Querying CC Attack Protection Rules

Function

This API is used to query the list of CC attack protection rules.

URI

GET /v1/{project_id}/waf/policy/{policy_id}/cc

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose My Credentials.Then, in the Projects area, view Project ID of the corresponding project.
policy_id	Yes	String	ID of a protection policy. You can specify a protection policy ID to query the rules used in the protection policy. You can obtain the policy ID by calling the ListPolicy API.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	You can obtain the ID by calling the ListEnterpriseProject API of EPS.
offset	Yes	Integer	Offset. The records after the offset are queried.
limit	Yes	Integer	Maximum number of records that can be returned.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	Yes	String	Content type. Default: application/json;charset=utf8

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total	Integer	Number of rules in the policy
items	Array of CcrulesListInfo objects	Array of Cc rules

**Table 5** CcrulesListInfo
Parameter	Type	Description
name	String	Rule name.
id	String	Rule ID.
policyid	String	Policy ID.
url	String	When the value of mode is 0, this parameter has a return value. URL to which the rule applies, excluding a domain name.
prefix	Boolean	Whether a prefix is used for the path. If the protected URL ends with an asterisk (*), a path prefix is used. When the value of mode is 0, this parameter has a return value.
mode	Integer	CC rule protection mode, which corresponds to mode on the console. Currently, only advanced CC rule protection mode is supported. 0: standard. Only the protection path of the domain name can be restricted. 1: advanced. The path, IP address, cookie, header, and params fields can be restricted. Enumeration values: 0 1
status	Integer	Rule status. The value can be 0 or 1. 0: The rule is disabled. 1: The rule is enabled.
conditions	Array of CcCondition objects	Condition list. This parameter is returned when mode is set to 1.
action	action object	Action to take if the number of requests reaches the upper limit.
tag_type	String	Limit mode. ip: IP-based rate limiting. Website visitors are identified by IP address. cookie: User-based rate limiting. Website visitors are identified by the cookie key value. other: Website visitors are identified by the Referer field (user-defined request source). policy: Policy-based rate limiting domain: Domain name rate limit url: URL rate limit Enumeration values: ip cookie header other policy domain url
tag_index	String	User identifier. This parameter is mandatory when the rate limit mode is set to user (cookie or header). cookie: Set the cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported. For example, if a website uses the name field in the cookie to uniquely identify a website visitor, select name. header: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements.
tag_condition	tag_condition object	User tag. This parameter is mandatory when the rate limit mode is set to other. -other: A website visitor is identified by the Referer field (user-defined request source).
limit_num	Integer	Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647.
limit_period	Integer	Rate limit period, in seconds. The value ranges from 1 to 3,600.
unlock_num	Integer	Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. This parameter is required only when the protection action type is dynamic_block.
lock_time	Integer	Block duration, in seconds. The value ranges from 0 to 65,535. Access requests are blocked during the configured block duration, and an error page is displayed.
domain_aggregation	Boolean	Whether to enable domain name aggregation statistics
region_aggregation	Boolean	Whether to enable global counting.
description	String	Rule description.
total_num	Integer	This parameter is reserved and can be ignored currently.
unaggregation	Boolean	This parameter is reserved and can be ignored currently.
aging_time	Integer	Rule aging time. This parameter is reserved and can be ignored currently.
producer	Integer	Rule creation object. This parameter is reserved and can be ignored currently.
timestamp	Long	Timestamp the rule is created.

**Table 6** CcCondition
Parameter	Type	Description
category	String	Field type. Enumeration values: url ip ipv6 params cookie header response_code
logic_operation	String	Logic for matching the condition. If the category is url, the optional operations are contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal and len_not_equal If the category is ip, the optional operations are: equal, not_equal, , equal_any and not_equal_all If the category is params, cookie and header, the optional operations are: contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist and not_exist
contents	Array of strings	Content of the conditions. This parameter is mandatory when the suffix of logic_operation is not any or all.
value_list_id	String	Reference table ID. It can be obtained by calling the API Querying the Reference Table List. This parameter is mandatory when the suffix of logic_operation is any or all. The reference table type must be the same as the category type.
index	String	Subfield. When Field Type is set to params, cookie, or header, set this parameter based on the site requirements and this parameter is mandatory.

**Table 7** action
Parameter	Type	Description
category	String	Action type: captcha: Verification code. WAF requires visitors to enter a correct verification code to continue their access to requested page on your website. block: WAF blocks the requests. When tag_type is set to other, the value can only be block. log: WAF logs the event only. dynamic_block: In the previous rate limit period, if the request frequency exceeds the value of Rate Limit Frequency, the request is blocked. In the next rate limit period, if the request frequency exceeds the value of Permit Frequency, the request is still blocked. Note: The dynamic_block protection action can be set only when the advanced protection mode is enabled for the CC protection rule. Enumeration values: captcha block log dynamic_block
detail	detail object	Block page information. When protection action category is set to block or dynamic_block, you need to set the returned block page. If you want to use the default block page, this parameter can be excluded. If you want to use a custom block page, set this parameter.

**Table 8** detail
Parameter	Type	Description
response	response object	Block Page.

**Table 9** response
Parameter	Type	Description
content_type	String	Content type. The value can only be application/json, text/html, or text/xml. Enumeration values: application/json text/html text/xml
content	String	Block page information.

**Table 10** tag_condition
Parameter	Type	Description
category	String	User identifier. The value is fixed at referer.
contents	Array of strings	Content of the user identifier field.

Status code: 400

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 401

**Table 12** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 500

**Table 13** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Example Requests

The following example shows how to query the CC attack protection rule list. Details about the query are specified by project_id and policy_id.

GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/cc?offset=0&limit=1

Example Responses

Status code: 200

Request succeeded.

{
  "total" : 1,
  "items" : [ {
    "id" : "f88c5eabff9b4ff9ba6e7dd8e38128ba",
    "policyid" : "d471eef691684f1c8d7784532fd8f4bd",
    "timestamp" : 1678873040603,
    "name" : "test",
    "description" : "",
    "status" : 1,
    "mode" : 1,
    "conditions" : [ {
      "category" : "url",
      "contents" : [ "/url" ],
      "logic_operation" : "contain"
    } ],
    "action" : {
      "category" : "captcha"
    },
    "producer" : 1,
    "unaggregation" : false,
    "total_num" : 0,
    "limit_num" : 10,
    "limit_period" : 60,
    "lock_time" : 0,
    "tag_type" : "ip",
    "aging_time" : 0,
    "region_aggregation" : false,
    "domain_aggregation" : false
  } ]
}