57 KiB
- original_name
CreatePolicy.html
Creating a Policy
Function
This API is used to create a policy
URI
POST /v1/{project_id}/waf/policy
Parameter | Mandatory | Type | Description |
---|---|---|---|
project_id | Yes | String | Project ID |
Request Parameters
Parameter | Mandatory | Type | Description |
---|---|---|---|
X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
Content-Type | Yes | String | Content type. Default value: application/json;charset=utf8 Default: application/json;charset=utf8 |
Parameter | Mandatory | Type | Description |
---|---|---|---|
name | Yes | String | Policy name. The policy name can contain only digits, letters, and underscores (_) and cannot exceed 64 characters. |
Response Parameters
Status code: 200
Parameter | Type | Description |
---|---|---|
id | String | Policy ID. This is the unique identifier generated by WAF. |
name | String | Policy name. |
action | PolicyAction <createpolicy__response_policyaction> object |
PolicyAction |
options | PolicyOption <createpolicy__response_policyoption> object |
PolicyOption |
level | Integer | Protection level. A low protection level may result in a lower false-positive rate, but also a lower attack detection rate. A high protection level may result in a higher attack detection rate, but also a higher false-positive rate. A medium protection level can balance both. Protection levels:
|
full_detection | Boolean | Detection mode in the precise protection rule
|
bind_host | Array of BindHost <createpolicy__response_bindhost> objects |
Array of protected domain names for which the policy is used. Each policy can be used to one or more domain names. You can specify a policy for a domain name when you add the domain name to WAF by calling the API Adding a Protected Domain Name. |
host | Array of strings | Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name. |
timestamp | Long | Time the policy is created. The value is a 13-digit timestamp, in ms. |
extend | Map<String,String> | This parameter is redundant in this version. It will be used in the later versions. |
Parameter | Type | Description |
---|---|---|
category | String | Protection level. The value can be:
Enumeration values:
|
Parameter | Type | Description |
---|---|---|
webattack | Boolean | Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be:
|
common | Boolean | Whether general check is enabled. The value can be:
|
anticrawler | Boolean | Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be:
|
crawler | Boolean | Whether feature-based anti-crawler is enabled. This parameter is fixed at true.
|
crawler_engine | Boolean | Whether the search engine is enabled. The value can be:
|
crawler_scanner | Boolean | Whether the scanner check in anti-crawler detection is enabled. The value can be:
|
crawler_script | Boolean | Whether the JavaScript anti-crawler is enabled. The value can be:
|
crawler_other | Boolean | Whether other crawler check is enabled. The value can be:
|
webshell | Boolean | Whether other crawler check is enabled. The value can be:
|
cc | Boolean | Whether the CC attack protection rule is enabled. The value can be:
|
custom | Boolean | Whether precise protection is enabled. The value can be:
|
whiteblackip | Boolean | Whether blacklist and whitelist protection is enabled. The value can be:
|
geoip | Boolean | Whether geolocation access control is enabled. The value can be:
|
ignore | Boolean | Whether false alarm masking is enabled. The value can be:
|
privacy | Boolean | Whether data masking is enabled. The value can be:
|
antitamper | Boolean | Whether the web tamper protection is enabled. The value can be:
|
antileakage | Boolean | Whether the information leakage prevention is enabled. The value can be:
|
bot_enable | Boolean | This parameter is redundant in this version. It will be used in the later versions. |
precise | Boolean | This parameter is redundant in this version. It will be used in the later versions. |
followed_action | Boolean | This parameter is redundant in this version. It will be used in the later versions. |
Parameter | Type | Description |
---|---|---|
id | String | Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF |
hostname | String | Domain name |
waf_type | String | WAF mode of the domain name. The value is premium. |
Status code: 400
Parameter | Type | Description |
---|---|---|
error_code | String | Error code |
error_msg | String | Error message |
Status code: 401
Parameter | Type | Description |
---|---|---|
error_code | String | Error code |
error_msg | String | Error message |
Status code: 403
Parameter | Type | Description |
---|---|---|
error_code | String | Error code |
error_msg | String | Error message |
Status code: 500
Parameter | Type | Description |
---|---|---|
error_code | String | Error code |
error_msg | String | Error message |
Example Requests
POST https://{Endpoint}/v1/{project_id}/waf/policy?
{
"name" : "demo"
}
Example Responses
Status code: 200
ok
{
"id" : "38ff0cb9a10e4d5293c642bc0350fa6d",
"name" : "demo",
"level" : 2,
"action" : {
"category" : "log"
},
"options" : {
"webattack" : true,
"common" : true,
"crawler" : true,
"crawler_engine" : false,
"crawler_scanner" : true,
"crawler_script" : false,
"crawler_other" : false,
"webshell" : false,
"cc" : true,
"custom" : true,
"precise" : false,
"whiteblackip" : true,
"geoip" : true,
"ignore" : true,
"privacy" : true,
"antitamper" : true,
"anticrawler" : false,
"antileakage" : false,
"followed_action" : false,
"bot_enable" : true
},
"hosts" : [ ],
"extend" : { },
"timestamp" : 1650529538732,
"full_detection" : false,
"bind_host" : [ ]
}
Status Codes
Status Code | Description |
---|---|
200 | ok |
400 | Request failed. |
401 | The token does not have required permissions. |
403 | Insufficient resource quota. |
500 | Internal server error. |
Error Codes
See Error Codes <errorcode>
.