web-application-firewall-dedicated/api-ref/source/apis/policy_management/creating_a_policy.rst

original_name

CreatePolicy.html

Creating a Policy

Function

This API is used to create a policy

URI

POST /v1/{project_id}/waf/policy

Table 1 Path Parameters

Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID

Request Parameters

Table 2 Request header parameters

Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	Yes	String	Content type. Default value: application/json;charset=utf8 Default: application/json;charset=utf8

Table 3 Request body parameters

Parameter	Mandatory	Type	Description
name	Yes	String	Policy name. The policy name can contain only digits, letters, and underscores (_) and cannot exceed 64 characters.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter	Type	Description
id	String	Policy ID. This is the unique identifier generated by WAF.
name	String	Policy name.
action	PolicyAction <createpolicy__response_policyaction> object	PolicyAction
options	PolicyOption <createpolicy__response_policyoption> object	PolicyOption
level	Integer	Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels: 1: Low 2: Medium 3: High
full_detection	Boolean	Detection mode in the precise protection rule true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule.
bind_host	Array of BindHost <createpolicy__response_bindhost> objects	Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name.
host	Array of strings	Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name.
timestamp	Long	Time the policy is created. The value is a 13-digit timestamp, in ms.
extend	Map<String,String>	This parameter is redundant in this version. It will be used in the later versions.

Table 5 PolicyAction

Parameter	Type	Description
category	String	Protection level. The value can be: block: WAF blocks attacks. log: WAF only logs detected attacks. Enumeration values: block log

Table 6 PolicyOption

Parameter	Type	Description
webattack	Boolean	Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: true: enabled false: disabled
common	Boolean	Whether general check is enabled. The value can be: true: enabled false: disabled
anticrawler	Boolean	Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: true: enabled false: disabled
crawler	Boolean	Whether feature-based anti-crawler is enabled. This parameter is fixed at true. true: enabled false: disabled
crawler_engine	Boolean	Whether the search engine is enabled. The value can be: true: enabled false: disabled
crawler_scanner	Boolean	Whether the scanner check in anti-crawler detection is enabled. The value can be: true: enabled false: disabled
crawler_script	Boolean	Whether the JavaScript anti-crawler is enabled. The value can be: true: enabled false: disabled
crawler_other	Boolean	Whether other crawler check is enabled. The value can be: true: enabled false: disabled
webshell	Boolean	Whether other crawler check is enabled. The value can be: true: enabled false: disabled
cc	Boolean	Whether the CC attack protection rule is enabled. The value can be: true: enabled false: disabled
custom	Boolean	Whether precise protection is enabled. The value can be: true: enabled false: disabled
whiteblackip	Boolean	Whether blacklist and whitelist protection is enabled. The value can be: true: enabled false: disabled
geoip	Boolean	Whether geolocation access control is enabled. The value can be: true: enabled false: disabled
ignore	Boolean	Whether false alarm masking is enabled. The value can be: true: enabled false: disabled
privacy	Boolean	Whether data masking is enabled. The value can be: true: enabled false: disabled
antitamper	Boolean	Whether the web tamper protection is enabled. The value can be: true: enabled false: disabled
antileakage	Boolean	Whether the information leakage prevention is enabled. The value can be: true: enabled false: disabled
bot_enable	Boolean	This parameter is redundant in this version. It will be used in the later versions.
precise	Boolean	This parameter is redundant in this version. It will be used in the later versions.
followed_action	Boolean	This parameter is redundant in this version. It will be used in the later versions.

Table 7 BindHost

Parameter	Type	Description
id	String	Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF
hostname	String	Domain name
waf_type	String	WAF mode of the domain name. The value is premium.

Status code: 400

Table 8 Response body parameters

Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 401

Table 9 Response body parameters

Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 403

Table 10 Response body parameters

Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 500

Table 11 Response body parameters

Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Example Requests

POST https://{Endpoint}/v1/{project_id}/waf/policy?

{
  "name" : "demo"
}

Example Responses

Status code: 200

ok

{
  "id" : "38ff0cb9a10e4d5293c642bc0350fa6d",
  "name" : "demo",
  "level" : 2,
  "action" : {
    "category" : "log"
  },
  "options" : {
    "webattack" : true,
    "common" : true,
    "crawler" : true,
    "crawler_engine" : false,
    "crawler_scanner" : true,
    "crawler_script" : false,
    "crawler_other" : false,
    "webshell" : false,
    "cc" : true,
    "custom" : true,
    "precise" : false,
    "whiteblackip" : true,
    "geoip" : true,
    "ignore" : true,
    "privacy" : true,
    "antitamper" : true,
    "anticrawler" : false,
    "antileakage" : false,
    "followed_action" : false,
    "bot_enable" : true
  },
  "hosts" : [ ],
  "extend" : { },
  "timestamp" : 1650529538732,
  "full_detection" : false,
  "bind_host" : [ ]
}

Status Codes

Status Code	Description
200	ok
400	Request failed.
401	The token does not have required permissions.
403	Insufficient resource quota.
500	Internal server error.

Error Codes

See Error Codes <errorcode>.