Li, Qiao 901ea67b42 waf dedicated API 01

Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>

2022-12-08 14:03:35 +00:00

45 KiB

Raw Blame History

Updating a Policy

Function

This API is used to update a policy. The request body can contain only the part to be updated.

URI

PATCH /v1/{project_id}/waf/policy/{policy_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID
policy_id	Yes	String	Policy ID. It can be obtained by calling the API Querying Protection Policies.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	Yes	String	Content type. Default value: application/json;charset=utf8 Default: application/json;charset=utf8

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
name	No	String	Array of details of policies
action	No	PolicyAction object	PolicyAction
options	No	PolicyOption object	PolicyOption
level	No	Integer	Protection level 1: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to 1. 2: WAF detects remote file inclusion, third-party software vulnerabilities, web shell, and cp and ftp commands. This is the default value. 3: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill.
full_detection	No	Boolean	Detection mode in the precise protection rule true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule.

**Table 4** PolicyAction
Parameter	Mandatory	Type	Description
category	No	String	Protection level. The value can be: block: WAF blocks attacks. log: WAF only logs detected attacks. Enumeration values: block log

**Table 5** PolicyOption
Parameter	Mandatory	Type	Description
webattack	No	Boolean	Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: true: enabled false: disabled
common	No	Boolean	Whether general check is enabled. The value can be: true: enabled false: disabled
anticrawler	No	Boolean	Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: true: enabled false: disabled
crawler	No	Boolean	Whether feature-based anti-crawler is enabled. This parameter is fixed at true. true: enabled false: disabled
crawler_engine	No	Boolean	Whether the search engine is enabled. The value can be: true: enabled false: disabled
crawler_scanner	No	Boolean	Whether the scanner check in anti-crawler detection is enabled. The value can be: true: enabled false: disabled
crawler_script	No	Boolean	Whether the JavaScript anti-crawler is enabled. The value can be: true: enabled false: disabled
crawler_other	No	Boolean	Whether other crawler check is enabled. The value can be: true: enabled false: disabled
webshell	No	Boolean	Whether other crawler check is enabled. The value can be: true: enabled false: disabled
cc	No	Boolean	Whether the CC attack protection rule is enabled. The value can be: true: enabled false: disabled
custom	No	Boolean	Whether precise protection is enabled. The value can be: true: enabled false: disabled
whiteblackip	No	Boolean	Whether blacklist and whitelist protection is enabled. The value can be: true: enabled false: disabled
geoip	No	Boolean	Whether geolocation access control is enabled. The value can be: true: enabled false: disabled
ignore	No	Boolean	Whether false alarm masking is enabled. The value can be: true: enabled false: disabled
privacy	No	Boolean	Whether data masking is enabled. The value can be: true: enabled false: disabled
antitamper	No	Boolean	Whether the web tamper protection is enabled. The value can be: true: enabled false: disabled
antileakage	No	Boolean	Whether the information leakage prevention is enabled. The value can be: true: enabled false: disabled
bot_enable	No	Boolean	This parameter is redundant in this version. It will be used in the later versions.
precise	No	Boolean	This parameter is redundant in this version. It will be used in the later versions.
followed_action	No	Boolean	This parameter is redundant in this version. It will be used in the later versions.

Response Parameters

Status code: 200

**Table 6** Response body parameters
Parameter	Type	Description
id	String	Policy ID
name	String	Array of details of policies
action	PolicyAction object	PolicyAction
options	PolicyOption object	PolicyOption
level	Integer	Protection level 1: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to 1. 2: WAF detects remote file inclusion, third-party software vulnerabilities, web shell, and cp and ftp commands. This is the default value. 3: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill.
full_detection	Boolean	Detection mode in the precise protection rule true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule.
bind_host	Array of BindHost objects	Basic information about the protected domain.
timestamp	Integer	Time a policy is created
extend	Map<String,String>	Extended field

**Table 7** PolicyAction
Parameter	Type	Description
category	String	Protection level. The value can be: block: WAF blocks attacks. log: WAF only logs detected attacks. Enumeration values: block log

**Table 8** PolicyOption
Parameter	Type	Description
webattack	Boolean	Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enabled any of these checks, keep this parameter enabled first. The value can be: true: enabled false: disabled
common	Boolean	Whether general check is enabled. The value can be: true: enabled false: disabled
anticrawler	Boolean	Whether anti-crawler protection is enabled. Anti-crawler protection includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: true: enabled false: disabled
crawler	Boolean	Whether feature-based anti-crawler is enabled. This parameter is fixed at true. true: enabled false: disabled
crawler_engine	Boolean	Whether the search engine is enabled. The value can be: true: enabled false: disabled
crawler_scanner	Boolean	Whether the scanner check in anti-crawler detection is enabled. The value can be: true: enabled false: disabled
crawler_script	Boolean	Whether the JavaScript anti-crawler is enabled. The value can be: true: enabled false: disabled
crawler_other	Boolean	Whether other crawler check is enabled. The value can be: true: enabled false: disabled
webshell	Boolean	Whether other crawler check is enabled. The value can be: true: enabled false: disabled
cc	Boolean	Whether the CC attack protection rule is enabled. The value can be: true: enabled false: disabled
custom	Boolean	Whether precise protection is enabled. The value can be: true: enabled false: disabled
whiteblackip	Boolean	Whether blacklist and whitelist protection is enabled. The value can be: true: enabled false: disabled
geoip	Boolean	Whether geolocation access control is enabled. The value can be: true: enabled false: disabled
ignore	Boolean	Whether false alarm masking is enabled. The value can be: true: enabled false: disabled
privacy	Boolean	Whether data masking is enabled. The value can be: true: enabled false: disabled
antitamper	Boolean	Whether the web tamper protection is enabled. The value can be: true: enabled false: disabled
antileakage	Boolean	Whether the information leakage prevention is enabled. The value can be: true: enabled false: disabled
bot_enable	Boolean	This parameter is redundant in this version. It will be used in the later versions.
precise	Boolean	This parameter is redundant in this version. It will be used in the later versions.
followed_action	Boolean	This parameter is redundant in this version. It will be used in the later versions.

**Table 9** BindHost
Parameter	Type	Description
id	String	Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF
hostname	String	Domain name
waf_type	String	WAF mode of the domain name. The value is premium.

Status code: 400

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 401

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 500

**Table 12** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Example Requests

PATCH https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}?

{
  "options" : {
    "whiteblackip" : true
  }
}

Example Responses

Status code: 200

Request succeeded.

{
  "id" : "38ff0cb9a10e4d5293c642bc0350fa6d",
  "name" : "demo",
  "level" : 2,
  "action" : {
    "category" : "log"
  },
  "options" : {
    "webattack" : true,
    "common" : true,
    "crawler" : true,
    "crawler_engine" : false,
    "crawler_scanner" : true,
    "crawler_script" : false,
    "crawler_other" : false,
    "webshell" : false,
    "cc" : true,
    "custom" : true,
    "precise" : false,
    "whiteblackip" : true,
    "geoip" : true,
    "ignore" : true,
    "privacy" : true,
    "antitamper" : true,
    "anticrawler" : false,
    "antileakage" : false,
    "followed_action" : false,
    "bot_enable" : true
  },
  "hosts" : [ "c0268b883a854adc8a2cd352193b0e13" ],
  "timestamp" : 1650529538732,
  "full_detection" : false,
  "bind_host" : [ {
    "id" : "c0268b883a854adc8a2cd352193b0e13",
    "hostname" : "www.demo.com",
    "waf_type" : "cloud"
  } ],
  "share_info" : {
    "is_receiver" : false,
    "provider_display" : {
      "share_count" : 0,
      "accept_count" : 0,
      "process_status" : 0
    }
  }
}

Status Codes

Status Code	Description
200	Request succeeded.
400	Request failed.
401	The token does not have required permissions.
500	Internal server error.

Error Codes

See Error Codes.

Parent topic: Policy Management

45 KiB Raw Blame History