vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/waf/api-ref/waf_02_0070.html
Li, Qiao 914011d51b waf_api_1109 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>
2022-11-16 15:31:27 +00:00

352 lines
29 KiB
HTML
Raw Blame History

<a name="waf_02_0070"></a><a name="waf_02_0070"></a>
<h1 class="topictitle1">Querying Attack Event Logs</h1>
<div id="body22109123"><div class="section" id="waf_02_0070__section41061312"><h4 class="sectiontitle">Function Description</h4><p class="msonormal" id="waf_02_0070__p46008572">This API is used to query attack event logs.</p>
</div>
<div class="section" id="waf_02_0070__section34007492"><h4 class="sectiontitle">URI</h4><ul id="waf_02_0070__ul35706857"><li id="waf_02_0070__li52926263">URI format<p id="waf_02_0070__p6574323"><a name="waf_02_0070__li52926263"></a><a name="li52926263"></a>GET /v1/{project_id}/waf/event?from={from}&amp;to={to}&amp;hosts={hostname}&amp;attacks={attack}&amp;sips={sip}&amp;offset={offset}&amp;limit={limit}</p>
<div class="note" id="waf_02_0070__note63241148751"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="waf_02_0070__p23244481054">An example of a URI is as follows:</p>
<p id="waf_02_0070__p774833712618">GET /v1/3ac26c59e15a4a11bb680a103a29ddb6/waf/event/attack/type?from=1543976973635&amp;to=1563976973635&amp;hosts=3211757cafa3437aae24d760022e79ba&amp;hosts=93029844064b43739b51ca63036fbc4b&amp;hosts=34fe5f5c60ef4e43a9975296765d1217</p>
</div></div>
</li><li id="waf_02_0070__li59168910">Parameter description
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="waf_02_0070__table62758145" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Path parameters</caption><thead align="left"><tr id="waf_02_0070__row33430159"><th align="left" class="cellrowborder" valign="top" width="24.447555244475552%" id="mcps1.3.2.2.2.1.2.5.1.1"><p id="waf_02_0070__p23488320"><strong id="waf_02_0070__b154011010354">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.408159184081594%" id="mcps1.3.2.2.2.1.2.5.1.2"><p id="waf_02_0070__p23505762"><strong id="waf_02_0070__b15553102193519">Mandatory</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.348265173482652%" id="mcps1.3.2.2.2.1.2.5.1.3"><p id="waf_02_0070__p24918556"><strong id="waf_02_0070__b1659484133517">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="39.796020397960206%" id="mcps1.3.2.2.2.1.2.5.1.4"><p id="waf_02_0070__p5137175"><strong id="waf_02_0070__b126918623518">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="waf_02_0070__row13458043"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p16359662">project_id</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p50064283">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p28675112">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p40982717">Specifies the project ID.</p>
</td>
</tr>
<tr id="waf_02_0070__row35495584"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p56570032">from</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p18769889">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p43966042">Long</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p4479684">Specifies the start time (UTC) in milliseconds. For example, <strong id="waf_02_0070__b67431836173512">1548172800000</strong>.</p>
</td>
</tr>
<tr id="waf_02_0070__row40317163"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p44464769">to</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p44876507">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p11118433">Long</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p28177917">Specifies the end time (UTC) in milliseconds. For example, <strong id="waf_02_0070__b12562739173514">1548431999000</strong>.</p>
</td>
</tr>
<tr id="waf_02_0070__row52274661"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p6389178">hosts</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p47761432">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p43470758">Array</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p31470476">Specifies the domain IDs.</p>
</td>
</tr>
<tr id="waf_02_0070__row14798832"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p57854734">attacks</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p55721881">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p17178488">Array</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p49280276">Specifies the list of attack types. For example, <strong id="waf_02_0070__b7498113122210">sqli</strong> and <strong id="waf_02_0070__b193771534132219">xss</strong>.</p>
</td>
</tr>
<tr id="waf_02_0070__row40869300"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p22078965">sips</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p43565735">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p39163633">Array</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p18137724">Specifies the attack source IP addresses. For example, <em id="waf_02_0070__i15533730193410">X.X.</em><strong id="waf_02_0070__b156111133143413">12.23</strong> and <em id="waf_02_0070__i1029885783419">X.X.</em><strong id="waf_02_0070__b42981853153412">20.85</strong>.</p>
</td>
</tr>
<tr id="waf_02_0070__row5445144516815"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p16445845388">nsips</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p204451645381">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p744544516820">Array</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p24454451986">Specifies the excluded attack source IP addresses. For example, <em id="waf_02_0070__i1284321123511">X.X.</em><strong id="waf_02_0070__b83415258355">12.1</strong> and <em id="waf_02_0070__i9393114015359">X.X.</em><strong id="waf_02_0070__b17549144319356">20.2</strong>.</p>
</td>
</tr>
<tr id="waf_02_0070__row25233394"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p30639048">offset</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p65843830">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p31750053">Long</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p21617533">Specifies the number of returned pages. Its value ranges from <strong id="waf_02_0070__b2584046145217">0</strong> to <strong id="waf_02_0070__b195841146155214">65535</strong>. The default value is <strong id="waf_02_0070__b158412465528">0</strong>.</p>
</td>
</tr>
<tr id="waf_02_0070__row60340071"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p55707598">limit</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p16021618">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p22682682">Long</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p25357967">Specifies the maximum number of records displayed on each page. Its value ranges from <strong id="waf_02_0070__b147277816352">0</strong> to <strong id="waf_02_0070__b9727148203520">50</strong>. The default value is <strong id="waf_02_0070__b97276819359">10</strong>.</p>
</td>
</tr>
<tr id="waf_02_0070__row137226276511"><td class="cellrowborder" valign="top" width="24.447555244475552%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0070__p127229274514">marker</p>
</td>
<td class="cellrowborder" valign="top" width="18.408159184081594%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0070__p197224276511">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0070__p17722152714514">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0070__p372219271655">Specifies the ID of the last event record on the previous page.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ul>
</div>
<div class="section" id="waf_02_0070__section37631980"><h4 class="sectiontitle">Request</h4><p id="waf_02_0070__p86941228121012">Request parameters</p>
<p class="msonormal" id="waf_02_0070__p40729432">None</p>
</div>
<div class="section" id="waf_02_0070__section3143504"><h4 class="sectiontitle">Response</h4><div class="p" id="waf_02_0070__p96524365101">Response parameters
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="waf_02_0070__table65418856" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameter description</caption><thead align="left"><tr id="waf_02_0070__row45644753"><th align="left" class="cellrowborder" valign="top" width="42.85571442855714%" id="mcps1.3.4.2.1.2.4.1.1"><p id="waf_02_0070__p6237533"><strong id="waf_02_0070__b118902290376">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.348265173482652%" id="mcps1.3.4.2.1.2.4.1.2"><p id="waf_02_0070__p35478198"><strong id="waf_02_0070__b653418913383">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="39.796020397960206%" id="mcps1.3.4.2.1.2.4.1.3"><p id="waf_02_0070__p55161795"><strong id="waf_02_0070__b911271123819">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="waf_02_0070__row26694113"><td class="cellrowborder" valign="top" width="42.85571442855714%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0070__p14739544">total</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0070__p53052407">Integer</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0070__p2277735">Specifies the total number of event logs.</p>
</td>
</tr>
<tr id="waf_02_0070__row20499621"><td class="cellrowborder" valign="top" width="42.85571442855714%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0070__p49856593">items</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0070__p11852193"><a href="#waf_02_0070__table8472209123418">Table 3</a></p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0070__p20503549">Specifies the event log objects.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="tablenoborder"><a name="waf_02_0070__table8472209123418"></a><a name="table8472209123418"></a><table cellpadding="4" cellspacing="0" summary="" id="waf_02_0070__table8472209123418" frame="border" border="1" rules="all"><caption><b>Table 3 </b><strong id="waf_02_0070__b3544144717348">items</strong></caption><thead align="left"><tr id="waf_02_0070__row114721298347"><th align="left" class="cellrowborder" valign="top" width="34.77347734773477%" id="mcps1.3.4.3.2.4.1.1"><p id="waf_02_0070__p3540175514347"><strong id="waf_02_0070__b84708559510">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="24.69246924692469%" id="mcps1.3.4.3.2.4.1.2"><p id="waf_02_0070__p15542185543412"><strong id="waf_02_0070__b30481269">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40.53405340534053%" id="mcps1.3.4.3.2.4.1.3"><p id="waf_02_0070__p14545555143412"><strong id="waf_02_0070__b11380152015454">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="waf_02_0070__row6472994344"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p37701141203417">id</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p9773164114346">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p977524116342">Specifies the event ID.</p>
</td>
</tr>
<tr id="waf_02_0070__row4472094342"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p177910414341">time</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p15783154113347">Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p97851241203416">Specifies the attack time since Unix Epoch in milliseconds.</p>
</td>
</tr>
<tr id="waf_02_0070__row7473159143415"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p97886412348">policy_id</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p87901541173413">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p1793174153412">Specifies the policy ID.</p>
</td>
</tr>
<tr id="waf_02_0070__row94739915343"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p15811181014367">sip</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p1681331010367">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p1181791016366">Specifies an attack source IP address.</p>
</td>
</tr>
<tr id="waf_02_0070__row1859064418356"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p2821121010365">host</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p1582516104369">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p18829141014361">Specifies an attacked domain name.</p>
</td>
</tr>
<tr id="waf_02_0070__row978110198718"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p11781319674">host_id</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p1978211914713">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p7782111915711">Specifies a domain name ID.</p>
</td>
</tr>
<tr id="waf_02_0070__row742095011354"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p88367106361">url</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p208391110153615">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p1984161011369">Specifies the attacked URL, excluding a domain name.</p>
</td>
</tr>
<tr id="waf_02_0070__row9765105117356"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p1784531053618">attack</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p1684811014367">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p18525107365">Specifies the attack type.</p>
<ul id="waf_02_0070__ul285317105364"><li id="waf_02_0070__li2085417105363"><span class="parmvalue" id="waf_02_0070__parmvalue12108252133310"><b>cc</b></span> refers to CC attack.</li><li id="waf_02_0070__li188592010123610"><span class="parmvalue" id="waf_02_0070__parmvalue7543858183320"><b>cmdi</b></span> refers to command injection.</li><li id="waf_02_0070__li38641910103613"><span class="parmvalue" id="waf_02_0070__parmvalue2155727195117"><b>custom</b></span> refers to Precise Protection events.</li><li id="waf_02_0070__li15870310173614"><span class="parmvalue" id="waf_02_0070__parmvalue1240819181169"><b>illegal</b></span> refers to invalid requests.</li><li id="waf_02_0070__li8875141043619"><span class="parmvalue" id="waf_02_0070__parmvalue6831171813413"><b>sqli</b></span> refers to SQL injection.</li><li id="waf_02_0070__li288191003615"><span class="parmvalue" id="waf_02_0070__parmvalue1890312258340"><b>lfi</b></span> refers to local file inclusion.</li><li id="waf_02_0070__li0887141020366"><strong id="waf_02_0070__b366411121563">robot</strong> refers to malicious crawlers.</li><li id="waf_02_0070__li14890151063615"><span class="parmvalue" id="waf_02_0070__parmvalue128201348519"><b>antitamper</b></span> refers to Web Tamper Protection events.</li><li id="waf_02_0070__li089781013620"><span class="parmvalue" id="waf_02_0070__parmvalue16677105211341"><b>rfi</b></span> refers to remote file inclusion.</li><li id="waf_02_0070__li1903510203610"><span class="parmvalue" id="waf_02_0070__parmvalue4708175873413"><b>vuln</b></span> refers to other types of attacks.</li><li id="waf_02_0070__li15908171016366"><span class="parmvalue" id="waf_02_0070__parmvalue158411665354"><b>xss</b></span> refers to XSS attack.</li><li id="waf_02_0070__li139151110153617"><span class="parmvalue" id="waf_02_0070__parmvalue9149174020511"><b>whiteblackip</b></span> refers to Blacklist and Whitelist events.</li><li id="waf_02_0070__li492011053619"><span class="parmvalue" id="waf_02_0070__parmvalue3180202023517"><b>webshell</b></span> refers to webshells.</li></ul>
</td>
</tr>
<tr id="waf_02_0070__row3703125223519"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p14931910103612">rule</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p1893451083613">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p29374102363">Specifies the matched rule ID that consists of six digits.</p>
</td>
</tr>
<tr id="waf_02_0070__row1557010537353"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p10941610163618">payload</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p159459107364">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p209484106363">Specifies the hit load.</p>
</td>
</tr>
<tr id="waf_02_0070__row5378195483516"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p14952151023611">action</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p129551510123612">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p189576106363">Specifies the protective action.</p>
<ul id="waf_02_0070__ul69591710163615"><li id="waf_02_0070__li8961110143613"><strong id="waf_02_0070__b10363317105115">Block</strong>: WAF blocks and logs detected attacks.</li><li id="waf_02_0070__li13967710173618"><span class="parmvalue" id="waf_02_0070__parmvalue16793129105115"><b>Log only</b></span>: WAF logs detected attacks only.</li><li id="waf_02_0070__li282010561717"><strong id="waf_02_0070__b177322101588">Allow</strong>: WAF allows the requests that meet the specified conditions.</li><li id="waf_02_0070__li121691754983"><strong id="waf_02_0070__b193186146811">Verification code</strong>: A verification code is displayed when the number of requests reaches the maximum limit in a CC attack protection rule. Upon completing the verification, you are no longer restricted by the maximum number of requests allowed.</li><li id="waf_02_0070__li1711020199499"><strong id="waf_02_0070__b122724642416">Filter</strong>: WAF implements data masking.</li><li id="waf_02_0070__li10428145124816"><span class="parmvalue" id="waf_02_0070__parmvalue177251243154914"><b>Mismatch</b></span>: The cached web page in the WAF engine does not match the original web page.</li></ul>
</td>
</tr>
<tr id="waf_02_0070__row02185553354"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p997401010364">payload_location</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p11978161012365">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p2981151015363">Specifies the location in the request packet where the attack occurs. The options are as follows: <strong id="waf_02_0070__b66997587508">body</strong>, <strong id="waf_02_0070__b7916191165113">url</strong>, <strong id="waf_02_0070__b20890617511">params</strong>, and <strong id="waf_02_0070__b12849105517">header</strong>.</p>
</td>
</tr>
<tr id="waf_02_0070__row5199115643518"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p20985710123616">request_line</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p179875109364">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p3989181043619">Specifies the attack request method.</p>
</td>
</tr>
<tr id="waf_02_0070__row651825713358"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p7993111011362">headers</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p199671063615">Object</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p10999201063616">Specifies the attack request header.</p>
</td>
</tr>
<tr id="waf_02_0070__row4192591355"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p1757115367">cookie</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p19801113362">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p1211131117365">Specifies the cookie.</p>
</td>
</tr>
<tr id="waf_02_0070__row188941859133511"><td class="cellrowborder" valign="top" width="34.77347734773477%" headers="mcps1.3.4.3.2.4.1.1 "><p id="waf_02_0070__p12158117367">body</p>
</td>
<td class="cellrowborder" valign="top" width="24.69246924692469%" headers="mcps1.3.4.3.2.4.1.2 "><p id="waf_02_0070__p7182011103616">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.53405340534053%" headers="mcps1.3.4.3.2.4.1.3 "><p id="waf_02_0070__p122121114368">Specifies the body of an attack request.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="waf_02_0070__section192451843181018"><h4 class="sectiontitle">Example</h4><p id="waf_02_0070__p205781012424"><strong id="waf_02_0070__b31241817115413">total</strong> with a value of <strong id="waf_02_0070__b19126717195417">2</strong> is used as an example.</p>
<div class="p" id="waf_02_0070__p14268443111015">Response example<pre class="screen" id="waf_02_0070__screen72681043131020">{
"total": 2,
"items": [
{
"id": "0000-0000-0000-13-56ef71f5745764348192f844658dd144",
"time": 1499817600,
"policy_id": "xxx",
"sip": "X.X.1.1",
"host": "a.com",
"host_id": "123",
"url": "/login",
"attack": "sqli",
"rule": "20001",
"payload": "1 or 1=1",
"action": "block",
"payload_location": "params",
"request_line": "GET / ",
"headers": {
"Connection": "keep-alive",
"User-Agent": "curl"
},
"cookie": "sid=123; uid=456",
"body": "user=admin&amp;pass=abc123"
},
{
"id": "0000-0000-0000-13-56ef71f5745764348192f844658dd144",
"time": 1499817600,
"host": "a.com",
"host_id": "a",
"policy_id": "xxx",
"sip": "X.X.1.2",
"url": "/login",
"attack": "sqli",
"rule": "20001",
"payload": "1 or 1=1",
"action": "log",
"payload_location": "params",
"request_line": "GET / ",
"headers": {
"Connection": "keep-alive",
"User-Agent": "curl"
},
"cookie": "sid=123; uid=456",
"body": "user=admin&amp;pass=abc123"
}
]
}</pre>
</div>
</div>
<div class="section" id="waf_02_0070__section28291536"><h4 class="sectiontitle">Status Code</h4><div class="p" id="waf_02_0070__waf_02_0012_a652d4922b7df48fca0a65bc1a38ea5f2"><a href="#waf_02_0070__waf_02_0012_t82c3440f3efb42a38b9d4dc4011a33d0">Table 4</a> describes the normal status code returned by the API.
<div class="tablenoborder"><a name="waf_02_0070__waf_02_0012_t82c3440f3efb42a38b9d4dc4011a33d0"></a><a name="waf_02_0012_t82c3440f3efb42a38b9d4dc4011a33d0"></a><table cellpadding="4" cellspacing="0" summary="" id="waf_02_0070__waf_02_0012_t82c3440f3efb42a38b9d4dc4011a33d0" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Status code</caption><thead align="left"><tr id="waf_02_0070__waf_02_0012_r3d6e2f205c444705bdbb9daaac74e575"><th align="left" class="cellrowborder" valign="top" width="22%" id="mcps1.3.6.2.2.2.4.1.1"><p id="waf_02_0070__waf_02_0012_af3c4073076f24eca88d94e3fa1effdc6">Status Code</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="19.41%" id="mcps1.3.6.2.2.2.4.1.2"><p id="waf_02_0070__waf_02_0012_en-us_topic_0144911667_p4531342288">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="58.589999999999996%" id="mcps1.3.6.2.2.2.4.1.3"><p id="waf_02_0070__waf_02_0012_ada185614bba24140995b8123b3e9faa8">Meaning</p>
</th>
</tr>
</thead>
<tbody><tr id="waf_02_0070__waf_02_0012_rc7b2adc390904a1ba79e303017797786"><td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.6.2.2.2.4.1.1 "><p id="waf_02_0070__waf_02_0012_a93f3895d44bb4226934cc626ac50e37b">200</p>
</td>
<td class="cellrowborder" valign="top" width="19.41%" headers="mcps1.3.6.2.2.2.4.1.2 "><p id="waf_02_0070__waf_02_0012_en-us_topic_0144911667_p7538425819">OK</p>
</td>
<td class="cellrowborder" valign="top" width="58.589999999999996%" headers="mcps1.3.6.2.2.2.4.1.3 "><p id="waf_02_0070__waf_02_0012_en-us_topic_0144911667_p369874114414">The request has succeeded.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p id="waf_02_0070__waf_02_0012_en-us_topic_0144911667_p482819399522">For details about error status codes, see <a href="waf_02_0085.html">Status Codes</a>.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="waf_02_0069.html">Event Logs</a></div>
</div>
</div>
View Git Blame Copy Permalink