Li, Qiao 901ea67b42 waf dedicated API 01

Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>

2022-12-08 14:03:35 +00:00

24 KiB

Raw Blame History

Creating a False Alarm Masking Rule

Function

This API is used to create a false alarm masking rule.

URI

POST /v1/{project_id}/waf/policy/{policy_id}/ignore

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID
policy_id	Yes	String	Policy ID

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token
Content-Type	Yes	String	Content type Default: application/json;charset=utf8

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
description	No	String	Provides supplementary information about the assignment.
url	Yes	String	URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin.
rule	Yes	String	Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: xss or sqli: XSS attacks cmdi: Command injectionrobot: Malicious crawlers lfi: Local file inclusion rfi: Remote file inclusionwebshell: Website Trojans cc: CC attacks -custom_custom: Precise protection custom_whiteblackip: IP address blacklist and whitelist custom_geoip: Geolocation access control antitamper: Web tamper protection anticrawler: Anti-crawler protection leakage: Data leakage prevention illegal: Illegal requests vuln: Other attack types
url_logic	Yes	String	URL match logic: equal: full match prefix: prefix match
domains	No	Array of strings	Protected domain name
advanced	No	advanced object	advanced

**Table 4** advanced
Parameter	Mandatory	Type	Description
index	No	String	To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: cookie: session cookie header: header field body: body field multipart: multipart/form-data type data params: parameter
content	No	String	Specified field (available only for param, cookie, and header)

Response Parameters

Status code: 200

**Table 5** Response body parameters
Parameter	Type	Description
id	String	Rule ID.
policyid	String	Policy ID.
timestamp	Long	Rule creation time.
description	String	Provides supplementary information about the assignment.
status	Integer	Rule status. The value can be: 0: The rule is disabled. 1: The rule is enabled.
url	String	URL protected by the web tamper protection rule. The value must be in the standard URL format, for example, /admin.
rule	String	Masked rule. The value can be the ID of a rule that is matched, all rules (all), or enumeration value of the attack type. To mask a built-in rule included in Basic Web Protection, set this parameter to the ID of the rule. To obtain the rule ID, go to the WAF console. Then, choose Policies and click the policy name. On the displayed page, find the Basic Web Protection area and click Advanced Settings. On the displayed page, click Protection Rule and view the rule ID. To disable a certain type of rule, the value can be: xss or sqli: XSS attacks cmdi: Command injectionrobot: Malicious crawlers lfi: Local file inclusion rfi: Remote file inclusionwebshell: Website Trojans cc: CC attacks -custom_custom: Precise protection custom_whiteblackip: IP address blacklist and whitelist custom_geoip: Geolocation access control antitamper: Web tamper protection anticrawler: Anti-crawler protection leakage: Data leakage prevention illegal: Illegal requests vuln: Other attack types
url_logic	String	URL match logic: equal: full match prefix: prefix match
domains	Array of strings	Protected domain name
advanced	advanced object	advanced

**Table 6** advanced
Parameter	Type	Description
index	String	To ignore attacks of a specified field, specify the field in the Advanced Settings area. After you complete the configuration, WAF will stop intercepting attack events of the specified field. The following fields are supported: cookie: session cookie header: header field body: body field multipart: multipart/form-data type data params: parameter
content	String	Specified field (available only for param, cookie, and header)

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 401

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 500

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Example Requests

POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore?

{
  "domain" : [ "test3.th.com" ],
  "rule" : "webshell",
  "url_logic" : "equal",
  "url" : "/demo",
  "description" : ""
}

Example Responses

Status code: 200

Request succeeded.

{
  "id" : "c20f67b3e1c040c0b0d8866e568ee8bf",
  "policyid" : "a75e96d8284c4c4f98ada7d391e8342c",
  "timestamp" : 1656507126528,
  "description" : "",
  "status" : 1,
  "rule" : "webshell",
  "url_logic" : "equal",
  "url" : "/demo",
  "domain" : [ "test3.th.com" ]
}

Status Codes

Status Code	Description
200	Request succeeded.
400	Request failed.
401	The token does not have required permissions.
500	Internal server error.

Error Codes

See Error Codes.

Parent topic: Rule Management

24 KiB Raw Blame History