Help Center> Web Application Firewall> API Reference> APIs> Rule Management> Querying CC Attack Protection Rules
Updated on 2024-04-25 GMT+08:00

Querying CC Attack Protection Rules

Function

This API is used to query the list of CC attack protection rules.

URI

GET /v1/{project_id}/waf/policy/{policy_id}/cc

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose My Credentials.Then, in the Projects area, view Project ID of the corresponding project.

policy_id

Yes

String

ID of a protection policy. You can specify a protection policy ID to query the rules used in the protection policy. You can obtain the policy ID by calling the ListPolicy API.

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

You can obtain the ID by calling the ListEnterpriseProject API of EPS.

offset

Yes

Integer

Offset. The records after the offset are queried.

limit

Yes

Integer

Maximum number of records that can be returned.

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

Content-Type

Yes

String

Content type.

Default: application/json;charset=utf8

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

total

Integer

Number of rules in the policy

items

Array of CcrulesListInfo objects

Array of Cc rules

Table 5 CcrulesListInfo

Parameter

Type

Description

name

String

Rule name.

id

String

Rule ID.

policyid

String

Policy ID.

url

String

When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name.

prefix

Boolean

Whether a prefix is used for the path. If the protected URL ends with an asterisk (*), a path prefix is used. When the value of mode is 0, this parameter has a return value.

mode

Integer

CC rule protection mode, which corresponds to mode on the console. Currently, only advanced CC rule protection mode is supported.

  • 0: standard. Only the protection path of the domain name can be restricted.

  • 1: advanced. The path, IP address, cookie, header, and params fields can be restricted.

Enumeration values:

  • 0

  • 1

status

Integer

Rule status. The value can be 0 or 1.

  • 0: The rule is disabled.

  • 1: The rule is enabled.

conditions

Array of CcCondition objects

Condition list. This parameter is returned when mode is set to 1.

action

action object

Action to take if the number of requests reaches the upper limit.

tag_type

String

Limit mode.

  • ip: IP-based rate limiting. Website visitors are identified by IP address.

  • cookie: User-based rate limiting. Website visitors are identified by the cookie key value.

  • other: Website visitors are identified by the Referer field (user-defined request source).

  • policy: Policy-based rate limiting

  • domain: Domain name rate limit

  • url: URL rate limit

Enumeration values:

  • ip

  • cookie

  • header

  • other

  • policy

  • domain

  • url

tag_index

String

User identifier. This parameter is mandatory when the rate limit mode is set to user (cookie or header).

  • cookie: Set the cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported. For example, if a website uses the name field in the cookie to uniquely identify a website visitor, select name.

  • header: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements.

tag_condition

tag_condition object

User tag. This parameter is mandatory when the rate limit mode is set to other. -other: A website visitor is identified by the Referer field (user-defined request source).

limit_num

Integer

Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647.

limit_period

Integer

Rate limit period, in seconds. The value ranges from 1 to 3,600.

unlock_num

Integer

Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. This parameter is required only when the protection action type is dynamic_block.

lock_time

Integer

Block duration, in seconds. The value ranges from 0 to 65,535. Access requests are blocked during the configured block duration, and an error page is displayed.

domain_aggregation

Boolean

Whether to enable domain name aggregation statistics

region_aggregation

Boolean

Whether to enable global counting.

description

String

Rule description.

total_num

Integer

This parameter is reserved and can be ignored currently.

unaggregation

Boolean

This parameter is reserved and can be ignored currently.

aging_time

Integer

Rule aging time. This parameter is reserved and can be ignored currently.

producer

Integer

Rule creation object. This parameter is reserved and can be ignored currently.

timestamp

Long

Timestamp the rule is created.

Table 6 CcCondition

Parameter

Type

Description

category

String

Field type.

Enumeration values:

  • url

  • ip

  • ipv6

  • params

  • cookie

  • header

  • response_code

logic_operation

String

Logic for matching the condition.

  • If the category is url, the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal

  • If the category is ip, the optional operations are: equal, not_equal, , equal_any and not_equal_all

  • If the category is params, cookie and header, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist

contents

Array of strings

Content of the conditions. This parameter is mandatory when the suffix of logic_operation is not any or all.

value_list_id

String

Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of logic_operation is any or all. The reference table type must be the same as the category type.

index

String

Subfield. When Field Type is set to params, cookie, or header, set this parameter based on the site requirements and this parameter is mandatory.

Table 7 action

Parameter

Type

Description

category

String

Action type:

  • captcha: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website.

  • block: WAF blocks the requests. When tag_type is set to other, the value can only be block.

  • log: WAF logs the event only.

  • dynamic_block: In the previous rate limit period, if the request frequency exceeds the value of Rate Limit Frequency, the request is blocked. In the next rate limit period, if the request frequency exceeds the value of Permit Frequency, the request is still blocked. Note: The dynamic_block protection action can be set only when the advanced protection mode is enabled for the CC protection rule.

Enumeration values:

  • captcha

  • block

  • log

  • dynamic_block

detail

detail object

Block page information. When protection action category is set to block or dynamic_block, you need to set the returned block page.

  • If you want to use the default block page, this parameter can be excluded.

  • If you want to use a custom block page, set this parameter.

Table 8 detail

Parameter

Type

Description

response

response object

Block Page.

Table 9 response

Parameter

Type

Description

content_type

String

Content type. The value can only be application/json, text/html, or text/xml.

Enumeration values:

  • application/json

  • text/html

  • text/xml

content

String

Block page information.

Table 10 tag_condition

Parameter

Type

Description

category

String

User identifier. The value is fixed at referer.

contents

Array of strings

Content of the user identifier field.

Status code: 400

Table 11 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error message

Status code: 401

Table 12 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error message

Status code: 500

Table 13 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error message

Example Requests

The following example shows how to query the CC attack protection rule list. Details about the query are specified by project_id and policy_id.

GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/cc?offset=0&limit=1

Example Responses

Status code: 200

Request succeeded.

{
  "total" : 1,
  "items" : [ {
    "id" : "f88c5eabff9b4ff9ba6e7dd8e38128ba",
    "policyid" : "d471eef691684f1c8d7784532fd8f4bd",
    "timestamp" : 1678873040603,
    "name" : "test",
    "description" : "",
    "status" : 1,
    "mode" : 1,
    "conditions" : [ {
      "category" : "url",
      "contents" : [ "/url" ],
      "logic_operation" : "contain"
    } ],
    "action" : {
      "category" : "captcha"
    },
    "producer" : 1,
    "unaggregation" : false,
    "total_num" : 0,
    "limit_num" : 10,
    "limit_period" : 60,
    "lock_time" : 0,
    "tag_type" : "ip",
    "aging_time" : 0,
    "region_aggregation" : false,
    "domain_aggregation" : false
  } ]
}

Status Codes

Status Code

Description

200

Request succeeded.

400

Request failed.

401

The token does not have required permissions.

500

Internal server error.

Error Codes

See Error Codes.