | + | | | - **HTTPS** | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | back_protocol | String | Server protocol | + | | | | + | | | Enumeration values: | + | | | | + | | | - **HTTP** | + | | | | + | | | - **HTTPS** | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | address | String | IP address or domain name of the origin server that the client accesses. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | port | Integer | Server port | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | type | String | The origin server address is an IPv4 or IPv6 address. Default value: ipv4 | + | | | | + | | | Enumeration values: | + | | | | + | | | - **ipv4** | + | | | | + | | | - **ipv6** | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | vpc_id | String | VPC ID. Perform the following steps to obtain the VPC ID: | + | | | | + | | | - 1.Find the name of the VPC where the dedicated engine is located. The VPC name is in the VPC\\Subnet column. Log in to the WAF console and choose Instance Management > Dedicated Engine > VPC\\Subnet. | + | | | | + | | | - Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showpremiumhost__response_flag: + +.. table:: **Table 5** Flag + + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================+ + | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | + | | | | + | | | - true: PCI 3DS check is enabled. | + | | | | + | | | - false: PCI 3DS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | + | | | | + | | | - true: PCI DDS check is enabled. | + | | | | + | | | - false: PCI DDS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showpremiumhost__response_blockpage: + +.. table:: **Table 6** BlockPage + + +--------------+-----------------------------------------------------------------+-------------------+ + | Parameter | Type | Description | + +==============+=================================================================+===================+ + | template | String | Template name | + +--------------+-----------------------------------------------------------------+-------------------+ + | custom_page | :ref:`CustomPage ` object | Custom alarm page | + +--------------+-----------------------------------------------------------------+-------------------+ + | redirect_url | String | Redirection URL | + +--------------+-----------------------------------------------------------------+-------------------+ + +.. _showpremiumhost__response_custompage: + +.. table:: **Table 7** CustomPage + + ============ ====== ========================== + Parameter Type Description + ============ ====== ========================== + status_code String Status Codes + content_type String Content type of alarm page + content String Page content + ============ ====== ========================== + +**Status code: 400** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/premium-waf/host/{host_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "ee896796e1a84f3f85865ae0853d8974", + "hostname" : "www.demo.com", + "protocol" : "HTTPS", + "server" : [ { + "address" : "1.2.3.4", + "port" : 443, + "type" : "ipv4", + "weight" : 1, + "front_protocol" : "HTTPS", + "back_protocol" : "HTTPS", + "vpc_id" : "ebfc553a-386d-4746-b0c2-18ff3f0e903d" + } ], + "proxy" : false, + "locked" : 0, + "timestamp" : 1650593801380, + "flag" : { + "pci_3ds" : "false", + "pci_dss" : "false" + }, + "extend" : { }, + "block_page" : { + "template" : "default" + }, + "description" : "", + "policyid" : "df15d0eb84194950a8fdc615b6c012dc", + "domainid" : "0ee78615ca08419f81f539d97c9ee353", + "projectid" : "550500b49078408682d0d4f7d923f3e1", + "protect_status" : 1, + "access_status" : 0, + "certificateid" : "360f992501a64de0a65c50a64d1ca7b3", + "certificatename" : "certificatename75315" + } + +Status Codes +------------ + +=========== ================================================ +Status Code Description +=========== ================================================ +200 Request succeeded. +400 Invalid request +401 The token does not have the required permission. +500 Internal server error. +=========== ================================================ + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_names_protected_by_dedicated_waf_engines.rst b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_names_protected_by_dedicated_waf_engines.rst new file mode 100644 index 0000000..38984b1 --- /dev/null +++ b/api-ref/source/apis/managing_websites_protected_in_dedicated_mode/querying_domain_names_protected_by_dedicated_waf_engines.rst @@ -0,0 +1,220 @@ +:original_name: ListPremiumHost.html + +.. _ListPremiumHost: + +Querying Domain Names Protected by Dedicated WAF Engines +======================================================== + +Function +-------- + +Querying Domain Names Protected by Dedicated WAF Engines + +URI +--- + +GET /v1/{project_id}/premium-waf/host + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=================================================================================================+ + | page | No | String | Page. Default value: 1 | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------+ + | pagesize | No | String | Number of records on each page. The maximum value is 100. Default value: 10 | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------+ + | hostname | No | String | Domain name | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------+ + | policyname | No | String | Policy Name | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------+ + | protect_status | No | Integer | WAF status of the protected domain name. The value can be: | + | | | | | + | | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | | + | | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | + | | | | | + | | | | - 1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+-----------------------------------------------------------------------------------------------+-----------------------------------------+ + | Parameter | Type | Description | + +===========+===============================================================================================+=========================================+ + | total | Integer | Total number of protected domain names | + +-----------+-----------------------------------------------------------------------------------------------+-----------------------------------------+ + | items | Array of :ref:`SimplePremiumWafHost ` objects | Details about the protected domain name | + +-----------+-----------------------------------------------------------------------------------------------+-----------------------------------------+ + +.. _listpremiumhost__response_simplepremiumwafhost: + +.. table:: **Table 5** SimplePremiumWafHost + + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=====================================================+================================================================================================================================================+ + | id | String | Domain name ID | + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | protect_status | Integer | WAF status of the protected domain name. The value can be: | + | | | | + | | | - -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. | + | | | | + | | | - 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. | + | | | | + | | | - 1: Enabled. WAF detects attacks based on the configured policy. | + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | access_status | Integer | Domain name access status. The value can be 0 or 1. | + | | | | + | | | - 0: The domain name has not been added to WAF, and no traffic is routed to the WAF engine. | + | | | | + | | | - 1: The domain name has been added to WAF, and traffic destined for the domain name has been routed to the WAF engine and the origin server. | + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | flag | :ref:`Flag ` object | Special domain name identifier, which is used to store additional domain name configurations. | + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostid | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | hostId | String | Domain name ID. This parameter has the same meaning as parameter id and will be deleted. | + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + | waf_type | String | WAF mode. The value is premium, indicating the dedicated WAF engine. | + +-----------------------+-----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listpremiumhost__response_flag: + +.. table:: **Table 6** Flag + + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================================+ + | pci_3ds | String | Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter. | + | | | | + | | | - true: PCI 3DS check is enabled. | + | | | | + | | | - false: PCI 3DS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pci_dss | String | Whether PCI DDS certification check is enabled for the domain name. | + | | | | + | | | - true: PCI DDS check is enabled. | + | | | | + | | | - false: PCI DDS check is disenabled. | + +-----------------------+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/premium-waf/host? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "ee896796e1a84f3f85865ae0853d8974", + "hostname" : "www.demo.com", + "flag" : { + "pci_3ds" : "false", + "pci_dss" : "false" + }, + "policyid" : "df15d0eb84194950a8fdc615b6c012dc", + "protect_status" : 1, + "access_status" : 0, + "hostid" : "ee896796e1a84f3f85865ae0853d8974", + "hostId" : "262d200fea74406cb0c1a52327122a2c", + "waf_type" : "premium" + } ] + } + +Status Codes +------------ + +=========== ================================================ +Status Code Description +=========== ================================================ +200 Request succeeded. +400 Invalid request +401 The token does not have the required permission. +500 Internal server error. +=========== ================================================ + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/policy_management/creating_a_policy.rst b/api-ref/source/apis/policy_management/creating_a_policy.rst new file mode 100644 index 0000000..64a2a71 --- /dev/null +++ b/api-ref/source/apis/policy_management/creating_a_policy.rst @@ -0,0 +1,356 @@ +:original_name: CreatePolicy.html + +.. _CreatePolicy: + +Creating a Policy +================= + +Function +-------- + +This API is used to create a policy + +URI +--- + +POST /v1/{project_id}/waf/policy + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------+-----------+--------+---------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+========+=====================================================================================================================+ + | name | Yes | String | Policy name. The policy name can contain only digits, letters, and underscores (_) and cannot exceed 64 characters. | + +-----------+-----------+--------+---------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+====================================================================+===================================================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID. This is the unique identifier generated by WAF. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Policy name. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: | + | | | | + | | | - **1**: Low | + | | | | + | | | - **2**: Medium | + | | | | + | | | - **3**: High | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | host | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | Map | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+--------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createpolicy__response_policyaction: + +.. table:: **Table 5** PolicyAction + + +-----------------------+-----------------------+-----------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================+ + | category | String | Protection level. The value can be: | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - log: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+-----------------------------------------+ + +.. _createpolicy__response_policyoption: + +.. table:: **Table 6** PolicyOption + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createpolicy__response_bindhost: + +.. table:: **Table 7** BindHost + + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+====================================================================================================================+ + | id | String | Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | waf_type | String | WAF mode of the domain name. The value is premium. | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 403** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy? + + { + "name" : "demo" + } + +Example Responses +----------------- + +**Status code: 200** + +ok + +.. code-block:: + + { + "id" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "name" : "demo", + "level" : 2, + "action" : { + "category" : "log" + }, + "options" : { + "webattack" : true, + "common" : true, + "crawler" : true, + "crawler_engine" : false, + "crawler_scanner" : true, + "crawler_script" : false, + "crawler_other" : false, + "webshell" : false, + "cc" : true, + "custom" : true, + "precise" : false, + "whiteblackip" : true, + "geoip" : true, + "ignore" : true, + "privacy" : true, + "antitamper" : true, + "anticrawler" : false, + "antileakage" : false, + "followed_action" : false, + "bot_enable" : true + }, + "hosts" : [ ], + "extend" : { }, + "timestamp" : 1650529538732, + "full_detection" : false, + "bind_host" : [ ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 ok +400 Request failed. +401 The token does not have required permissions. +403 Insufficient resource quota. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/policy_management/deleting_a_policy.rst b/api-ref/source/apis/policy_management/deleting_a_policy.rst new file mode 100644 index 0000000..18c0edb --- /dev/null +++ b/api-ref/source/apis/policy_management/deleting_a_policy.rst @@ -0,0 +1,333 @@ +:original_name: DeletePolicy.html + +.. _DeletePolicy: + +Deleting a Policy +================= + +Function +-------- + +This API is used to delete a policy. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+====================================================================+===============================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Array of details of policies | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level | + | | | | + | | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. | + | | | | + | | | - **2**: WAF detects remote file inclusion, third-party software vulnerabilities, web shell, and cp and ftp commands. This is the default value. | + | | | | + | | | - **3**: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill. | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - **true**: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - **false**: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Basic information about the protected domain. | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Integer | Time a policy is created | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | Map | Extended field | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deletepolicy__response_policyaction: + +.. table:: **Table 4** PolicyAction + + +-----------------------+-----------------------+-----------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================+ + | category | String | Protection level. The value can be: | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - log: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+-----------------------------------------+ + +.. _deletepolicy__response_policyoption: + +.. table:: **Table 5** PolicyOption + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deletepolicy__response_bindhost: + +.. table:: **Table 6** BindHost + + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+====================================================================================================================+ + | id | String | Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | waf_type | String | WAF mode of the domain name. The value is premium. | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "62169e2fc4e64148b775ec01b24a1947", + "name" : "demo", + "level" : 2, + "action" : { + "category" : "log", + "modulex_category" : "log" + }, + "options" : { + "webattack" : true, + "common" : true, + "crawler" : true, + "crawler_engine" : false, + "crawler_scanner" : true, + "crawler_script" : false, + "crawler_other" : false, + "webshell" : false, + "cc" : true, + "custom" : true, + "precise" : false, + "whiteblackip" : true, + "geoip" : true, + "ignore" : true, + "privacy" : true, + "antitamper" : true, + "anticrawler" : false, + "antileakage" : false, + "followed_action" : false, + "bot_enable" : true + }, + "hosts" : [ ], + "extend" : { }, + "timestamp" : 1649316510603, + "full_detection" : false, + "bind_host" : [ ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/policy_management/index.rst b/api-ref/source/apis/policy_management/index.rst new file mode 100644 index 0000000..6898e25 --- /dev/null +++ b/api-ref/source/apis/policy_management/index.rst @@ -0,0 +1,22 @@ +:original_name: topic_300000002.html + +.. _topic_300000002: + +Policy Management +================= + +- :ref:`Querying Protection Policies ` +- :ref:`Creating a Policy ` +- :ref:`Querying a Policy by ID ` +- :ref:`Updating a Policy ` +- :ref:`Deleting a Policy ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + querying_protection_policies + creating_a_policy + querying_a_policy_by_id + updating_a_policy + deleting_a_policy diff --git a/api-ref/source/apis/policy_management/querying_a_policy_by_id.rst b/api-ref/source/apis/policy_management/querying_a_policy_by_id.rst new file mode 100644 index 0000000..6c9601a --- /dev/null +++ b/api-ref/source/apis/policy_management/querying_a_policy_by_id.rst @@ -0,0 +1,334 @@ +:original_name: ShowPolicy.html + +.. _ShowPolicy: + +Querying a Policy by ID +======================= + +Function +-------- + +This API is used to query a policy by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==================================================================+===================================================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID. This is the unique identifier generated by WAF. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Policy name. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: | + | | | | + | | | - **1**: Low | + | | | | + | | | - **2**: Medium | + | | | | + | | | - **3**: High | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | host | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | Map | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showpolicy__response_policyaction: + +.. table:: **Table 4** PolicyAction + + +-----------------------+-----------------------+-----------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================+ + | category | String | Protection level. The value can be: | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - log: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+-----------------------------------------+ + +.. _showpolicy__response_policyoption: + +.. table:: **Table 5** PolicyOption + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showpolicy__response_bindhost: + +.. table:: **Table 6** BindHost + + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+====================================================================================================================+ + | id | String | Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | waf_type | String | WAF mode of the domain name. The value is premium. | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "name" : "demo", + "level" : 2, + "action" : { + "category" : "log" + }, + "options" : { + "webattack" : true, + "common" : true, + "crawler" : true, + "crawler_engine" : false, + "crawler_scanner" : true, + "crawler_script" : false, + "crawler_other" : false, + "webshell" : false, + "cc" : true, + "custom" : true, + "precise" : false, + "whiteblackip" : true, + "geoip" : true, + "ignore" : true, + "privacy" : true, + "antitamper" : true, + "anticrawler" : false, + "antileakage" : false, + "followed_action" : false, + "bot_enable" : true + }, + "hosts" : [ ], + "extend" : { }, + "timestamp" : 1650529538732, + "full_detection" : false, + "bind_host" : [ ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/policy_management/querying_protection_policies.rst b/api-ref/source/apis/policy_management/querying_protection_policies.rst new file mode 100644 index 0000000..e2c2761 --- /dev/null +++ b/api-ref/source/apis/policy_management/querying_protection_policies.rst @@ -0,0 +1,362 @@ +:original_name: ListPolicy.html + +.. _ListPolicy: + +Querying Protection Policies +============================ + +Function +-------- + +This API is used to query the list of protection policies. + +URI +--- + +GET /v1/{project_id}/waf/policy + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=======================================================================================================================================================================================+ + | page | No | Integer | Page. Default value: 1 | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. If this parameter is not specified, the default value -1 is used. All policies are queried regardless of the value of Page. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | No | String | Policy name. Fuzzy search is supported. | + +-----------------+-----------------+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+--------------------------------------------------------------------------------------+----------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+======================================================================================+==================================================================================+ + | total | Integer | Total number of policies | + +-----------+--------------------------------------------------------------------------------------+----------------------------------------------------------------------------------+ + | items | Array of :ref:`ListPolicyResponse ` objects | Array of policies. Each item in the array includes details of a specific policy. | + +-----------+--------------------------------------------------------------------------------------+----------------------------------------------------------------------------------+ + +.. _listpolicy__response_listpolicyresponse: + +.. table:: **Table 5** ListPolicyResponse + + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==================================================================+===================================================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID. This is the unique identifier generated by WAF. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Policy name. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: | + | | | | + | | | - **1**: Low | + | | | | + | | | - **2**: Medium | + | | | | + | | | - **3**: High | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | host | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | Map | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listpolicy__response_policyaction: + +.. table:: **Table 6** PolicyAction + + +-----------------------+-----------------------+-----------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================+ + | category | String | Protection level. The value can be: | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - log: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+-----------------------------------------+ + +.. _listpolicy__response_policyoption: + +.. table:: **Table 7** PolicyOption + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listpolicy__response_bindhost: + +.. table:: **Table 8** BindHost + + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+====================================================================================================================+ + | id | String | Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | waf_type | String | WAF mode of the domain name. The value is premium. | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "41cba8aee2e94bcdbf57460874205494", + "name" : "policy_2FHwFOKz", + "level" : 2, + "action" : { + "category" : "log", + "modulex_category" : "log" + }, + "options" : { + "webattack" : true, + "common" : true, + "crawler" : true, + "crawler_engine" : false, + "crawler_scanner" : true, + "crawler_script" : false, + "crawler_other" : false, + "webshell" : false, + "cc" : true, + "custom" : true, + "precise" : false, + "whiteblackip" : true, + "geoip" : true, + "ignore" : true, + "privacy" : true, + "antitamper" : true, + "anticrawler" : false, + "antileakage" : false, + "followed_action" : false, + "bot_enable" : true + }, + "hosts" : [ ], + "extend" : { }, + "timestamp" : 1650527546218, + "full_detection" : false, + "bind_host" : [ ] + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/policy_management/updating_a_policy.rst b/api-ref/source/apis/policy_management/updating_a_policy.rst new file mode 100644 index 0000000..5321c0e --- /dev/null +++ b/api-ref/source/apis/policy_management/updating_a_policy.rst @@ -0,0 +1,511 @@ +:original_name: UpdatePolicy.html + +.. _UpdatePolicy: + +Updating a Policy +================= + +Function +-------- + +This API is used to update a policy. The request body can contain only the part to be updated. + +URI +--- + +PATCH /v1/{project_id}/waf/policy/{policy_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================================================================+===============================================================================================================================================================================================================================================================================================+ + | name | No | String | Array of details of policies | + +-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | No | :ref:`PolicyAction ` object | PolicyAction | + +-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | No | :ref:`PolicyOption ` object | PolicyOption | + +-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | No | Integer | Protection level | + | | | | | + | | | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. | + | | | | | + | | | | - **2**: WAF detects remote file inclusion, third-party software vulnerabilities, web shell, and cp and ftp commands. This is the default value. | + | | | | | + | | | | - **3**: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill. | + +-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | No | Boolean | Detection mode in the precise protection rule | + | | | | | + | | | | - **true**: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | | + | | | | - **false**: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepolicy__request_policyaction: + +.. table:: **Table 4** PolicyAction + + +-----------------+-----------------+-----------------+-----------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=========================================+ + | category | No | String | Protection level. The value can be: | + | | | | | + | | | | - block: WAF blocks attacks. | + | | | | | + | | | | - log: WAF only logs detected attacks. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **block** | + | | | | | + | | | | - **log** | + +-----------------+-----------------+-----------------+-----------------------------------------+ + +.. _updatepolicy__request_policyoption: + +.. table:: **Table 5** PolicyOption + + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+====================================================================================================================================================================================================================================================================================+ + | webattack | No | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | No | Boolean | Whether general check is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | No | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | No | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | No | Boolean | Whether the search engine is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | No | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | No | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | No | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | No | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | No | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | No | Boolean | Whether precise protection is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | No | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | No | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | No | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | No | Boolean | Whether data masking is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | No | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | No | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | | + | | | | - true: enabled | + | | | | | + | | | | - false: disabled | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | No | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | No | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | No | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 6** Response body parameters + + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+====================================================================+===============================================================================================================================================================================================================================================================================================+ + | id | String | Policy ID | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | name | String | Array of details of policies | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`PolicyAction ` object | PolicyAction | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | options | :ref:`PolicyOption ` object | PolicyOption | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | level | Integer | Protection level | + | | | | + | | | - **1**: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to **1**. | + | | | | + | | | - **2**: WAF detects remote file inclusion, third-party software vulnerabilities, web shell, and cp and ftp commands. This is the default value. | + | | | | + | | | - **3**: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill. | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | full_detection | Boolean | Detection mode in the precise protection rule | + | | | | + | | | - **true**: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. | + | | | | + | | | - **false**: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule. | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bind_host | Array of :ref:`BindHost ` objects | Basic information about the protected domain. | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Integer | Time a policy is created | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | extend | Map | Extended field | + +-----------------------+--------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepolicy__response_policyaction: + +.. table:: **Table 7** PolicyAction + + +-----------------------+-----------------------+-----------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================+ + | category | String | Protection level. The value can be: | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - log: WAF only logs detected attacks. | + | | | | + | | | Enumeration values: | + | | | | + | | | - **block** | + | | | | + | | | - **log** | + +-----------------------+-----------------------+-----------------------------------------+ + +.. _updatepolicy__response_policyoption: + +.. table:: **Table 8** PolicyOption + + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================================================================================================================================================================================================================================+ + | webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | common | Boolean | Whether general check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true. | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_engine | Boolean | Whether the search engine is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | crawler_other | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | webshell | Boolean | Whether other crawler check is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | cc | Boolean | Whether the CC attack protection rule is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | custom | Boolean | Whether precise protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | geoip | Boolean | Whether geolocation access control is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | ignore | Boolean | Whether false alarm masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | privacy | Boolean | Whether data masking is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antitamper | Boolean | Whether the web tamper protection is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be: | + | | | | + | | | - true: enabled | + | | | | + | | | - false: disabled | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. | + +-----------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatepolicy__response_bindhost: + +.. table:: **Table 9** BindHost + + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +===========+========+====================================================================================================================+ + | id | String | Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | hostname | String | Domain name | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + | waf_type | String | WAF mode of the domain name. The value is premium. | + +-----------+--------+--------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 12** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: + + PATCH https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}? + + { + "options" : { + "whiteblackip" : true + } + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "name" : "demo", + "level" : 2, + "action" : { + "category" : "log" + }, + "options" : { + "webattack" : true, + "common" : true, + "crawler" : true, + "crawler_engine" : false, + "crawler_scanner" : true, + "crawler_script" : false, + "crawler_other" : false, + "webshell" : false, + "cc" : true, + "custom" : true, + "precise" : false, + "whiteblackip" : true, + "geoip" : true, + "ignore" : true, + "privacy" : true, + "antitamper" : true, + "anticrawler" : false, + "antileakage" : false, + "followed_action" : false, + "bot_enable" : true + }, + "hosts" : [ "c0268b883a854adc8a2cd352193b0e13" ], + "timestamp" : 1650529538732, + "full_detection" : false, + "bind_host" : [ { + "id" : "c0268b883a854adc8a2cd352193b0e13", + "hostname" : "www.demo.com", + "waf_type" : "cloud" + } ], + "share_info" : { + "is_receiver" : false, + "provider_display" : { + "share_count" : 0, + "accept_count" : 0, + "process_status" : 0 + } + } + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/adding_a_reference_table.rst b/api-ref/source/apis/rule_management/adding_a_reference_table.rst new file mode 100644 index 0000000..d53ef55 --- /dev/null +++ b/api-ref/source/apis/rule_management/adding_a_reference_table.rst @@ -0,0 +1,194 @@ +:original_name: CreateValueList.html + +.. _CreateValueList: + +Adding a Reference Table +======================== + +Function +-------- + +This API is used to create a reference table. A reference table can be referenced by CC attack protection rules and precise protection rules. For details about how to use reference tables, see "Adding a Reference Table" under "Rule Configurations" in Web Application Firewall User Guide. + +URI +--- + +POST /v1/{project_id}/waf/valuelist + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+==========================================================================================================================================================+ + | name | Yes | String | Reference table name. The value can contain a maximum of 64 characters. Only digits, letters, hyphens (-), underscores (_), and periods (.) are allowed. | + +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | type | Yes | String | Reference table type. For details, see the enumeration list | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **url** | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **referer** | + | | | | | + | | | | - **user-agent** | + | | | | | + | | | | - **header** | + | | | | | + | | | | - **response_code** | + | | | | | + | | | | - **response_header** | + | | | | | + | | | | - **resopnse_body** | + +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | values | Yes | Array of strings | Value of the reference table | + +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==============================+ + | id | String | ID of a reference table | + +-----------------------+-----------------------+------------------------------+ + | name | String | Reference table name | + +-----------------------+-----------------------+------------------------------+ + | type | String | The value can be: | + | | | | + | | | - url | + | | | | + | | | - params | + | | | | + | | | - ip | + | | | | + | | | - cookie | + | | | | + | | | - referer | + | | | | + | | | - user-agent | + | | | | + | | | - header | + | | | | + | | | - response_code | + | | | | + | | | - response_header | + | | | | + | | | - response_body | + +-----------------------+-----------------------+------------------------------+ + | timestamp | String | Reference table timestamp | + +-----------------------+-----------------------+------------------------------+ + | values | Array of strings | Value of the reference table | + +-----------------------+-----------------------+------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/valuelist? + + { + "name" : "demo", + "type" : "url", + "values" : [ "/demo" ] + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "3978ca9403844a62bbd24bb5b8d16d4e", + "name" : "demo", + "type" : "url", + "values" : [ "/demo" ], + "timestamp" : 1656495488880 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/changing_the_status_of_a_policy_rule.rst b/api-ref/source/apis/rule_management/changing_the_status_of_a_policy_rule.rst new file mode 100644 index 0000000..3956a84 --- /dev/null +++ b/api-ref/source/apis/rule_management/changing_the_status_of_a_policy_rule.rst @@ -0,0 +1,168 @@ +:original_name: UpdatePolicyRuleStatus.html + +.. _UpdatePolicyRuleStatus: + +Changing the Status of a Policy Rule +==================================== + +Function +-------- + +This API is used to change the status of a policy rule. + +URI +--- + +PUT /v1/{project_id}/waf/policy/{policy_id}/{ruletype}/{rule_id}/status + +.. table:: **Table 1** Path Parameters + + +-----------------+-----------------+-----------------+-----------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=================+ + | project_id | Yes | String | Project ID | + +-----------------+-----------------+-----------------+-----------------+ + | policy_id | Yes | String | Policy ID | + +-----------------+-----------------+-----------------+-----------------+ + | ruletype | Yes | String | Rule type | + | | | | | + | | | | - cc -custom | + | | | | | + | | | | - whiteblackip | + | | | | | + | | | | - privacy | + | | | | | + | | | | - ignore | + | | | | | + | | | | - geoip | + | | | | | + | | | | - antitamper | + +-----------------+-----------------+-----------------+-----------------+ + | rule_id | Yes | String | Rule ID | + +-----------------+-----------------+-----------------+-----------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User Token. | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------+--------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+================================+ + | status | No | Integer | Rule status. The value can be: | + | | | | | + | | | | - 0: The rule is disabled. | + | | | | | + | | | | - 1: The rule is enabled. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **0** | + | | | | | + | | | | - **1** | + +-----------------+-----------------+-----------------+--------------------------------+ + +Response Parameters +------------------- + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/{ruletype}/{rule_id}/status? + + { + "status" : 0 + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "action" : { + "category" : "block" + }, + "action_mode" : false, + "conditions" : [ { + "category" : "header", + "index" : "demo", + "logic_operation" : "contain", + "content" : [ "demo" ] + } ], + "description" : "", + "id" : "2a3caa2bc9814c09ad73d02e3485b4a4", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "priority" : 50, + "status" : 0, + "time" : false, + "timestamp" : 1656495488880 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_blacklist_or_whitelist_rule.rst b/api-ref/source/apis/rule_management/creating_a_blacklist_or_whitelist_rule.rst new file mode 100644 index 0000000..0cde26b --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_a_blacklist_or_whitelist_rule.rst @@ -0,0 +1,176 @@ +:original_name: CreateWhiteblackipRule.html + +.. _CreateWhiteblackipRule: + +Creating a Blacklist or Whitelist Rule +====================================== + +Function +-------- + +his API is used to create a blacklist or whitelist rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/whiteblackip + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User Token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Conten type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=====================================================+ + | description | No | String | Rule description. | + +-----------------+-----------------+-----------------+-----------------------------------------------------+ + | addr | Yes | String | lacklisted or whitelisted IP addresses | + +-----------------+-----------------+-----------------+-----------------------------------------------------+ + | white | Yes | Object | Protective action. The value can be: | + | | | | | + | | | | - 0: WAF blocks the requests that hit the rule. | + | | | | | + | | | | - 1: WAF allows the requests that hit the rule. | + | | | | | + | | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------+-----------------+-----------------+-----------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+-----------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | timestamp | Long | Rule creation time | + +-----------------------+-----------------------+-----------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | addr | String | lacklisted or whitelisted IP addresses | + +-----------------------+-----------------------+-----------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+-----------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/whiteblackip? + + { + "white" : 0, + "description" : "demo", + "addr" : "x.x.x.x" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "5d43af25404341058d5ab17b7ba78b56", + "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "timestamp" : 1650531872900, + "description" : "demo", + "status" : 1, + "addr" : "x.x.x.x", + "white" : 0, + "size" : 1 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_cc_attack_protection_rule.rst b/api-ref/source/apis/rule_management/creating_a_cc_attack_protection_rule.rst new file mode 100644 index 0000000..661f0cc --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_a_cc_attack_protection_rule.rst @@ -0,0 +1,356 @@ +:original_name: CreateCcRule.html + +.. _CreateCcRule: + +Creating a CC Attack Protection Rule +==================================== + +Function +-------- + +This API is used to create a CC attack protection rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/cc + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=====================================================+==============================================================================================================================================================================================================+ + | description | No | String | Rule description | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | No | Integer | Frequency limits | + | | | | | + | | | | Minimum: **0** | + | | | | | + | | | | Maximum: **10000** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | No | Integer | Frequency limit unit | + | | | | | + | | | | Minimum: **0** | + | | | | | + | | | | Maximum: **10000** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | No | String | url | + | | | | | + | | | | Minimum: **0** | + | | | | | + | | | | Maximum: **10000** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | No | Integer | Work mode. The value can be 0 (standard) or 1 (advanced). The parameters of the advanced mode cannot be described in the same document of the same API. For details, see this parameter on the console page. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **0** | + | | | | | + | | | | - **1** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | No | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | No | String | Protection mode. | + | | | | | + | | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | | + | | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | | + | | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **other** | + | | | | | + | | | | - **cookie** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createccrule__request_action: + +.. table:: **Table 4** action + + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================================================================================================================+ + | category | No | String | Action type: | + | | | | | + | | | | - **block**: WAF blocks discovered attacks. | + | | | | | + | | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | | + | | | | - If **tag_type** is set to other, the value can only be block. | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | No | String | Action details. If detail is null, the default block page is displayed by default. | + | | | | | + | | | | - This parameter cannot be included when **category** is set to **captcha**. | + | | | | | + | | | | - This parameter is required when **category** is set to **block**. | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 5** detail + + +-----------+-----------+---------------------------------------------------------+----------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+=========================================================+================+ + | response | No | :ref:`response ` object | Returned page. | + +-----------+-----------+---------------------------------------------------------+----------------+ + +.. _createccrule__request_response: + +.. table:: **Table 6** response + + +--------------+-----------+--------+-------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +==============+===========+========+===============================================================================+ + | content_type | No | String | Content type. The value can only be application/json, text/html, or text/xml. | + +--------------+-----------+--------+-------------------------------------------------------------------------------+ + | content | No | String | Protection page content. | + +--------------+-----------+--------+-------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 7** Response body parameters + + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+========================================================================+========================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard. | + | | | | + | | | - **1**: Advanced | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | String | Rate limiting period | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Protection mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - other: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp the rule is created. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createccrule__response_action: + +.. table:: **Table 8** action + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - **block**: WAF blocks discovered attacks. | + | | | | + | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - If **tag_type** is set to other, the value can only be block. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | String | Action details. If detail is null, the default block page is displayed by default. | + | | | | + | | | - This parameter cannot be included when **category** is set to **captcha**. | + | | | | + | | | - This parameter is required when **category** is set to **block**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 9** detail + + +-----------+----------------------------------------------------------+---------------+ + | Parameter | Type | Description | + +===========+==========================================================+===============+ + | response | :ref:`response ` object | Returned page | + +-----------+----------------------------------------------------------+---------------+ + +.. _createccrule__response_response: + +.. table:: **Table 10** response + + +--------------+--------+-------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +==============+========+===============================================================================+ + | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | + +--------------+--------+-------------------------------------------------------------------------------+ + | content | String | Contents | + +--------------+--------+-------------------------------------------------------------------------------+ + +.. _createccrule__response_conditions: + +.. table:: **Table 11** conditions + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================================================================================================================================================================================================================================+ + | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Parameter description: | + | | | | + | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | + | | | | + | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | + | | | | + | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | + | | | | + | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | + | | | | + | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 12** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 13** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 14** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/cc? + + { + "action" : { + "category" : "captcha" + }, + "description" : "", + "limit_num" : 10, + "limit_period" : 60, + "mode" : 0, + "tag_type" : "ip", + "url" : "/path" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "aging_time" : 0, + "description" : "", + "id" : "a5f3fd28db564696b199228f0ac346b2", + "limit_num" : 10, + "limit_period" : 60, + "lock_time" : 0, + "mode" : 0, + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "prefix" : false, + "status" : 1, + "tag_type" : "ip", + "timestamp" : 1656494435686, + "total_num" : 0, + "unaggregation" : false, + "url" : "/path" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_data_masking_rule.rst b/api-ref/source/apis/rule_management/creating_a_data_masking_rule.rst new file mode 100644 index 0000000..95778f2 --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_a_data_masking_rule.rst @@ -0,0 +1,189 @@ +:original_name: CreatePrivacyRules.html + +.. _CreatePrivacyRules: + +Creating a Data Masking Rule +============================ + +Function +-------- + +Creating a Data Masking Rule + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/privacy + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================================================================================+ + | url | Yes | String | URL protected by the data masking rule. The value must be in the standard URL format, for example, /admin. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + | category | Yes | String | Masked field | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + | | | | | + | | | | - **form** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + | index | Yes | String | Name of the masked field | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | url | String | URL protected by the data masking rule | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | category | String | Masked field | + | | | | + | | | Enumeration values: | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + | | | | + | | | - **form** | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | index | String | Name of the masked field | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/privacy? + + { + "url" : "/login", + "category" : "params", + "index" : "password", + "description" : "" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "category" : "params", + "description" : "", + "id" : "41a5674e03a1470a90ac4761ec4657b4", + "index" : "password", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1656504425319, + "url" : "/login" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_false_alarm_masking_rule.rst b/api-ref/source/apis/rule_management/creating_a_false_alarm_masking_rule.rst new file mode 100644 index 0000000..c690099 --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_a_false_alarm_masking_rule.rst @@ -0,0 +1,279 @@ +:original_name: CreateIgnoreRule.html + +.. _CreateIgnoreRule: + +Creating a False Alarm Masking Rule +=================================== + +Function +-------- + +This API is used to create a false alarm masking rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/ignore + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | description | No | String | Provides supplementary information about the assignment. | + +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | Yes | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | + +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | Yes | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | + | | | | | + | | | | - xss or sqli: XSS attacks | + | | | | | + | | | | - cmdi: Command injectionrobot: Malicious crawlers | + | | | | | + | | | | - lfi: Local file inclusion | + | | | | | + | | | | - rfi: Remote file inclusionwebshell: Website Trojans | + | | | | | + | | | | - cc: CC attacks -custom_custom: Precise protection | + | | | | | + | | | | - custom_whiteblackip: IP address blacklist and whitelist | + | | | | | + | | | | - custom_geoip: Geolocation access control | + | | | | | + | | | | - antitamper: Web tamper protection | + | | | | | + | | | | - anticrawler: Anti-crawler protection | + | | | | | + | | | | - leakage: Data leakage prevention | + | | | | | + | | | | - illegal: Illegal requests | + | | | | | + | | | | - vuln: Other attack types | + +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url_logic | Yes | String | URL match logic: | + | | | | | + | | | | - **equal**: full match | + | | | | | + | | | | - **prefix**: prefix match | + +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domains | No | Array of strings | Protected domain name | + +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | No | :ref:`advanced ` object | advanced | + +-----------------+-----------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createignorerule__request_advanced: + +.. table:: **Table 4** advanced + + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=====================================================================================================================================================================================================================================+ + | index | No | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | + | | | | | + | | | | - cookie: session cookie | + | | | | | + | | | | - header: header field | + | | | | | + | | | | - body: body field | + | | | | | + | | | | - multipart: multipart/form-data type data | + | | | | | + | | | | - params: parameter | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | content | No | String | Specified field (available only for param, cookie, and header) | + +-----------------+-----------------+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 5** Response body parameters + + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Rule creation time. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Provides supplementary information about the assignment. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | + | | | | + | | | - xss or sqli: XSS attacks | + | | | | + | | | - cmdi: Command injectionrobot: Malicious crawlers | + | | | | + | | | - lfi: Local file inclusion | + | | | | + | | | - rfi: Remote file inclusionwebshell: Website Trojans | + | | | | + | | | - cc: CC attacks -custom_custom: Precise protection | + | | | | + | | | - custom_whiteblackip: IP address blacklist and whitelist | + | | | | + | | | - custom_geoip: Geolocation access control | + | | | | + | | | - antitamper: Web tamper protection | + | | | | + | | | - anticrawler: Anti-crawler protection | + | | | | + | | | - leakage: Data leakage prevention | + | | | | + | | | - illegal: Illegal requests | + | | | | + | | | - vuln: Other attack types | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url_logic | String | URL match logic: | + | | | | + | | | - **equal**: full match | + | | | | + | | | - **prefix**: prefix match | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domains | Array of strings | Protected domain name | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | :ref:`advanced ` object | advanced | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createignorerule__response_advanced: + +.. table:: **Table 6** advanced + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================================================================================================================+ + | index | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | + | | | | + | | | - cookie: session cookie | + | | | | + | | | - header: header field | + | | | | + | | | - body: body field | + | | | | + | | | - multipart: multipart/form-data type data | + | | | | + | | | - params: parameter | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | content | String | Specified field (available only for param, cookie, and header) | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore? + + { + "domain" : [ "test3.th.com" ], + "rule" : "webshell", + "url_logic" : "equal", + "url" : "/demo", + "description" : "" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "c20f67b3e1c040c0b0d8866e568ee8bf", + "policyid" : "a75e96d8284c4c4f98ada7d391e8342c", + "timestamp" : 1656507126528, + "description" : "", + "status" : 1, + "rule" : "webshell", + "url_logic" : "equal", + "url" : "/demo", + "domain" : [ "test3.th.com" ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_geolocation_access_control_rule.rst b/api-ref/source/apis/rule_management/creating_a_geolocation_access_control_rule.rst new file mode 100644 index 0000000..233c1a7 --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_a_geolocation_access_control_rule.rst @@ -0,0 +1,260 @@ +:original_name: CreateGeoipRule.html + +.. _CreateGeoipRule: + +Creating a Geolocation Access Control Rule +========================================== + +Function +-------- + +This API is used to create a geolocation access control rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/geoip + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------+-------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=======================================================+ + | geoip | Yes | String | Applicable regions. The value can be the region code. | + | | | | | + | | | | - CA: Canada | + | | | | | + | | | | - US: USA | + | | | | | + | | | | - AU: Australia | + | | | | | + | | | | - IN: India | + | | | | | + | | | | - JP: Japan | + | | | | | + | | | | - UK: United Kingdom | + | | | | | + | | | | - FR: France | + | | | | | + | | | | - DE: Germany | + | | | | | + | | | | - BR: Brazil | + | | | | | + | | | | - Ukraine: Ukraine | + | | | | | + | | | | - Pakistan: Pakistan | + | | | | | + | | | | - Palestine: Palestine | + | | | | | + | | | | - Israel: Israel | + | | | | | + | | | | - Iraq: Afghanistan | + | | | | | + | | | | - Libya: Libya | + | | | | | + | | | | - Turkey: Turkey | + | | | | | + | | | | - Thailand: Thailand | + | | | | | + | | | | - Singapore: Singapore | + | | | | | + | | | | - South Africa: South Africa | + | | | | | + | | | | - Mexico: Mexico | + | | | | | + | | | | - Peru: Peru | + +-----------------+-----------------+-----------------+-------------------------------------------------------+ + | white | Yes | Integer | Protective action. The value can be: | + | | | | | + | | | | - 0: WAF blocks the requests that hit the rule. | + | | | | | + | | | | - 1: WAF allows the requests that hit the rule. | + | | | | | + | | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------+-----------------+-----------------+-------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+-----------------+-------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | geoip | String | Applicable regions. The value can be the region code. | + | | | | + | | | - CA: Canada | + | | | | + | | | - US: USA | + | | | | + | | | - AU: Australia | + | | | | + | | | - IN: India | + | | | | + | | | - JP: Japan | + | | | | + | | | - UK: United Kingdom | + | | | | + | | | - FR: France | + | | | | + | | | - DE: Germany | + | | | | + | | | - BR: Brazil | + | | | | + | | | - Ukraine: Ukraine | + | | | | + | | | - Pakistan: Pakistan | + | | | | + | | | - Palestine: Palestine | + | | | | + | | | - Israel: Israel | + | | | | + | | | - Iraq: Afghanistan | + | | | | + | | | - Libya: Libya | + | | | | + | | | - Turkey: Turkey | + | | | | + | | | - Thailand: Thailand | + | | | | + | | | - Singapore: Singapore | + | | | | + | | | - South Africa: South Africa | + | | | | + | | | - Mexico: Mexico | + | | | | + | | | - Peru: Peru | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/geoip? + + { + "white" : 0, + "description" : "demo", + "geoip" : "BR" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "02dafa406c4941368a1037b020f15a53", + "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "timestamp" : 1650534513775, + "description" : "demo", + "status" : 1, + "geoip" : "BR", + "white" : 0, + "geoTagList" : [ "SH", "Afghanistan" ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_precise_protection_rule.rst b/api-ref/source/apis/rule_management/creating_a_precise_protection_rule.rst new file mode 100644 index 0000000..e619a80 --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_a_precise_protection_rule.rst @@ -0,0 +1,278 @@ +:original_name: CreateCustomRules.html + +.. _CreateCustomRules: + +Creating a Precise Protection Rule +================================== + +Function +-------- + +This API is used to create a precise protection rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/custom + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+========================================================================================+====================================================================================================================================================================================+ + | time | No | Boolean | Time the precise protection rule takes effect. | + | | | | | + | | | | - false: The rule takes effect immediately. | + | | | | | + | | | | - true: The effective time is customized. | + +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | start | No | Long | Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true. | + +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | terminal | No | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | + +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | No | Array of :ref:`CustomConditions ` objects | Match condition List | + +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | No | :ref:`CustomAction ` object | Protective action of the precise protection rule. | + +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | priority | No | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | + +-----------------+-----------------+----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createcustomrules__request_customconditions: + +.. table:: **Table 4** CustomConditions + + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+=============================================================================================================================================================================================================+ + | category | No | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | No | String | Subfield | + | | | | | + | | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | | + | | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | No | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Condition content for matching the rule | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | No | String | ID of the reference table | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createcustomrules__request_customaction: + +.. table:: **Table 5** CustomAction + + +-----------------+-----------------+-----------------+-------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===============================+ + | category | No | String | Action type. | + | | | | | + | | | | - block: WAF blocks attacks. | + | | | | | + | | | | - pass: WAF allows requests. | + +-----------------+-----------------+-----------------+-------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 6** Response body parameters + + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=============================================================================+====================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | List of matching conditions. All conditions must be met. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp when the precise protection rule is created. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | start | Long | Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | + +-----------------------+-----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createcustomrules__response_conditions: + +.. table:: **Table 7** conditions + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=============================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _createcustomrules__response_customaction: + +.. table:: **Table 8** CustomAction + + +-----------------------+-----------------------+-------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================+ + | category | String | Action type. | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - pass: WAF allows requests. | + +-----------------------+-----------------------+-------------------------------+ + +**Status code: 400** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/custom?enterprise_project_id=0 + + { + "description": "", + "action": { + "category": "block" + }, + "priority": 50, + "conditions": [ + { + "category": "header", + "logic_operation": "contain", + "index": "demo" + "content" ["demo"] + } + ], + "time": false + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "items" : [ { + "action" : { + "category" : "block" + }, + "action_mode" : false, + "aging_time" : 0, + "conditions" : [ { + "category" : "header", + "index" : "demo", + "logic_operation" : "contain", + "content" : [ "demo" ] + } ], + "description" : "", + "id" : "2a3caa2bc9814c09ad73d02e3485b4a4", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "priority" : 50, + "status" : 1, + "time" : false, + "timestamp" : 1656495488880 + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/creating_a_web_tamper_protection_rule.rst b/api-ref/source/apis/rule_management/creating_a_web_tamper_protection_rule.rst new file mode 100644 index 0000000..78da4f1 --- /dev/null +++ b/api-ref/source/apis/rule_management/creating_a_web_tamper_protection_rule.rst @@ -0,0 +1,163 @@ +:original_name: CreateAntitamperRule.html + +.. _CreateAntitamperRule: + +Creating a Web Tamper Protection Rule +===================================== + +Function +-------- + +This API is used to create a web tamper protection rule. + +URI +--- + +POST /v1/{project_id}/waf/policy/{policy_id}/antitamper + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=============+===========+========+=========================================================================================================================================+ + | hostname | Yes | String | Protected website. It can be obtained by calling the ListHost API in cloud mode (the value of the hostname field in the response body). | + +-------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | url | Yes | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin | + +-------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description | + +-------------+-----------+--------+-----------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+---------------------------------------------------------+ + | timestamp | Long | Timestamp | + +-----------------------+-----------------------+---------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | hostname | String | Domain name protected by the web tamper protection rule | + +-----------------------+-----------------------+---------------------------------------------------------+ + | url | String | URL for the web tamper protection rule. | + +-----------------------+-----------------------+---------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antitamper?enterprise_project_id=0 + + { + "hostname" : "www.domain.com", + "url" : "/login", + "description" : "" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "description" : "", + "hostname" : "www.domain.com", + "id" : "0f59185b76c143f884d21cd0d88e6fa8", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1656506256928, + "url" : "/login" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_blacklist_or_whitelist_rule.rst b/api-ref/source/apis/rule_management/deleting_a_blacklist_or_whitelist_rule.rst new file mode 100644 index 0000000..e60e150 --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_blacklist_or_whitelist_rule.rst @@ -0,0 +1,152 @@ +:original_name: DeleteWhiteBlackIpRule.html + +.. _DeleteWhiteBlackIpRule: + +Deleting a Blacklist or Whitelist Rule +====================================== + +Function +-------- + +This API is used to delete an IP address blacklist or whitelist rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User Token. | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+-----------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | timestamp | Long | Rule creation time | + +-----------------------+-----------------------+-----------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | addr | String | lacklisted or whitelisted IP addresses | + +-----------------------+-----------------------+-----------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+-----------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/whiteblackip? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "5d43af25404341058d5ab17b7ba78b56", + "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "timestamp" : 1650531872900, + "description" : "demo", + "status" : 1, + "addr" : "10.1.1.2", + "white" : 0 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_cc_attack_protection_rule.rst b/api-ref/source/apis/rule_management/deleting_a_cc_attack_protection_rule.rst new file mode 100644 index 0000000..b1726f3 --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_cc_attack_protection_rule.rst @@ -0,0 +1,253 @@ +:original_name: DeleteCcRule.html + +.. _DeleteCcRule: + +Deleting a CC Attack Protection Rule +==================================== + +Function +-------- + +This API is used to delete a CC attack protection rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Content type. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | rule_id | Yes | String | ccRuleId | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+========================================================================+========================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard. | + | | | | + | | | - **1**: Advanced | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | String | Rate limiting period | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Protection mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - other: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deleteccrule__response_action: + +.. table:: **Table 4** action + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - **block**: WAF blocks discovered attacks. | + | | | | + | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - If **tag_type** is set to **other**, the value can only be **block**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | String | Action details. If detail is null, the default block page is displayed by default. | + | | | | + | | | - This parameter cannot be included when **category** is set to **captcha**. | + | | | | + | | | - This parameter is required when **category** is set to **block**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 5** detail + + +-----------+----------------------------------------------------------+----------------+ + | Parameter | Type | Description | + +===========+==========================================================+================+ + | response | :ref:`response ` object | Returned page. | + +-----------+----------------------------------------------------------+----------------+ + +.. _deleteccrule__response_response: + +.. table:: **Table 6** response + + +--------------+--------+-------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +==============+========+===============================================================================+ + | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | + +--------------+--------+-------------------------------------------------------------------------------+ + | content | String | Contents | + +--------------+--------+-------------------------------------------------------------------------------+ + +.. _deleteccrule__response_conditions: + +.. table:: **Table 7** conditions + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================================================================================================================================================================================================================================+ + | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Parameter description: | + | | | | + | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | + | | | | + | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | + | | | | + | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | + | | | | + | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | + | | | | + | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "aging_time" : 0, + "description" : "", + "id" : "a5f3fd28db564696b199228f0ac346b2", + "limit_num" : 10, + "limit_period" : 60, + "lock_time" : 0, + "mode" : 0, + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "prefix" : false, + "producer" : 1, + "status" : 1, + "tag_type" : "ip", + "timestamp" : 1656494435686, + "total_num" : 0, + "unaggregation" : false, + "url" : "/path1" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_data_masking_rule.rst b/api-ref/source/apis/rule_management/deleting_a_data_masking_rule.rst new file mode 100644 index 0000000..6e576e2 --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_data_masking_rule.rst @@ -0,0 +1,121 @@ +:original_name: DeletePrivacyRule.html + +.. _DeletePrivacyRule: + +Deleting a Data Masking Rule +============================ + +Function +-------- + +This API is used to delete a data masking rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 400** + +.. table:: **Table 3** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "category" : "header", + "description" : "", + "id" : "41a5674e03a1470a90ac4761ec4657b4", + "index" : "token", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1656504425319, + "url" : "/login" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_false_alarm_masking_rule.rst b/api-ref/source/apis/rule_management/deleting_a_false_alarm_masking_rule.rst new file mode 100644 index 0000000..3d2ddf6 --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_false_alarm_masking_rule.rst @@ -0,0 +1,204 @@ +:original_name: DeleteIgnoreRule.html + +.. _DeleteIgnoreRule: + +Deleting a False Alarm Masking Rule +=================================== + +Function +-------- + +This API is used to query a false alarm masking rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Rule creation time. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Provides supplementary information about the assignment. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | + | | | | + | | | - xss or sqli: XSS attacks | + | | | | + | | | - cmdi: Command injectionrobot: Malicious crawlers | + | | | | + | | | - lfi: Local file inclusion | + | | | | + | | | - rfi: Remote file inclusionwebshell: Website Trojans | + | | | | + | | | - cc: CC attacks -custom_custom: Precise protection | + | | | | + | | | - custom_whiteblackip: IP address blacklist and whitelist | + | | | | + | | | - custom_geoip: Geolocation access control | + | | | | + | | | - antitamper: Web tamper protection | + | | | | + | | | - anticrawler: Anti-crawler protection | + | | | | + | | | - leakage: Data leakage prevention | + | | | | + | | | - illegal: Illegal requests | + | | | | + | | | - vuln: Other attack types | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url_logic | String | URL match logic: | + | | | | + | | | - **equal**: full match | + | | | | + | | | - **prefix**: prefix match | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domains | Array of strings | Protected domain name | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | :ref:`advanced ` object | advanced | + +-----------------------+--------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deleteignorerule__response_advanced: + +.. table:: **Table 4** advanced + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================================================================================================================+ + | index | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | + | | | | + | | | - cookie: session cookie | + | | | | + | | | - header: header field | + | | | | + | | | - body: body field | + | | | | + | | | - multipart: multipart/form-data type data | + | | | | + | | | - params: parameter | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | content | String | Specified field (available only for param, cookie, and header) | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "c20f67b3e1c040c0b0d8866e568ee8bf", + "policyid" : "a75e96d8284c4c4f98ada7d391e8342c", + "timestamp" : 1656507126528, + "description" : "", + "status" : 1, + "domain" : [ "test3.th.com" ], + "rule" : "webshell", + "url_logic" : "equal", + "url" : "/demo" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_geolocation_access_control_rule.rst b/api-ref/source/apis/rule_management/deleting_a_geolocation_access_control_rule.rst new file mode 100644 index 0000000..2c664c6 --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_geolocation_access_control_rule.rst @@ -0,0 +1,195 @@ +:original_name: DeleteGeoipRule.html + +.. _DeleteGeoipRule: + +Deleting a Geolocation Access Control Rule +========================================== + +Function +-------- + +This API is used to delete a geolocation access control rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | geoip | String | Applicable regions. The value can be the region code. | + | | | | + | | | - CA: Canada | + | | | | + | | | - US: USA | + | | | | + | | | - AU: Australia | + | | | | + | | | - IN: India | + | | | | + | | | - JP: Japan | + | | | | + | | | - UK: United Kingdom | + | | | | + | | | - FR: France | + | | | | + | | | - DE: Germany | + | | | | + | | | - BR: Brazil | + | | | | + | | | - Ukraine: Ukraine | + | | | | + | | | - Pakistan: Pakistan | + | | | | + | | | - Palestine: Palestine | + | | | | + | | | - Israel: Israel | + | | | | + | | | - Iraq: Afghanistan | + | | | | + | | | - Libya: Libya | + | | | | + | | | - Turkey: Turkey | + | | | | + | | | - Thailand: Thailand | + | | | | + | | | - Singapore: Singapore | + | | | | + | | | - South Africa: South Africa | + | | | | + | | | - Mexico: Mexico | + | | | | + | | | - Peru: Peru | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id}?enterprise_project_id=0 + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "02dafa406c4941368a1037b020f15a53", + "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "name" : "demo", + "timestamp" : 1650534513775, + "description" : "demo", + "status" : 1, + "geoip" : "BR", + "white" : 0 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_precise_protection_rule.rst b/api-ref/source/apis/rule_management/deleting_a_precise_protection_rule.rst new file mode 100644 index 0000000..7d67532 --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_precise_protection_rule.rst @@ -0,0 +1,199 @@ +:original_name: DeleteCustomRule.html + +.. _DeleteCustomRule: + +Deleting a Precise Protection Rule +================================== + +Function +-------- + +This API is used to delete a precise protection rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== ============ + Parameter Mandatory Type Description + ========== ========= ====== ============ + project_id Yes String Project ID + policy_id Yes String Policy ID. + rule_id Yes String customRuleId + ========== ========= ====== ============ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+============================================================================+====================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | List of matching conditions. All conditions must be met. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp when the precise protection rule is created. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | start | Long | Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deletecustomrule__response_conditions: + +.. table:: **Table 4** conditions + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=============================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _deletecustomrule__response_customaction: + +.. table:: **Table 5** CustomAction + + +-----------------------+-----------------------+-------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================+ + | category | String | Action type. | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - pass: WAF allows requests. | + +-----------------------+-----------------------+-------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "action" : { + "category" : "block" + }, + "action_mode" : false, + "aging_time" : 0, + "conditions" : [ { + "category" : "header", + "index" : "demo", + "logic_operation" : "contain", + "content" : [ "demo" ] + } ], + "description" : "", + "id" : "2a3caa2bc9814c09ad73d02e3485b4a4", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "priority" : 50, + "status" : 1, + "time" : false, + "timestamp" : 1656495488880 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_reference_table.rst b/api-ref/source/apis/rule_management/deleting_a_reference_table.rst new file mode 100644 index 0000000..0c7f396 --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_reference_table.rst @@ -0,0 +1,154 @@ +:original_name: DeleteValueList.html + +.. _DeleteValueList: + +Deleting a Reference Table +========================== + +Function +-------- + +This API is used to delete a reference table. + +URI +--- + +DELETE /v1/{project_id}/waf/valuelist/{valuelistid} + +.. table:: **Table 1** Path Parameters + + +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=============+===========+========+=============================================================================================+ + | project_id | Yes | String | Project ID | + +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | valuelistid | Yes | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List | + +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+---------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================+ + | id | String | ID of a reference table | + +-----------------------+-----------------------+---------------------------+ + | name | String | Reference table name | + +-----------------------+-----------------------+---------------------------+ + | type | String | The value can be: | + | | | | + | | | - url | + | | | | + | | | - params | + | | | | + | | | - ip | + | | | | + | | | - cookie | + | | | | + | | | - referer | + | | | | + | | | - user-agent | + | | | | + | | | - header | + | | | | + | | | - response_code | + | | | | + | | | - response_header | + | | | | + | | | - response_body | + +-----------------------+-----------------------+---------------------------+ + | timestamp | String | Reference table timestamp | + +-----------------------+-----------------------+---------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/valuelist/{valuelistid}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "3978ca9403844a62bbd24bb5b8d16d4e", + "name" : "demo2", + "type" : "url", + "values" : [ "/demo" ], + "timestamp" : 1656495488880 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/deleting_a_web_tamper_protection_rule.rst b/api-ref/source/apis/rule_management/deleting_a_web_tamper_protection_rule.rst new file mode 100644 index 0000000..950cbca --- /dev/null +++ b/api-ref/source/apis/rule_management/deleting_a_web_tamper_protection_rule.rst @@ -0,0 +1,146 @@ +:original_name: DeleteAntitamperRule.html + +.. _DeleteAntitamperRule: + +Deleting a Web Tamper Protection Rule +===================================== + +Function +-------- + +This API is used to delete a web tamper protection rule. + +URI +--- + +DELETE /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+---------------------------------------------------------+ + | timestamp | Long | Timestamp | + +-----------------------+-----------------------+---------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | hostname | String | Domain name protected by the web tamper protection rule | + +-----------------------+-----------------------+---------------------------------------------------------+ + | url | String | URL for the web tamper protection rule. | + +-----------------------+-----------------------+---------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "description" : "", + "hostname" : "www.domain.com", + "id" : "0f59185b76c143f884d21cd0d88e6fa8", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1656506256928, + "url" : "/login" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/index.rst b/api-ref/source/apis/rule_management/index.rst new file mode 100644 index 0000000..2eaf14a --- /dev/null +++ b/api-ref/source/apis/rule_management/index.rst @@ -0,0 +1,86 @@ +:original_name: topic_300000003.html + +.. _topic_300000003: + +Rule Management +=============== + +- :ref:`Querying the Blacklist and Whitelist Rule List ` +- :ref:`Creating a Blacklist or Whitelist Rule ` +- :ref:`Querying a Blacklist or Whitelist Rule ` +- :ref:`Updating a Blacklist or Whitelist Rule ` +- :ref:`Deleting a Blacklist or Whitelist Rule ` +- :ref:`Querying CC Attack Protection Rules ` +- :ref:`Creating a CC Attack Protection Rule ` +- :ref:`Querying a CC Attack Protection Rule by ID ` +- :ref:`Updating a CC Attack Protection Rule ` +- :ref:`Deleting a CC Attack Protection Rule ` +- :ref:`Querying Precise Protection Rules ` +- :ref:`Creating a Precise Protection Rule ` +- :ref:`Querying a Precise Protection Rule by ID ` +- :ref:`Updating a Precise Protection Rule ` +- :ref:`Deleting a Precise Protection Rule ` +- :ref:`Querying the Data Masking Rule List ` +- :ref:`Creating a Data Masking Rule ` +- :ref:`Querying a Data Masking Rule by ID ` +- :ref:`Updating the Data Masking Rule List ` +- :ref:`Deleting a Data Masking Rule ` +- :ref:`Querying the List of Web Tamper Protection Rules ` +- :ref:`Creating a Web Tamper Protection Rule ` +- :ref:`Querying a Web Tamper Protection Rule by ID ` +- :ref:`Deleting a Web Tamper Protection Rule ` +- :ref:`Querying the False Alarm Masking Rule List ` +- :ref:`Creating a False Alarm Masking Rule ` +- :ref:`Querying a False Alarm Masking Rule ` +- :ref:`Deleting a False Alarm Masking Rule ` +- :ref:`Querying the List of Geolocation Access Control Rules ` +- :ref:`Creating a Geolocation Access Control Rule ` +- :ref:`Updating a Geolocation Access Control Rule ` +- :ref:`Deleting a Geolocation Access Control Rule ` +- :ref:`Changing the Status of a Policy Rule ` +- :ref:`Querying the Reference Table List ` +- :ref:`Adding a Reference Table ` +- :ref:`Modifying a Reference Table ` +- :ref:`Deleting a Reference Table ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + querying_the_blacklist_and_whitelist_rule_list + creating_a_blacklist_or_whitelist_rule + querying_a_blacklist_or_whitelist_rule + updating_a_blacklist_or_whitelist_rule + deleting_a_blacklist_or_whitelist_rule + querying_cc_attack_protection_rules + creating_a_cc_attack_protection_rule + querying_a_cc_attack_protection_rule_by_id + updating_a_cc_attack_protection_rule + deleting_a_cc_attack_protection_rule + querying_precise_protection_rules + creating_a_precise_protection_rule + querying_a_precise_protection_rule_by_id + updating_a_precise_protection_rule + deleting_a_precise_protection_rule + querying_the_data_masking_rule_list + creating_a_data_masking_rule + querying_a_data_masking_rule_by_id + updating_the_data_masking_rule_list + deleting_a_data_masking_rule + querying_the_list_of_web_tamper_protection_rules + creating_a_web_tamper_protection_rule + querying_a_web_tamper_protection_rule_by_id + deleting_a_web_tamper_protection_rule + querying_the_false_alarm_masking_rule_list + creating_a_false_alarm_masking_rule + querying_a_false_alarm_masking_rule + deleting_a_false_alarm_masking_rule + querying_the_list_of_geolocation_access_control_rules + creating_a_geolocation_access_control_rule + updating_a_geolocation_access_control_rule + deleting_a_geolocation_access_control_rule + changing_the_status_of_a_policy_rule + querying_the_reference_table_list + adding_a_reference_table + modifying_a_reference_table + deleting_a_reference_table diff --git a/api-ref/source/apis/rule_management/modifying_a_reference_table.rst b/api-ref/source/apis/rule_management/modifying_a_reference_table.rst new file mode 100644 index 0000000..4c862a8 --- /dev/null +++ b/api-ref/source/apis/rule_management/modifying_a_reference_table.rst @@ -0,0 +1,196 @@ +:original_name: UpdateValueList.html + +.. _UpdateValueList: + +Modifying a Reference Table +=========================== + +Function +-------- + +This API is used to modify a reference table. + +URI +--- + +PUT /v1/{project_id}/waf/valuelist/{valuelistid} + +.. table:: **Table 1** Path Parameters + + +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=============+===========+========+=============================================================================================+ + | project_id | Yes | String | Project ID | + +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ + | valuelistid | Yes | String | Reference table ID. It can be obtained by calling the API Querying the Reference Table List | + +-------------+-----------+--------+---------------------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+==========================================================================================================================================================+ + | name | Yes | String | Reference table name. The value can contain a maximum of 64 characters. Only digits, letters, hyphens (-), underscores (_), and periods (.) are allowed. | + +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | type | Yes | String | Reference table type. For details, see the enumeration list | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **url** | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **referer** | + | | | | | + | | | | - **user-agent** | + | | | | | + | | | | - **header** | + | | | | | + | | | | - **response_code** | + | | | | | + | | | | - **response_header** | + | | | | | + | | | | - **resopnse_body** | + +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | values | No | Array of strings | Value of the reference table | + +-----------------+-----------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==============================+ + | id | String | ID of a reference table | + +-----------------------+-----------------------+------------------------------+ + | name | String | Reference table name | + +-----------------------+-----------------------+------------------------------+ + | type | String | The value can be: | + | | | | + | | | - url | + | | | | + | | | - params | + | | | | + | | | - ip | + | | | | + | | | - cookie | + | | | | + | | | - referer | + | | | | + | | | - user-agent | + | | | | + | | | - header | + | | | | + | | | - response_code | + | | | | + | | | - response_header | + | | | | + | | | - response_body | + +-----------------------+-----------------------+------------------------------+ + | timestamp | String | Reference table timestamp | + +-----------------------+-----------------------+------------------------------+ + | values | Array of strings | Value of the reference table | + +-----------------------+-----------------------+------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/valuelist/{valuelistid}? + + { + "name" : "demo2", + "type" : "url", + "values" : [ "/demo" ] + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "3978ca9403844a62bbd24bb5b8d16d4e", + "name" : "demo2", + "type" : "url", + "values" : [ "/demo" ], + "timestamp" : 1656495488880 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_blacklist_or_whitelist_rule.rst b/api-ref/source/apis/rule_management/querying_a_blacklist_or_whitelist_rule.rst new file mode 100644 index 0000000..6751420 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_blacklist_or_whitelist_rule.rst @@ -0,0 +1,138 @@ +:original_name: ShowWhiteblackipRule.html + +.. _ShowWhiteblackipRule: + +Querying a Blacklist or Whitelist Rule +====================================== + +Function +-------- + +This API is used to query a blacklist or whitelist rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+-----------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | timestamp | Long | Rule creation time | + +-----------------------+-----------------------+-----------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | addr | String | lacklisted or whitelisted IP addresses | + +-----------------------+-----------------------+-----------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+-----------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id}? + +Example Responses +----------------- + +None + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_cc_attack_protection_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_cc_attack_protection_rule_by_id.rst new file mode 100644 index 0000000..2537da5 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_cc_attack_protection_rule_by_id.rst @@ -0,0 +1,252 @@ +:original_name: ShowCcRule.html + +.. _ShowCcRule: + +Querying a CC Attack Protection Rule by ID +========================================== + +Function +-------- + +This API is used to query a CC attack protection rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | rule_id | Yes | String | ccRuleId | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+======================================================================+========================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard | + | | | | + | | | - **1**: Advanced | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | String | Rate limiting period | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Protection mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - other: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. | + +-----------------------+----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showccrule__response_action: + +.. table:: **Table 4** action + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - **block**: WAF blocks discovered attacks. | + | | | | + | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - If **tag_type** is set to **other**, the value can only be **block**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | String | Action details. If detail is null, the default block page is displayed by default. | + | | | | + | | | - This parameter cannot be included when **category** is set to **captcha**. | + | | | | + | | | - This parameter is required when **category** is set to **block**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 5** detail + + +-----------+--------------------------------------------------------+----------------+ + | Parameter | Type | Description | + +===========+========================================================+================+ + | response | :ref:`response ` object | Returned page. | + +-----------+--------------------------------------------------------+----------------+ + +.. _showccrule__response_response: + +.. table:: **Table 6** response + + +--------------+--------+-------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +==============+========+===============================================================================+ + | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | + +--------------+--------+-------------------------------------------------------------------------------+ + | content | String | Contents | + +--------------+--------+-------------------------------------------------------------------------------+ + +.. _showccrule__response_conditions: + +.. table:: **Table 7** conditions + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================================================================================================================================================================================================================================+ + | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Parameter description: | + | | | | + | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | + | | | | + | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | + | | | | + | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | + | | | | + | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | + | | | | + | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "aging_time" : 0, + "description" : "", + "id" : "a5f3fd28db564696b199228f0ac346b2", + "limit_num" : 10, + "limit_period" : 60, + "lock_time" : 0, + "mode" : 0, + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "prefix" : false, + "status" : 1, + "tag_type" : "ip", + "timestamp" : 1656494435686, + "total_num" : 0, + "unaggregation" : false, + "url" : "/path" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_data_masking_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_data_masking_rule_by_id.rst new file mode 100644 index 0000000..15a1d50 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_data_masking_rule_by_id.rst @@ -0,0 +1,159 @@ +:original_name: ShowPrivacyRule.html + +.. _ShowPrivacyRule: + +Querying a Data Masking Rule by ID +================================== + +Function +-------- + +This API is used to query a data masking rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | url | String | URL protected by the data masking rule | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | category | String | Masked field | + | | | | + | | | Enumeration values: | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + | | | | + | | | - **form** | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | index | String | Name of the masked field | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "category" : "params", + "description" : "", + "id" : "41a5674e03a1470a90ac4761ec4657b4", + "index" : "password", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1656504425319, + "url" : "/login" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_false_alarm_masking_rule.rst b/api-ref/source/apis/rule_management/querying_a_false_alarm_masking_rule.rst new file mode 100644 index 0000000..dab771c --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_false_alarm_masking_rule.rst @@ -0,0 +1,204 @@ +:original_name: ShowIgnoreRule.html + +.. _ShowIgnoreRule: + +Querying a False Alarm Masking Rule +=================================== + +Function +-------- + +This API is used to query a false alarm masking rule. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Rule creation time. | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Provides supplementary information about the assignment. | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | + | | | | + | | | - xss or sqli: XSS attacks | + | | | | + | | | - cmdi: Command injectionrobot: Malicious crawlers | + | | | | + | | | - lfi: Local file inclusion | + | | | | + | | | - rfi: Remote file inclusionwebshell: Website Trojans | + | | | | + | | | - cc: CC attacks -custom_custom: Precise protection | + | | | | + | | | - custom_whiteblackip: IP address blacklist and whitelist | + | | | | + | | | - custom_geoip: Geolocation access control | + | | | | + | | | - antitamper: Web tamper protection | + | | | | + | | | - anticrawler: Anti-crawler protection | + | | | | + | | | - leakage: Data leakage prevention | + | | | | + | | | - illegal: Illegal requests | + | | | | + | | | - vuln: Other attack types | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url_logic | String | URL match logic: | + | | | | + | | | - **equal**: full match | + | | | | + | | | - **prefix**: prefix match | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domains | Array of strings | Protected domain name | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | :ref:`advanced ` object | advanced | + +-----------------------+------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showignorerule__response_advanced: + +.. table:: **Table 4** advanced + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================================================================================================================+ + | index | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | + | | | | + | | | - cookie: session cookie | + | | | | + | | | - header: header field | + | | | | + | | | - body: body field | + | | | | + | | | - multipart: multipart/form-data type data | + | | | | + | | | - params: parameter | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | content | String | Specified field (available only for param, cookie, and header) | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "c20f67b3e1c040c0b0d8866e568ee8bf", + "policyid" : "a75e96d8284c4c4f98ada7d391e8342c", + "timestamp" : 1656507126528, + "description" : "", + "status" : 1, + "domain" : [ "test3.th.com" ], + "rule" : "webshell", + "url_logic" : "equal", + "url" : "/demo" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_precise_protection_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_precise_protection_rule_by_id.rst new file mode 100644 index 0000000..a1b446e --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_precise_protection_rule_by_id.rst @@ -0,0 +1,200 @@ +:original_name: ShowCustomRule.html + +.. _ShowCustomRule: + +Querying a Precise Protection Rule by ID +======================================== + +Function +-------- + +This API is used to query a precise protection rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | rule_id | Yes | String | customRuleId | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+==========================================================================+====================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | List of matching conditions. All conditions must be met. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp when the precise protection rule is created. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | start | Long | Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | + +-----------------------+--------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showcustomrule__response_conditions: + +.. table:: **Table 4** conditions + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=============================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _showcustomrule__response_customaction: + +.. table:: **Table 5** CustomAction + + +-----------------------+-----------------------+-------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================+ + | category | String | Action type. | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - pass: WAF allows requests. | + +-----------------------+-----------------------+-------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "action" : { + "category" : "block" + }, + "action_mode" : false, + "conditions" : [ { + "category" : "header", + "index" : "demo", + "logic_operation" : "contain", + "content" : [ "demo" ] + } ], + "description" : "", + "id" : "2a3caa2bc9814c09ad73d02e3485b4a4", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "priority" : 50, + "status" : 1, + "time" : false, + "timestamp" : 1656495488880 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_a_web_tamper_protection_rule_by_id.rst b/api-ref/source/apis/rule_management/querying_a_web_tamper_protection_rule_by_id.rst new file mode 100644 index 0000000..5872063 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_a_web_tamper_protection_rule_by_id.rst @@ -0,0 +1,146 @@ +:original_name: ShowAntitamperRule.html + +.. _ShowAntitamperRule: + +Querying a Web Tamper Protection Rule by ID +=========================================== + +Function +-------- + +This API is used to query a web tamper protection rule by ID. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 3** Response body parameters + + +-----------------------+-----------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+---------------------------------------------------------+ + | timestamp | Long | Timestamp | + +-----------------------+-----------------------+---------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | hostname | String | Domain name protected by the web tamper protection rule | + +-----------------------+-----------------------+---------------------------------------------------------+ + | url | String | URL for the web tamper protection rule. | + +-----------------------+-----------------------+---------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 4** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "description" : "", + "hostname" : "www.domain.com", + "id" : "0f59185b76c143f884d21cd0d88e6fa8", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1656506256928, + "url" : "/login" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_cc_attack_protection_rules.rst b/api-ref/source/apis/rule_management/querying_cc_attack_protection_rules.rst new file mode 100644 index 0000000..7c7438b --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_cc_attack_protection_rules.rst @@ -0,0 +1,281 @@ +:original_name: ListCcRules.html + +.. _ListCcRules: + +Querying CC Attack Protection Rules +=================================== + +Function +-------- + +This API is used to query the list of CC attack protection rules. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/cc + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=============================================================================+ + | page | No | Integer | Page number. | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. Default value: 10 | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+==========================================================================================================+ + | X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + | Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+----------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+---------------------------------------------------------------------------------+-------------------------------+ + | Parameter | Type | Description | + +===========+=================================================================================+===============================+ + | total | Integer | Number of rules in the policy | + +-----------+---------------------------------------------------------------------------------+-------------------------------+ + | items | Array of :ref:`CcrulesListInfo ` objects | Array of Cc rules | + +-----------+---------------------------------------------------------------------------------+-------------------------------+ + +.. _listccrules__response_ccruleslistinfo: + +.. table:: **Table 5** CcrulesListInfo + + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================================================================+========================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard. | + | | | | + | | | - **1**: Advanced | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | String | Rate limiting period | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Protection mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - **other**: Website visitors are identified by the **Referer** field (user-defined request source). | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. | + +-----------------------+-----------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listccrules__response_action: + +.. table:: **Table 6** action + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - **block**: WAF blocks discovered attacks. | + | | | | + | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - If **tag_type** is set to **other**, the value can only be **block**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | String | Action details. If detail is null, the default block page is displayed by default. | + | | | | + | | | - This parameter cannot be included when **category** is set to **captcha**. | + | | | | + | | | - This parameter is required when **category** is set to **block**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 7** detail + + +-----------+---------------------------------------------------------+---------------+ + | Parameter | Type | Description | + +===========+=========================================================+===============+ + | response | :ref:`response ` object | Returned page | + +-----------+---------------------------------------------------------+---------------+ + +.. _listccrules__response_response: + +.. table:: **Table 8** response + + +--------------+--------+-------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +==============+========+===============================================================================+ + | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | + +--------------+--------+-------------------------------------------------------------------------------+ + | content | String | Contents | + +--------------+--------+-------------------------------------------------------------------------------+ + +.. _listccrules__response_conditions: + +.. table:: **Table 9** conditions + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================================================================================================================================================================================================================================+ + | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Parameter description: | + | | | | + | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | + | | | | + | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | + | | | | + | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | + | | | | + | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | + | | | | + | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 12** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/cc? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "description" : "", + "id" : "a5f3fd28db564696b199228f0ac346b2", + "limit_num" : 10, + "limit_period" : 60, + "lock_time" : 0, + "mode" : 0, + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "prefix" : false, + "status" : 1, + "tag_type" : "ip", + "timestamp" : 1656494435686, + "total_num" : 0, + "unaggregation" : false, + "url" : "/path", + "action" : { + "category" : "captcha" + } + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_precise_protection_rules.rst b/api-ref/source/apis/rule_management/querying_precise_protection_rules.rst new file mode 100644 index 0000000..caae75c --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_precise_protection_rules.rst @@ -0,0 +1,222 @@ +:original_name: ListCustomRules.html + +.. _ListCustomRules: + +Querying Precise Protection Rules +================================= + +Function +-------- + +This API is used to query the list of precise protection rules. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/custom + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================+ + | page | No | Integer | Page number. | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + ========= ================ ============================= + Parameter Type Description + ========= ================ ============================= + total Integer Number of rules in the policy + items Array of objects Array of custom rules + ========= ================ ============================= + +.. table:: **Table 5** CustomRuleBody + + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+===========================================================================+====================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | List of matching conditions. All conditions must be met. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp when the precise protection rule is created. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | start | Long | Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | + +-----------------------+---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listcustomrules__response_conditions: + +.. table:: **Table 6** conditions + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=============================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listcustomrules__response_customaction: + +.. table:: **Table 7** CustomAction + + +-----------------------+-----------------------+-------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================+ + | category | String | Action type. | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - pass: WAF allows requests. | + +-----------------------+-----------------------+-------------------------------+ + +**Status code: 400** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/custom? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "items" : [ { + "category" : "block", + "action_mode" : false, + "conditions" : [ { + "category" : "header", + "index" : "sdfsafsda", + "logic_operation" : "contain", + "content" : [ "demo" ] + } ], + "description" : "", + "id" : "2a3caa2bc9814c09ad73d02e3485b4a4", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "priority" : 50, + "status" : 1, + "time" : false, + "timestamp" : 1656495488880 + } ], + "total" : 1 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_the_blacklist_and_whitelist_rule_list.rst b/api-ref/source/apis/rule_management/querying_the_blacklist_and_whitelist_rule_list.rst new file mode 100644 index 0000000..36b3e5c --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_the_blacklist_and_whitelist_rule_list.rst @@ -0,0 +1,182 @@ +:original_name: ListWhiteblackipRule.html + +.. _ListWhiteblackipRule: + +Querying the Blacklist and Whitelist Rule List +============================================== + +Function +-------- + +This API is used to query the list of blacklist and whitelist rules. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================+ + | page | No | Integer | Page. | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | name | No | String | Rule name, Fuzzy search is supported. | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User Token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+------------------------------------------------------------------------------------------------------------+-----------------+ + | Parameter | Type | Description | + +===========+============================================================================================================+=================+ + | total | Integer | Number of rules | + +-----------+------------------------------------------------------------------------------------------------------------+-----------------+ + | items | Array of :ref:`WhiteBlackIpResponseBody ` objects | Rules | + +-----------+------------------------------------------------------------------------------------------------------------+-----------------+ + +.. _listwhiteblackiprule__response_whiteblackipresponsebody: + +.. table:: **Table 5** WhiteBlackIpResponseBody + + +-----------------------+-----------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+-----------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | timestamp | Long | Rule creation time | + +-----------------------+-----------------------+-----------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | addr | String | lacklisted or whitelisted IP addresses | + +-----------------------+-----------------------+-----------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+-----------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/whiteblackip? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "3c96caf769ca4f57814fcf4259ea89a1", + "policyid" : "4dddfd44fc89453e9fd9cd6bfdc39db2", + "timestamp" : 1650362891844, + "description" : "demo", + "status" : 1, + "addr" : "x.x.x.x", + "white" : 0 + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_the_data_masking_rule_list.rst b/api-ref/source/apis/rule_management/querying_the_data_masking_rule_list.rst new file mode 100644 index 0000000..839414d --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_the_data_masking_rule_list.rst @@ -0,0 +1,183 @@ +:original_name: ListPrivacyRules.html + +.. _ListPrivacyRules: + +Querying the Data Masking Rule List +=================================== + +Function +-------- + +This API is used to query the data masking rule list. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/privacy + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------+-----------+---------+-----------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+=========+===========================================================+ + | page | No | Integer | Page | + +-----------+-----------+---------+-----------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | + +-----------+-----------+---------+-----------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+----------------------------------------------------------------------------------------------+-----------------+ + | Parameter | Type | Description | + +===========+==============================================================================================+=================+ + | total | Integer | Number of rules | + +-----------+----------------------------------------------------------------------------------------------+-----------------+ + | items | Array of :ref:`PrivacyResponseBody ` objects | Rules | + +-----------+----------------------------------------------------------------------------------------------+-----------------+ + +.. _listprivacyrules__response_privacyresponsebody: + +.. table:: **Table 5** PrivacyResponseBody + + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | url | String | URL protected by the data masking rule | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | category | String | Masked field | + | | | | + | | | Enumeration values: | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + | | | | + | | | - **form** | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | index | String | Name of the masked field | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/privacy?enterprise_project_id=0 + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "category" : "params", + "description" : "", + "id" : "41a5674e03a1470a90ac4761ec4657b4", + "index" : "password", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1656504425319, + "url" : "/login" + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_the_false_alarm_masking_rule_list.rst b/api-ref/source/apis/rule_management/querying_the_false_alarm_masking_rule_list.rst new file mode 100644 index 0000000..b22317b --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_the_false_alarm_masking_rule_list.rst @@ -0,0 +1,232 @@ +:original_name: ListIgnoreRules.html + +.. _ListIgnoreRules: + +Querying the False Alarm Masking Rule List +========================================== + +Function +-------- + +This API is used to query the list of false alarm masking rules. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/ignore + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================+ + | page | No | Integer | Page | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+-----------------------------------------------------------------------------------+------------------------------------+ + | Parameter | Type | Description | + +===========+===================================================================================+====================================+ + | total | Integer | Number of rules in the policy | + +-----------+-----------------------------------------------------------------------------------+------------------------------------+ + | items | Array of :ref:`IgnoreRuleBody ` objects | Array of false alarm masking rules | + +-----------+-----------------------------------------------------------------------------------+------------------------------------+ + +.. _listignorerules__response_ignorerulebody: + +.. table:: **Table 5** IgnoreRuleBody + + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=============================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Rule creation time. | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Provides supplementary information about the assignment. | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin. | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | rule | String | Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: | + | | | | + | | | - xss or sqli: XSS attacks | + | | | | + | | | - cmdi: Command injectionrobot: Malicious crawlers | + | | | | + | | | - lfi: Local file inclusion | + | | | | + | | | - rfi: Remote file inclusionwebshell: Website Trojans | + | | | | + | | | - cc: CC attacks -custom_custom: Precise protection | + | | | | + | | | - custom_whiteblackip: IP address blacklist and whitelist | + | | | | + | | | - custom_geoip: Geolocation access control | + | | | | + | | | - antitamper: Web tamper protection | + | | | | + | | | - anticrawler: Anti-crawler protection | + | | | | + | | | - leakage: Data leakage prevention | + | | | | + | | | - illegal: Illegal requests | + | | | | + | | | - vuln: Other attack types | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url_logic | String | URL match logic: | + | | | | + | | | - **equal**: full match | + | | | | + | | | - **prefix**: prefix match | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | domains | Array of strings | Protected domain name | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | advanced | :ref:`advanced ` object | advanced | + +-----------------------+-------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _listignorerules__response_advanced: + +.. table:: **Table 6** advanced + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================================================================================================================================================================================================+ + | index | String | To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: | + | | | | + | | | - cookie: session cookie | + | | | | + | | | - header: header field | + | | | | + | | | - body: body field | + | | | | + | | | - multipart: multipart/form-data type data | + | | | | + | | | - params: parameter | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | content | String | Specified field (available only for param, cookie, and header) | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "c20f67b3e1c040c0b0d8866e568ee8bf", + "policyid" : "a75e96d8284c4c4f98ada7d391e8342c", + "timestamp" : 1656507126528, + "description" : "", + "status" : 1, + "rule" : "webshell", + "url_logic" : "equal", + "url" : "/demo", + "domain" : [ "test3.th.com" ] + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_the_list_of_geolocation_access_control_rules.rst b/api-ref/source/apis/rule_management/querying_the_list_of_geolocation_access_control_rules.rst new file mode 100644 index 0000000..498bf18 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_the_list_of_geolocation_access_control_rules.rst @@ -0,0 +1,222 @@ +:original_name: ListGeoipRule.html + +.. _ListGeoipRule: + +Querying the List of Geolocation Access Control Rules +===================================================== + +Function +-------- + +This API is used to query the list of geolocation access control rules. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/geoip + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================+ + | page | No | Integer | Page | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+-----------------------------------------------------------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +===========+=======================================================================+=========================================================+ + | total | Integer | Number of blocked geographical locations in the policy. | + +-----------+-----------------------------------------------------------------------+---------------------------------------------------------+ + | items | Array of :ref:`GeOIpItem ` objects | List of the restricted geographical locations | + +-----------+-----------------------------------------------------------------------+---------------------------------------------------------+ + +.. _listgeoiprule__response_geoipitem: + +.. table:: **Table 5** GeOIpItem + + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | geoip | String | Applicable regions. The value can be the region code. | + | | | | + | | | - CA: Canada | + | | | | + | | | - US: USA | + | | | | + | | | - AU: Australia | + | | | | + | | | - IN: India | + | | | | + | | | - JP: Japan | + | | | | + | | | - UK: United Kingdom | + | | | | + | | | - FR: France | + | | | | + | | | - DE: Germany | + | | | | + | | | - BR: Brazil | + | | | | + | | | - Ukraine: Ukraine | + | | | | + | | | - Pakistan: Pakistan | + | | | | + | | | - Palestine: Palestine | + | | | | + | | | - Israel: Israel | + | | | | + | | | - Iraq: Afghanistan | + | | | | + | | | - Libya: Libya | + | | | | + | | | - Turkey: Turkey | + | | | | + | | | - Thailand: Thailand | + | | | | + | | | - Singapore: Singapore | + | | | | + | | | - South Africa: South Africa | + | | | | + | | | - Mexico: Mexico | + | | | | + | | | - Peru: Peru | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/geoip? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "06f07f6c229141b9a4a78614751bb687", + "policyid" : "2abeeecefb9840e6bf05efbd80d0fcd7", + "timestamp" : 1636340038062, + "status" : 1, + "geoip" : "BR", + "white" : 1, + "name" : "demo" + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_the_list_of_web_tamper_protection_rules.rst b/api-ref/source/apis/rule_management/querying_the_list_of_web_tamper_protection_rules.rst new file mode 100644 index 0000000..ad15655 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_the_list_of_web_tamper_protection_rules.rst @@ -0,0 +1,174 @@ +:original_name: ListAntitamperRules.html + +.. _ListAntitamperRules: + +Querying the List of Web Tamper Protection Rules +================================================ + +Function +-------- + +This api is used to query the list of web tamper protection rules. + +URI +--- + +GET /v1/{project_id}/waf/policy/{policy_id}/antitamper + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Prroject ID + policy_id Yes String Policy ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================+ + | page | No | Integer | Page | + | | | | | + | | | | Default: **1** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | + | | | | | + | | | | Default: **10** | + +-----------------+-----------------+-----------------+-----------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------+---------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Type | Description | + +===========+===============================================================================================================+=======================+ + | total | Integer | Total number of rules | + +-----------+---------------------------------------------------------------------------------------------------------------+-----------------------+ + | items | Array of :ref:`AntiTamperRuleResponseBody ` objects | Rules | + +-----------+---------------------------------------------------------------------------------------------------------------+-----------------------+ + +.. _listantitamperrules__response_antitamperruleresponsebody: + +.. table:: **Table 5** AntiTamperRuleResponseBody + + +-----------------------+-----------------------+---------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=========================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+---------------------------------------------------------+ + | timestamp | Long | Timestamp | + +-----------------------+-----------------------+---------------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+---------------------------------------------------------+ + | hostname | String | Domain name protected by the web tamper protection rule | + +-----------------------+-----------------------+---------------------------------------------------------+ + | url | String | URL for the web tamper protection rule. | + +-----------------------+-----------------------+---------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/antitamper? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "description" : "", + "hostname" : "www.domain.com", + "id" : "0f59185b76c143f884d21cd0d88e6fa8", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1656506256928, + "url" : "/login" + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/querying_the_reference_table_list.rst b/api-ref/source/apis/rule_management/querying_the_reference_table_list.rst new file mode 100644 index 0000000..3a23290 --- /dev/null +++ b/api-ref/source/apis/rule_management/querying_the_reference_table_list.rst @@ -0,0 +1,185 @@ +:original_name: ListValueList.html + +.. _ListValueList: + +Querying the Reference Table List +================================= + +Function +-------- + +This API is used to query the reference table list. A reference table can be referenced by CC attack protection rules and precise protection rules. For details about how to use reference tables, see "Adding a Reference Table" under "Rule Configurations" in Web Application Firewall User Guide. + +URI +--- + +GET /v1/{project_id}/waf/valuelist + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + ========== ========= ====== =========== + +.. table:: **Table 2** Query Parameters + + +-----------+-----------+---------+-----------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+=========+===========================================================+ + | page | No | Integer | Page | + +-----------+-----------+---------+-----------------------------------------------------------+ + | pagesize | No | Integer | Number of records on each page. The maximum value is 100. | + +-----------+-----------+---------+-----------------------------------------------------------+ + | name | No | String | Reference table name, Fuzzy search is supported. | + +-----------+-----------+---------+-----------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 3** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | No | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------------------------------------------------------+----------------------------+ + | Parameter | Type | Description | + +=======================+=======================================================================+============================+ + | total | Integer | Number of reference tables | + | | | | + | | | Minimum: **0** | + | | | | + | | | Maximum: **500** | + +-----------------------+-----------------------------------------------------------------------+----------------------------+ + | items | Array of :ref:`ValueList ` objects | Reference table list | + +-----------------------+-----------------------------------------------------------------------+----------------------------+ + +.. _listvaluelist__response_valuelist: + +.. table:: **Table 5** ValueList + + +-----------------------+-----------------------+------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+==============================+ + | id | String | ID of a reference table | + +-----------------------+-----------------------+------------------------------+ + | name | String | Reference table name | + +-----------------------+-----------------------+------------------------------+ + | type | String | The value can be: | + | | | | + | | | - url | + | | | | + | | | - params | + | | | | + | | | - ip | + | | | | + | | | - cookie | + | | | | + | | | - referer | + | | | | + | | | - user-agent | + | | | | + | | | - header | + | | | | + | | | - response_code | + | | | | + | | | - response_header | + | | | | + | | | - response_body | + +-----------------------+-----------------------+------------------------------+ + | timestamp | String | Reference table timestamp | + +-----------------------+-----------------------+------------------------------+ + | values | Array of strings | Value of the reference table | + +-----------------------+-----------------------+------------------------------+ + +**Status code: 400** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 8** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + GET https://{Endpoint}/v1/{project_id}/waf/valuelist? + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "total" : 1, + "items" : [ { + "id" : "3978ca9403844a62bbd24bb5b8d16d4e", + "name" : "demo", + "type" : "url", + "values" : [ "/demo" ], + "timestamp" : 1656495488880 + } ] + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/updating_a_blacklist_or_whitelist_rule.rst b/api-ref/source/apis/rule_management/updating_a_blacklist_or_whitelist_rule.rst new file mode 100644 index 0000000..4bda594 --- /dev/null +++ b/api-ref/source/apis/rule_management/updating_a_blacklist_or_whitelist_rule.rst @@ -0,0 +1,176 @@ +:original_name: UpdateWhiteblackipRule.html + +.. _UpdateWhiteblackipRule: + +Updating a Blacklist or Whitelist Rule +====================================== + +Function +-------- + +This API is used to update an IP address blacklist or whitelist rule. + +URI +--- + +PUT /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User Token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------+-----------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=====================================================+ + | description | No | String | Rule description. | + +-----------------+-----------------+-----------------+-----------------------------------------------------+ + | addr | Yes | String | lacklisted or whitelisted IP addresses | + +-----------------+-----------------+-----------------+-----------------------------------------------------+ + | white | Yes | Object | Protective action. The value can be: | + | | | | | + | | | | - 0: WAF blocks the requests that hit the rule. | + | | | | | + | | | | - 1: WAF allows the requests that hit the rule. | + | | | | | + | | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------+-----------------+-----------------+-----------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+-----------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=====================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+-----------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | timestamp | Long | Rule creation time | + +-----------------------+-----------------------+-----------------------------------------------------+ + | description | String | Rule description. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+-----------------------------------------------------+ + | addr | String | lacklisted or whitelisted IP addresses | + +-----------------------+-----------------------+-----------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+-----------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id}? + + { + "white" : 0, + "description" : "demo", + "addr" : "10.1.1.2" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "5d43af25404341058d5ab17b7ba78b56", + "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "timestamp" : 1650531872900, + "description" : "demo", + "status" : 1, + "addr" : "10.1.1.2", + "white" : 0 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/updating_a_cc_attack_protection_rule.rst b/api-ref/source/apis/rule_management/updating_a_cc_attack_protection_rule.rst new file mode 100644 index 0000000..acfd7da --- /dev/null +++ b/api-ref/source/apis/rule_management/updating_a_cc_attack_protection_rule.rst @@ -0,0 +1,355 @@ +:original_name: UpdateCcRule.html + +.. _UpdateCcRule: + +Updating a CC Attack Protection Rule +==================================== + +Function +-------- + +This API is used to update a CC attack protection rule. + +URI +--- + +PUT /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String policyid + rule_id Yes String ccRuleId + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type. | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=====================================================+==============================================================================================================================================================================================================+ + | description | No | String | Rule description | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | No | Integer | Frequency limits | + | | | | | + | | | | Minimum: **0** | + | | | | | + | | | | Maximum: **10000** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | No | Integer | Frequency limit unit | + | | | | | + | | | | Minimum: **0** | + | | | | | + | | | | Maximum: **10000** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | No | String | url | + | | | | | + | | | | Minimum: **0** | + | | | | | + | | | | Maximum: **10000** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | No | Integer | Work mode. The value can be 0 (standard) or 1 (advanced). The parameters of the advanced mode cannot be described in the same document of the same API. For details, see this parameter on the console page. | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **0** | + | | | | | + | | | | - **1** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | No | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | No | String | Protection mode. | + | | | | | + | | | | - ip: A website visitor is identified by the IP address. | + | | | | | + | | | | - cookie: A website visitor is identified by the cookie key value. | + | | | | | + | | | | - other: A website visitor is identified by the Referer field (user-defined request source). | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **ip** | + | | | | | + | | | | - **other** | + | | | | | + | | | | - **cookie** | + +-----------------+-----------------+-----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updateccrule__request_action: + +.. table:: **Table 4** action + + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===========================================================================================================================================================+ + | category | No | String | Action type: | + | | | | | + | | | | - **block**: WAF blocks discovered attacks. | + | | | | | + | | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | | + | | | | - If **tag_type** is set to **other**, the value can only be **block**. | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | No | String | Action details. If detail is null, the default block page is displayed by default. | + | | | | | + | | | | - This parameter cannot be included when **category** is set to **captcha**. | + | | | | | + | | | | - This parameter is required when **category** is set to **block**. | + +-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 5** detail + + +-----------+-----------+---------------------------------------------------------+----------------+ + | Parameter | Mandatory | Type | Description | + +===========+===========+=========================================================+================+ + | response | No | :ref:`response ` object | Returned page. | + +-----------+-----------+---------------------------------------------------------+----------------+ + +.. _updateccrule__request_response: + +.. table:: **Table 6** response + + +--------------+-----------+--------+-------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +==============+===========+========+===============================================================================+ + | content_type | No | String | Content type. The value can only be application/json, text/html, or text/xml. | + +--------------+-----------+--------+-------------------------------------------------------------------------------+ + | content | No | String | Protection page content. | + +--------------+-----------+--------+-------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 7** Response body parameters + + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+========================================================================+========================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | url | String | When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name. | + | | | | + | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. For example, to protect /admin/test.php or /adminabc, you can set Path to /admin*. | + | | | | + | | | - Exact match: The path you enter must exactly match the path you want to protect. If the path you want to protect is /admin, set url to /admin. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | prefix | Boolean | Whether a prefix is used for the path. If the protected URL ends with an asterisk (``*``), a path prefix is used. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | mode | Integer | Mode. | + | | | | + | | | - **0**: Standard. | + | | | | + | | | - **1**: Advanced | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_num | String | Number of requests allowed from a web visitor in a rate limiting period | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | limit_period | String | Rate limiting period | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | lock_time | String | How long a web visitor will be locked The value range is [0 to 2^32), in seconds. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | tag_type | String | Protection mode. | + | | | | + | | | - **ip**: IP-based rate limiting. Website visitors are identified by IP address. | + | | | | + | | | - **cookie**: User-based rate limiting. Website visitors are identified by the cookie key value. | + | | | | + | | | - other: A website visitor is identified by the Referer field (user-defined request source). | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`action ` object | Action to take if the number of requests reaches the upper limit. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | Condition list. This parameter is returned when mode is set to **1**. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. | + +-----------------------+------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updateccrule__response_action: + +.. table:: **Table 8** action + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===========================================================================================================================================================+ + | category | String | Action type: | + | | | | + | | | - **block**: WAF blocks discovered attacks. | + | | | | + | | | - **captcha**: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. | + | | | | + | | | - If **tag_type** is set to **other**, the value can only be **block**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + | detail | String | Action details. If detail is null, the default block page is displayed by default. | + | | | | + | | | - This parameter cannot be included when **category** is set to **captcha**. | + | | | | + | | | - This parameter is required when **category** is set to **block**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. table:: **Table 9** detail + + +-----------+----------------------------------------------------------+----------------+ + | Parameter | Type | Description | + +===========+==========================================================+================+ + | response | :ref:`response ` object | Returned page. | + +-----------+----------------------------------------------------------+----------------+ + +.. _updateccrule__response_response: + +.. table:: **Table 10** response + + +--------------+--------+-------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +==============+========+===============================================================================+ + | content_type | String | Content type. The value can only be application/json, text/html, or text/xml. | + +--------------+--------+-------------------------------------------------------------------------------+ + | content | String | Contents | + +--------------+--------+-------------------------------------------------------------------------------+ + +.. _updateccrule__response_conditions: + +.. table:: **Table 11** conditions + + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================================================================================================================================================================================================================================+ + | category | String | Field type. The options are as follows: **ip**, **cookie**, and **url** | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Parameter description: | + | | | | + | | | - When the field type is **ip** or **url**, the **index** parameter is not required. | + | | | | + | | | - When the field type is **cookie** and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Condition matching logic. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, **not_suffix**, **equal_any**, and **not_equal_any**, **contain_any**, and **not_contain_any**. | + | | | | + | | | - When the field type is **url**, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. | + | | | | + | | | - When the field type is **ip**, the following matching logics are supported: **equal**, **not_equal**, **equal_any**, and **not_equal_any**. | + | | | | + | | | - When **category** is set to cookie, the following matching logics are supported: **contain**, **not_contain**, **equal**, **not_equal**. **prefix**, **not_prefix**, **suffix**, **not_suffix**, **contain_any**, and **not_contain_any**. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 12** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 13** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 14** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id}? + + { + "action" : { + "category" : "captcha" + }, + "description" : "", + "limit_num" : 10, + "limit_period" : 60, + "mode" : 0, + "tag_type" : "ip", + "url" : "/path1" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "aging_time" : 0, + "description" : "", + "id" : "a5f3fd28db564696b199228f0ac346b2", + "limit_num" : 10, + "limit_period" : 60, + "lock_time" : 0, + "mode" : 0, + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "prefix" : false, + "status" : 1, + "tag_type" : "ip", + "total_num" : 0, + "unaggregation" : false, + "url" : "/path1" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/updating_a_geolocation_access_control_rule.rst b/api-ref/source/apis/rule_management/updating_a_geolocation_access_control_rule.rst new file mode 100644 index 0000000..5a3f4ee --- /dev/null +++ b/api-ref/source/apis/rule_management/updating_a_geolocation_access_control_rule.rst @@ -0,0 +1,258 @@ +:original_name: UpdateGeoipRule.html + +.. _UpdateGeoipRule: + +Updating a Geolocation Access Control Rule +========================================== + +Function +-------- + +This API is used to update a geolocation access control rule. + +URI +--- + +PUT /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | User token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------+-------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+=======================================================+ + | geoip | Yes | String | Applicable regions. The value can be the region code. | + | | | | | + | | | | - CA: Canada | + | | | | | + | | | | - US: USA | + | | | | | + | | | | - AU: Australia | + | | | | | + | | | | - IN: India | + | | | | | + | | | | - JP: Japan | + | | | | | + | | | | - UK: United Kingdom | + | | | | | + | | | | - FR: France | + | | | | | + | | | | - DE: Germany | + | | | | | + | | | | - BR: Brazil | + | | | | | + | | | | - Ukraine: Ukraine | + | | | | | + | | | | - Pakistan: Pakistan | + | | | | | + | | | | - Palestine: Palestine | + | | | | | + | | | | - Israel: Israel | + | | | | | + | | | | - Iraq: Afghanistan | + | | | | | + | | | | - Libya: Libya | + | | | | | + | | | | - Turkey: Turkey | + | | | | | + | | | | - Thailand: Thailand | + | | | | | + | | | | - Singapore: Singapore | + | | | | | + | | | | - South Africa: South Africa | + | | | | | + | | | | - Mexico: Mexico | + | | | | | + | | | | - Peru: Peru | + +-----------------+-----------------+-----------------+-------------------------------------------------------+ + | white | Yes | Integer | Protective action. The value can be: | + | | | | | + | | | | - 0: WAF blocks the requests that hit the rule. | + | | | | | + | | | | - 1: WAF allows the requests that hit the rule. | + | | | | | + | | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------+-----------------+-----------------+-------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+-----------------+-------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================+ + | id | String | Rule ID. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | geoip | String | Applicable regions. The value can be the region code. | + | | | | + | | | - CA: Canada | + | | | | + | | | - US: USA | + | | | | + | | | - AU: Australia | + | | | | + | | | - IN: India | + | | | | + | | | - JP: Japan | + | | | | + | | | - UK: United Kingdom | + | | | | + | | | - FR: France | + | | | | + | | | - DE: Germany | + | | | | + | | | - BR: Brazil | + | | | | + | | | - Ukraine: Ukraine | + | | | | + | | | - Pakistan: Pakistan | + | | | | + | | | - Palestine: Palestine | + | | | | + | | | - Israel: Israel | + | | | | + | | | - Iraq: Afghanistan | + | | | | + | | | - Libya: Libya | + | | | | + | | | - Turkey: Turkey | + | | | | + | | | - Thailand: Thailand | + | | | | + | | | - Singapore: Singapore | + | | | | + | | | - South Africa: South Africa | + | | | | + | | | - Mexico: Mexico | + | | | | + | | | - Peru: Peru | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | white | Integer | Protective action. The value can be: | + | | | | + | | | - 0: WAF blocks the requests that hit the rule. | + | | | | + | | | - 1: WAF allows the requests that hit the rule. | + | | | | + | | | - 2: WAF only logs the requests that hit the rule. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id}? + + { + "white" : 1, + "geoip" : "BR" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "id" : "02dafa406c4941368a1037b020f15a53", + "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d", + "name" : "demo", + "description" : "demo", + "geoip" : "BR", + "white" : 1 + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/updating_a_precise_protection_rule.rst b/api-ref/source/apis/rule_management/updating_a_precise_protection_rule.rst new file mode 100644 index 0000000..b8b4bbc --- /dev/null +++ b/api-ref/source/apis/rule_management/updating_a_precise_protection_rule.rst @@ -0,0 +1,278 @@ +:original_name: UpdateCustomRule.html + +.. _UpdateCustomRule: + +Updating a Precise Protection Rule +================================== + +Function +-------- + +This API is used to update a precise protection rule. + +URI +--- + +PUT /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} + +.. table:: **Table 1** Path Parameters + + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +============+===========+========+================================================================================+ + | project_id | Yes | String | Project ID | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | policy_id | Yes | String | Policy ID. It can be obtained by calling the API Querying Protection Policies. | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + | rule_id | Yes | String | rule id | + +------------+-----------+--------+--------------------------------------------------------------------------------+ + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=======================================================================================+====================================================================================================================================================================================+ + | time | No | Boolean | Time the precise protection rule takes effect. | + | | | | | + | | | | - false: The rule takes effect immediately. | + | | | | | + | | | | - true: The effective time is customized. | + +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | start | No | Long | Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true. | + +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | terminal | No | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | + +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | No | Array of :ref:`CustomConditions ` objects | Match condition List | + +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | No | :ref:`CustomAction ` object | Protective action of the precise protection rule. | + +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | priority | No | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | + +-----------------+-----------------+---------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatecustomrule__request_customconditions: + +.. table:: **Table 4** CustomConditions + + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+==================+=============================================================================================================================================================================================================+ + | category | No | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | No | String | Subfield | + | | | | | + | | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | | + | | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | No | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | No | Array of strings | Condition content for matching the rule | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | value_list_id | No | String | ID of the reference table | + +-----------------+-----------------+------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatecustomrule__request_customaction: + +.. table:: **Table 5** CustomAction + + +-----------------+-----------------+-----------------+-------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+===============================+ + | category | No | String | Action type. | + | | | | | + | | | | - block: WAF blocks attacks. | + | | | | | + | | | | - pass: WAF allows requests. | + +-----------------+-----------------+-----------------+-------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 6** Response body parameters + + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+============================================================================+====================================================================================================================================================================================+ + | id | String | Rule ID. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | policyid | String | Policy ID. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be **0** or **1**. | + | | | | + | | | - **0**: The rule is disabled. | + | | | | + | | | - **1**: The rule is enabled. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | conditions | Array of :ref:`conditions ` objects | List of matching conditions. All conditions must be met. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action | :ref:`CustomAction ` object | Protective action of the precise protection rule. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | action_mode | Boolean | This parameter is reserved and can be ignored. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | priority | Integer | Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: 0 to 1000. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | timestamp | Long | Timestamp when the precise protection rule is created. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | start | Long | Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | terminal | Long | Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. | + +-----------------------+----------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatecustomrule__response_conditions: + +.. table:: **Table 7** conditions + + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+=============================================================================================================================================================================================================+ + | category | String | Field type. The options are **url**, **user-agent**, **ip**, **params**, **cookie**, **referer**, **header**, **request_line**, **method**, and **request**. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | index | String | Subfield | + | | | | + | | | - When the field type is **url**, **user-agent**, **ip**, **refer**, **request_line**, **method**, or **request**, **index** is not required. | + | | | | + | | | - If the field type is **params**, **header**, or **cookie**, and the subfield is customized, the value of **index** is the customized subfield. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | logic_operation | String | Logic for matching the condition. The options are **contain**, **not_contain**, **equal**, **not_equal**, **prefix**, **not_prefix**, **suffix**, and **not_suffix**. For more details, see the console UI. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | contents | Array of strings | Content of the conditions. | + +-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _updatecustomrule__response_customaction: + +.. table:: **Table 8** CustomAction + + +-----------------------+-----------------------+-------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+===============================+ + | category | String | Action type. | + | | | | + | | | - block: WAF blocks attacks. | + | | | | + | | | - pass: WAF allows requests. | + +-----------------------+-----------------------+-------------------------------+ + +**Status code: 400** + +.. table:: **Table 9** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 10** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 11** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}? + + { + "description": "", + "action": { + "category": "block" + }, + "priority": 50, + "conditions": [ + { + "category": "header", + "logic_operation": "contain", + "index": "demo2" + "content" ["demo"] + } + ], + ], + "time": false + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "action" : { + "category" : "block" + }, + "action_mode" : false, + "aging_time" : 0, + "conditions" : [ { + "category" : "header", + "index" : "demo2", + "logic_operation" : "contain", + "content" : [ "demo" ] + } ], + "description" : "", + "id" : "2a3caa2bc9814c09ad73d02e3485b4a4", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "priority" : 50, + "status" : 1, + "time" : false + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/apis/rule_management/updating_the_data_masking_rule_list.rst b/api-ref/source/apis/rule_management/updating_the_data_masking_rule_list.rst new file mode 100644 index 0000000..1514324 --- /dev/null +++ b/api-ref/source/apis/rule_management/updating_the_data_masking_rule_list.rst @@ -0,0 +1,190 @@ +:original_name: UpdatePrivacyRule.html + +.. _UpdatePrivacyRule: + +Updating the Data Masking Rule List +=================================== + +Function +-------- + +This API is used to update the data masking rule list. + +URI +--- + +PUT /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} + +.. table:: **Table 1** Path Parameters + + ========== ========= ====== =========== + Parameter Mandatory Type Description + ========== ========= ====== =========== + project_id Yes String Project ID + policy_id Yes String Policy ID + rule_id Yes String Rule ID + ========== ========= ====== =========== + +Request Parameters +------------------ + +.. table:: **Table 2** Request header parameters + + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================+ + | X-Auth-Token | Yes | String | auth token | + +-----------------+-----------------+-----------------+--------------------------------------------+ + | Content-Type | Yes | String | Content type | + | | | | | + | | | | Default: **application/json;charset=utf8** | + +-----------------+-----------------+-----------------+--------------------------------------------+ + +.. table:: **Table 3** Request body parameters + + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + | Parameter | Mandatory | Type | Description | + +=================+=================+=================+============================================================================================================+ + | url | Yes | String | URL protected by the data masking rule. The value must be in the standard URL format, for example, /admin. | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + | category | Yes | String | Masked field | + | | | | | + | | | | Enumeration values: | + | | | | | + | | | | - **params** | + | | | | | + | | | | - **cookie** | + | | | | | + | | | | - **header** | + | | | | | + | | | | - **form** | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + | index | Yes | String | Name of the masked field | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + | description | No | String | Rule description | + +-----------------+-----------------+-----------------+------------------------------------------------------------------------------------------------------------+ + +Response Parameters +------------------- + +**Status code: 200** + +.. table:: **Table 4** Response body parameters + + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | Parameter | Type | Description | + +=======================+=======================+====================================================================+ + | id | String | Rule ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | policyid | String | Policy ID | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | timestamp | Long | Time the rule is created. The value is a 13-digit timestamp in ms. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | status | Integer | Rule status. The value can be: | + | | | | + | | | - 0: The rule is disabled. | + | | | | + | | | - 1: The rule is enabled. | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | url | String | URL protected by the data masking rule | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | category | String | Masked field | + | | | | + | | | Enumeration values: | + | | | | + | | | - **params** | + | | | | + | | | - **cookie** | + | | | | + | | | - **header** | + | | | | + | | | - **form** | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | index | String | Name of the masked field | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + | description | String | Rule description | + +-----------------------+-----------------------+--------------------------------------------------------------------+ + +**Status code: 400** + +.. table:: **Table 5** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 401** + +.. table:: **Table 6** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +**Status code: 500** + +.. table:: **Table 7** Response body parameters + + ========== ====== ============= + Parameter Type Description + ========== ====== ============= + error_code String Error code + error_msg String Error message + ========== ====== ============= + +Example Requests +---------------- + +.. code-block:: text + + PUT https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id}?enterprise_project_id=0 + + { + "url" : "/login", + "category" : "header", + "index" : "token", + "description" : "" + } + +Example Responses +----------------- + +**Status code: 200** + +Request succeeded. + +.. code-block:: + + { + "category" : "header", + "description" : "", + "id" : "41a5674e03a1470a90ac4761ec4657b4", + "index" : "token", + "policyid" : "1f016cde588646aca3fb19f277c44d03", + "status" : 1, + "timestamp" : 1656504425319, + "url" : "/login" + } + +Status Codes +------------ + +=========== ============================================= +Status Code Description +=========== ============================================= +200 Request succeeded. +400 Request failed. +401 The token does not have required permissions. +500 Internal server error. +=========== ============================================= + +Error Codes +----------- + +See :ref:`Error Codes `. diff --git a/api-ref/source/appendix/character_set_specifications.rst b/api-ref/source/appendix/character_set_specifications.rst new file mode 100644 index 0000000..994cfdb --- /dev/null +++ b/api-ref/source/appendix/character_set_specifications.rst @@ -0,0 +1,20 @@ +:original_name: waf_02_0086.html + +.. _waf_02_0086: + +Character Set Specifications +============================ + +- Character Set Specifications for Key + + The key cannot be left blank or be an empty string. + + - In Deutsche Telekom, a tag key can contain uppercase letters, lowercase letters, digits, hyphens (-), underscores (_), and sign @. + - In other environments, a tag key cannot contain the following characters: ASCII (0-31), equal signs (=), asterisks (*), left angle brackets (<), right angle brackets (>), backslashes (\\), commas (,), vertical bars (|), and slashes (/). + +- Character Set Specifications for Value + + The value cannot be left blank but can be an empty string. + + - In Deutsche Telekom, a tag value can contain uppercase letters, lowercase letters, digits, hyphens (-), and underscores (_). + - In other environments, a tag value cannot contain the following characters: ASCII (0-31), equal signs (=), asterisks (*), left angle brackets (<), right angle brackets (>), backslashes (\\), commas (,), vertical bars (|), and slashes (/). diff --git a/api-ref/source/appendix/error_codes.rst b/api-ref/source/appendix/error_codes.rst new file mode 100644 index 0000000..3f67c8b --- /dev/null +++ b/api-ref/source/appendix/error_codes.rst @@ -0,0 +1,164 @@ +:original_name: ErrorCode.html + +.. _ErrorCode: + +Error Codes +=========== + ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| Status Code | Error Codes | Error Message | Description | Solution | ++=============+==============+==================================+===================================================================================+==========================================================================================================================+ +| 400 | WAF.00011001 | bad.request | Bad request | Check param | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011002 | url.param.illegal | The URL format is incorrect | Check URL format | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011003 | request.body.illegal | Request body format error: missing parameter and illegal value in body | Check request body | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011004 | id.illegal | Illegal ID | Check ID | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011005 | name.illegal | Illegal name | Check name | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011006 | host.illegal | Illegal domain name | Check domain name | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011007 | port.illegal | Illegal port | Check port | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011007 | ip.illegal | Illegal IP | Check IP | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011008 | protect.status.illegal | Illegal protection status | Check whether the protection state is in the range of enumeration value | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011009 | access.status.illegal | Illegal access status | Check whether the access status is in the range of enumeration value | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011010 | offsetOrLimit.illegal | Illegal offset or limit number | Check whether the starting line or limit number is within the range | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011011 | pageOrPageSize.illegal | Illegal page number or number of entries per page | Check if page number or number of items per page are in range | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011012 | standard.violated | Invalid parameter | Check the parameters | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011013 | description.illegal | Illegal description format | Check description format | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011014 | request.header.illegal | Request header format error: missing parameter and illegal value in header | Check header required parameters | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00011014 | website.not.register | The website has not been put on record | Filing website | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012001 | invalid.token | Illegal token | Check whether the token is correct | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012002 | invalid.project | Inconsistency between project_id and token | Check Consistency of project_id and token | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012003 | permission.denied | No permission | Assign WAF required permissions to account | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012004 | account.frozen | Account freezing | Account unfreezing | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012005 | not.subscribe | Unsubscribed | Subscribe to WAF service first | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012006 | pdp.permission.denied | No permission | Check the PDP authority of the account | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012007 | jwt.authentication.disabled | JWT certification off | Open JWT certification | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012008 | jwt.authentication.invalid.token | Illegal JWT token | Check whether the account has JWT permission | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012009 | jwt.authentication.failed | JWT authentication failed | Give the account authorization first | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00012010 | eps.all.not.support | eps.all.not.support | Open the write permission of enterprise project | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00013001 | insufficient.quota | Insufficient function quota | Purchase function quota upgrade package | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00013002 | feature.not.support | Function not supported | nothing | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00013003 | port.not.support | Port not supported | Port conversion via ELB | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00013004 | protocol.not.support | Protocol not supported | Through ELB conversion protocol | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00013005 | wildcard.domain.not.support | Pan domain name not supported | Use specific domain names | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00013006 | ipv6.not.support | IPv6 is not supported | The current version does not support IPv6 | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00013007 | insufficient.tenant.quota | insufficient.tenant.quota | Purchase quota upgrade package | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014001 | resource.not.found | Resource not found | The resource has been deleted or does not exist | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014002 | resource.already.exists | Resource already exists | Resource already exists | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014003 | open.protect.failed | Failed to open protection | Check domain name protection status | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014004 | access.failed | Failed to access WAF | Modify DNS resolution | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014005 | bypass.failed | Bypasswaf failed | Check the protection status and try again | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014006 | proxy.config.error | Agent configuration error | Reconfigure the agent correctly and try again | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014007 | host.conflict | Domain name conflict | Check that the domain name already exists in the website configuration | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014008 | cert.inconsistent | The same domain name, but the certificate is inconsistent | Use the same certificate | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014009 | api.not.found | The interface does not exist | Check interface URL | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014010 | port.protocol.mismatch | Port and protocol mismatch | Select the matching protocol and port | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014011 | host.blacklist | It is forbidden to add the protection website, and the domain name is blacklisted | | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014012 | insufficient.tenant.quota | Insufficient tenant quota | Purchase quota upgrade package | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014013 | exclusive.ip.config.error | Exclusive IP configuration error | Check exclusive IP configuration | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00014014 | exclusive.ip.config.error | exclusive.ip.config.error | Check exclusive IP configuration | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021002 | url.param.illegal | The URL format is incorrect | It is recommended to modify the URL in the request body parameter to the standard URL and debug again | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021003 | request.body.illegal | The request body parameter is incorrect | It is recommended that you verify the parameters according to the document before initiating debugging | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021004 | id.illegal | The unique identifier ID format is incorrect | It is recommended to follow the correct instructions in the documentation to obtain the ID | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021005 | name.illegal | The name parameter format is incorrect | Check the format of name, which can only be composed of letters, numbers, -\_ And. Cannot exceed 64 characters in length | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021006 | host.illegal | The domain name format is incorrect | Domain name can only be composed of letters, numbers, -\_ And. Cannot exceed 64 characters in length | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021007 | protocol.illegal | The back-end protocol format is incorrect | The back-end protocol can only be configured as HTTP or HTTPS and must be capitalized | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021008 | port.illegal | The source port format is incorrect | Check whether the configured port is empty and whether the target port is in the range of 0-65535 | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021009 | ip.illegal | Incorrect IP format | Check whether the IP format meets the standard format of IPv4 or IPv6 | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021010 | server.address.illegal | Server configuration exception | Check whether the server configuration is empty and whether the quantity is in the range of 1-80 | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021012 | path.illegal | The URL format in the rule configuration is incorrect | It is recommended to modify the URL in the request body parameter to the standard URL and debug again | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021013 | cert.illegal | The HTTPS certificate has expired | It is recommended to upload the unexpired certificate again | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021014 | action.illegal | Illegal protective action | It is recommended to configure protection actions according to the enumerated values in the document | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021015 | rule.status.illegal | Illegal rule status | It is recommended to modify the rule status according to the rule status enumeration value in the document | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021016 | description.illegal | Description exception | It is recommended to use standard English grammar for description | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021017 | incorrect.rule.config | Incorrect rule configuration | It is recommended to configure protection rules according to the documentation in the help center | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021018 | incorrect.reference.table.config | Incorrect reference table configuration | It is recommended to configure the reference table according to the documentation in the help center | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021019 | incorrect.route.config | Incorrect line configuration | It is recommended to configure the line according to the documentation in the help center | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021020 | offsetOrLimit.illegal | Paging parameter error | It is recommended to fill in pagination parameters according to the documents in the help center | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00021021 | param.exceed.limit | Parameter exceeds limit | It is recommended to view the parameter limits according to the documentation in the help center | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00022002 | resource.already.exists | Resource already exists | It is recommended to check whether the created resource already exists in the console | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00022003 | resource.is.being.used | The resource is in use | Remove the relationship between the resource and the user before deleting the resource | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 400 | WAF.00022004 | rule.conflict | Rule conflict | Check whether the target rule conflicts with the existing rule | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 403 | WAF.00022005 | insufficient.quota | Insufficient resources | It is recommended to purchase the upgrade package of corresponding resources | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 404 | WAF.00022001 | resource.not.found | Resource does not exist | It is recommended to check the resource status on the console or ask for technical support | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 500 | WAF.00010001 | internal.error | Internal error | Contact technical support | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 500 | WAF.00010002 | system.busy | Internal error | Contact technical support | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 500 | WAF.00010003 | cname.failed | Failed to create or modify CNAME | Contact technical support | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 500 | WAF.00010004 | cname.failed | Failed to get OBS file download link | Contact technical support | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 500 | WAF.00020001 | internal.error | Service internal exception | It is recommended to try again in five minutes | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ +| 500 | WAF.00020002 | system.busy | System busy | It is recommended to try again in five minutes | ++-------------+--------------+----------------------------------+-----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+ diff --git a/api-ref/source/appendix/index.rst b/api-ref/source/appendix/index.rst new file mode 100644 index 0000000..79f85a9 --- /dev/null +++ b/api-ref/source/appendix/index.rst @@ -0,0 +1,18 @@ +:original_name: waf_02_0084.html + +.. _waf_02_0084: + +Appendix +======== + +- :ref:`Status Codes ` +- :ref:`Error Codes ` +- :ref:`Character Set Specifications ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + status_codes + error_codes + character_set_specifications diff --git a/api-ref/source/appendix/status_codes.rst b/api-ref/source/appendix/status_codes.rst new file mode 100644 index 0000000..3fbe9ee --- /dev/null +++ b/api-ref/source/appendix/status_codes.rst @@ -0,0 +1,30 @@ +:original_name: waf_02_0085.html + +.. _waf_02_0085: + +Status Codes +============ + ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| Status Code | Description | Meaning | ++=============+====================+==============================================================================================+ +| 200 | OK | The request has succeeded. | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| 204 | No Content | The server successfully processed the request and is not returning any content. | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| 400 | Bad Request | Incorrect parameter | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| 401 | Unauthorized | Authentication failed. | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| 403 | Forbidden | No permission. The access is denied. | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| 404 | Not Found | The requested resource could not be found. | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| 406 | Not Acceptable | The request is unacceptable. | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| 409 | Conflict | The request could not be processed because of conflict in the current state of the resource. | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| 500 | Internal Error | Internal server error | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ +| 503 | Server Unavailable | The server is currently unavailable. | ++-------------+--------------------+----------------------------------------------------------------------------------------------+ diff --git a/api-ref/source/change_history.rst b/api-ref/source/change_history.rst new file mode 100644 index 0000000..5afa857 --- /dev/null +++ b/api-ref/source/change_history.rst @@ -0,0 +1,12 @@ +:original_name: waf_02_0087.html + +.. _waf_02_0087: + +Change History +============== + +=========== =================================== +Released On Description +=========== =================================== +2022-10-30 This is the first official release. +=========== =================================== diff --git a/api-ref/source/index.rst b/api-ref/source/index.rst index 3780417..41ccd0b 100644 --- a/api-ref/source/index.rst +++ b/api-ref/source/index.rst @@ -2,3 +2,10 @@ Dedicated Web Application Firewall - API Reference ================================================== +.. toctree:: + :maxdepth: 1 + + api_usage_guidelines + apis/index + appendix/index + change_history