akyriako/web-application-firewall-dedicated
1
0
Fork 0
forked from docs/web-application-firewall-dedicated
Code Pull Requests Activity
web-application-firewall-de.../api-ref/source/apis/policy_management/creating_a_policy.rst
proposalbot 4ec0aee404 Changes to wafd_api-ref from docs/doc-exports#588 (WAFD API 20230202 version 
Cr

Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: proposalbot <proposalbot@otc-service.com>
Co-committed-by: proposalbot <proposalbot@otc-service.com>
2023-04-20 07:37:21 +00:00

81 KiB
Raw Permalink Blame History

original_name

CreatePolicy.html

Creating a Policy

Function

This API is used to create a policy

URI

POST /v1/{project_id}/waf/policy

Table 1 Path Parameters
Parameter Mandatory Type Description
project_id Yes String Project ID

Request Parameters

Table 2 Request header parameters
Parameter Mandatory Type Description
X-Auth-Token Yes String User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type Yes String

Content type. Default value: application/json;charset=utf8

Default: application/json;charset=utf8
Table 3 Request body parameters
Parameter Mandatory Type Description
name Yes String Policy name. The policy name can contain only digits, letters, and underscores (_) and cannot exceed 64 characters.

Response Parameters

Status code: 200

Table 4 Response body parameters
Parameter Type Description
id String Policy ID. This is the unique identifier generated by WAF.
name String Policy name.
action PolicyAction <createpolicy__response_policyaction> object PolicyAction
options PolicyOption <createpolicy__response_policyoption> object PolicyOption
level Integer

Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels:

  • 1: Low
  • 2: Medium
  • 3: High
full_detection Boolean

Detection mode in the precise protection rule

  • true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections.
  • false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule.
bind_host Array of BindHost <createpolicy__response_bindhost> objects Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name.
hosts Array of strings Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name.
extend PolicyExtend <createpolicy__response_policyextend> object Switch for enabling or disabling Deep Inspection and Header Inspection in Basic Web Protection.
share_info ShareInfo <createpolicy__response_shareinfo> object Whether to share a policy. This parameter is reserved and can be ignored currently.
modulex_options ModulexOptions <createpolicy__response_modulexoptions> object Whether to enable intelligent CC protection. This parameter is reserved and can be ignored currently.
timestamp Long Time the policy is created. The value is a 13-digit timestamp, in ms.
Table 5 PolicyAction
Parameter Type Description
category String

Protection level. The value can be:

  • block: WAF blocks attacks.
  • log: WAF only logs detected attacks.

Enumeration values:

  • block
  • log
Table 6 PolicyOption
Parameter Type Description
webattack Boolean

Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be:

  • true: enabled
  • false: disabled
common Boolean

Whether general check is enabled. The value can be:

  • true: enabled
  • false: disabled
anticrawler Boolean

JavaScript anti-crawler function.

  • true: Enabled
  • false: Disabled
crawler_engine Boolean

Whether the search engine is enabled. The value can be:

  • true: enabled
  • false: disabled
crawler_scanner Boolean

Whether the scanner check in anti-crawler detection is enabled. The value can be:

  • true: enabled
  • false: disabled
crawler_script Boolean

Whether the JavaScript anti-crawler is enabled. The value can be:

  • true: enabled
  • false: disabled
crawler_other Boolean

Whether other crawler check is enabled. The value can be:

  • true: enabled
  • false: disabled
webshell Boolean

Whether webshell check is enabled. The value can be:

  • true: enabled
  • false: disabled
cc Boolean

Whether the CC attack protection rule is enabled. The value can be:

  • true: enabled
  • false: disabled
custom Boolean

Whether precise protection is enabled. The value can be:

  • true: enabled
  • false: disabled
whiteblackip Boolean

Whether blacklist and whitelist protection is enabled. The value can be:

  • true: enabled
  • false: disabled
geoip Boolean

Whether geolocation access control is enabled. The value can be:

  • true: enabled
  • false: disabled
ignore Boolean

Whether false alarm masking is enabled. The value can be:

  • true: enabled
  • false: disabled
privacy Boolean

Whether data masking is enabled. The value can be:

  • true: enabled
  • false: disabled
antitamper Boolean

Whether the web tamper protection is enabled. The value can be:

  • true: enabled
  • false: disabled
antileakage Boolean

Whether the information leakage prevention is enabled. The value can be:

  • true: enabled
  • false: disabled
followed_action Boolean

Whether the Known Attack Source protection is enabled.. The value can be:

  • true: enabled
  • false: disabled
bot_enable Boolean

Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be:

  • true: Enabled
  • false: Disabled
crawler Boolean This parameter is reserved and can be ignored currently.
precise Boolean This parameter is reserved and can be ignored currently.
modulex_enabled Boolean

This parameter is reserved and can be ignored currently.

Enumeration values:

  • true
  • false
Table 7 BindHost
Parameter Type Description
id String Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF
hostname String Domain name
waf_type String WAF mode of the domain name. The value is premium.
Table 8 PolicyExtend
Parameter Type Description
extend String

Protection statuses for advanced settings in basic web protection. By default, this parameter is left blank, and the Deep Inspection and Header Inspection are disabled.

  • If deep_decode is set to true, the Deep Inspection is enabled.
  • If check_all_headers is set to true, the Header Inspection is enabled.
  • If deep_decode and check_all_headers are set to false, the Deep Inspection and Header Inspection are disabled.
Table 9 ShareInfo
Parameter Type Description
share_count Integer Total number of the users who share the address group.
accept_count Integer Number of users who accept the sharing
process_status Integer Status
Table 10 ModulexOptions
Parameter Type Description
global_rate_enabled Boolean

Status of the global rate limiting function (counting requests to all WAF instances when limiting traffic).

  • false: Disabled.
  • true: Enabled.
global_rate_mode String

Protection mode of the global rate limiting function.

  • log: WAF logs the event only.
  • block: WAF blocks requests.

Enumeration values:

  • log
  • block
precise_rules_enabled Boolean

Status of the intelligent precise protection.

  • false: Disabled.
  • true: Enabled.
precise_rules_mode String

Protection mode of the intelligent precise protection.

  • log: WAF logs the event only.
  • block: WAF blocks requests.

Enumeration values:

  • log
  • block
precise_rules_managed_mode String

Management mode of the intelligent precise protection.

  • auto: WAF manages automatically generated rules.
  • manual: You can manage rules that are automatically generated by WAF.

Enumeration values:

  • auto
precise_rules_aging_mode String

Aging mode of the intelligent precise protection.

  • manual: You can customize the maximum age of the rule.
  • auto: Automatic

Enumeration values:

  • auto
precise_rules_retention Integer Maximum age of the intelligent precise protection.
cc_rules_enabled Boolean

Status of the intelligent CC attack protection.

  • false: Disabled.
  • true: Enabled.
cc_rules_mode String

Protection mode of the intelligent CC attack protection rule.

  • log: WAF logs the event only.
  • block: WAF blocks requests.

Enumeration values:

  • log
  • block
cc_rules_managed_mode String

Management mode of the intelligent CC attack protection.

  • auto: WAF manages automatically generated rules.
  • manual: You can manage rules that are automatically generated by WAF.

Enumeration values:

  • auto
cc_rules_aging_mode String

Aging mode of the intelligent CC attack protection..

  • manual: You can customize the maximum age of the rule.
  • auto: Automatic

Enumeration values:

  • auto
cc_rules_retention Integer Maximum age of the intelligent CC attack protection.

Status code: 400

Table 11 Response body parameters
Parameter Type Description
error_code String Error code
error_msg String Error message

Status code: 401

Table 12 Response body parameters
Parameter Type Description
error_code String Error code
error_msg String Error message

Status code: 403

Table 13 Response body parameters
Parameter Type Description
error_code String Error code
error_msg String Error message

Status code: 500

Table 14 Response body parameters
Parameter Type Description
error_code String Error code
error_msg String Error message

Example Requests

POST https://{Endpoint}/v1/{project_id}/waf/policy?

{
  "name" : "demo"
}

Example Responses

Status code: 200

ok

{
  "id" : "38ff0cb9a10e4d5293c642bc0350fa6d",
  "name" : "demo",
  "level" : 2,
  "action" : {
    "category" : "log"
  },
  "options" : {
    "webattack" : true,
    "common" : true,
    "crawler" : true,
    "crawler_engine" : false,
    "crawler_scanner" : true,
    "crawler_script" : false,
    "crawler_other" : false,
    "webshell" : false,
    "cc" : true,
    "custom" : true,
    "precise" : false,
    "whiteblackip" : true,
    "geoip" : true,
    "ignore" : true,
    "privacy" : true,
    "antitamper" : true,
    "anticrawler" : false,
    "antileakage" : false,
    "followed_action" : false,
    "bot_enable" : true
  },
  "hosts" : [ ],
  "extend" : { },
  "timestamp" : 1650529538732,
  "full_detection" : false,
  "bind_host" : [ ]
}

Status Codes

Status Code Description
200 ok
400 Request failed.
401 The token does not have required permissions.
403 Insufficient resource quota.
500 Internal server error.

Error Codes

See Error Codes <errorcode>.